Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show services service-sets statistics ids session-limits counters

Syntax

Description

Display counters for session drops and packet drops resulting from session-limit checks performed by an IDS rule on an MS-MPC or MS-MIC.

Options

none

Display statistics for all configured services interfaces.
interface interface-name

(Optional) Display statistics for the specified services interface.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show services service-set statistics ids session-limits counters command. Output fields are listed in the approximate order in which they appear.

Table 1: show services service-sets statistics ids session-limits counters Output Fields

Field Name

Field Description

Interface

Name of the service interface assigned to the service set.

Service set

Name of the service set to which the IDS rule is applied.

Ingress General Info

Information for IDS rules for the service set in the ingress direction.

  • Match-direction—Displays input.

  • Rule name—Name of the IDS rule.

  • Term name—Name of the term in the IDS rule.

Ingress TCP Counters

Session-limit TCP counters in the ingress direction for the following:

  • Sessions allowed—Number of TCP sessions allowed by the IDS rule.

  • Sessions ignored—Number of TCP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of TCP sessions dropped because the number of TCP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of TCP sessions dropped because the number of TCP connections per second exceeded the limit.

  • Sessions dropped due to suspicious packets—Number of TCP sessions dropped because suspicious TCP packets were found.

  • Packets allowed—Number of TCP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of TCP packets dropped because the number of TCP packets per second exceeded the limit.

Ingress UDP Counters

Session-limit UDP counters in the ingress direction for the following:

  • Sessions allowed—Number of UDP sessions allowed by the IDS rule.

  • Sessions ignored—Number of UDP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of UDP sessions dropped because the number of UDP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of UDP sessions dropped because the number of UDP connections per second exceeded the limit.

  • Sessions dropped due to suspicious packets—Number of UDP sessions dropped because suspicious UDP packets were found.

  • Packets allowed—Number of UDP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of UDP packets dropped because the number of TCP packets per second exceeded the limit.

Ingress ICMP Counters

Session-limit ICMP counters in the ingress direction for the following:

  • Sessions allowed—Number of ICMP sessions allowed by the IDS rule.

  • Sessions ignored—Number of ICMP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of ICMP sessions dropped because the number of ICMP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of ICMP sessions dropped because the number of ICMP connections per second exceeded the limit.

  • Sessions dropped due to suspicious packets—Number of ICMP sessions dropped because suspicious ICMP packets were found.

  • Packets allowed—Number of ICMP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of ICMP packets dropped because the number of ICMP packets per second exceeded the limit.

Ingress Other-Protocols Counters

Session-limit counters in the ingress direction for protocols other than TCP, UDP, and ICMP for the following:

  • Sessions allowed—Number of sessions allowed by the IDS rule.

  • Sessions ignored—Number of sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of sessions dropped because the number of sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of sessions dropped because the number of connections per second exceeded the limit.

  • Sessions dropped due to suspicious packets—Number of sessions dropped because suspicious packets were found.

  • Packets allowed—Number of packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of packets dropped because the number of packets per second exceeded the limit.

Egress General Info

Information for IDS rules for the service set in the egress direction.

  • Match-direction—Displays output.

  • Rule name—Name of the IDS rule.

  • Term name—Name of the term in the IDS rule.

Egress TCP Counters

Session-limit TCP counters in the egress direction for the following:

  • Sessions allowed—Number of TCP sessions allowed by the IDS rule.

  • Sessions ignored—Number of TCP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of TCP sessions dropped because the number of TCP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of TCP sessions dropped because the number of TCP connections per second exceeded the limit.

  • Sessions dropped due to suspicious packets—Number of TCP sessions dropped because suspicious TCP packets were found.

  • Packets allowed—Number of TCP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of TCP packets dropped because the number of TCP packets per second exceeded the limit.

Egress UDP Counters

Session-limit UDP counters in the egress direction for the following:

  • Sessions allowed—Number of UDP sessions allowed by the IDS rule.

  • Sessions ignored—Number of UDP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of UDP sessions dropped because the number of UDP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of UDP sessions dropped because the number of UDP connections per second exceeded the limit.

  • Sessions dropped due to suspicious packets—Number of UDP sessions dropped because suspicious UDP packets were found.

  • Packets allowed—Number of UDP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of UDP packets dropped because the number of TCP packets per second exceeded the limit.

Egress ICMP Counters

Session-limit ICMP counters in the egress direction for the following:

  • Sessions allowed—Number of ICMP sessions allowed by the IDS rule.

  • Sessions ignored—Number of ICMP sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of ICMP sessions dropped because the number of ICMP sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of ICMP sessions dropped because the number of ICMP connections per second exceeded the limit.

  • Sessions dropped due to suspicious packets—Number of ICMP sessions dropped because suspicious ICMP packets were found.

  • Packets allowed—Number of ICMP packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of ICMP packets dropped because the number of ICMP packets per second exceeded the limit.

Egress Other-Protocols Counters

Session-limit counters in the egress direction for protocols other than TCP, UDP, and ICMP for the following:

  • Sessions allowed—Number of sessions allowed by the IDS rule.

  • Sessions ignored—Number of sessions that did not undergo IDS processing because traffic matched a stateful firewall rule that included accept skip-ids.

  • Sessions dropped due to maximum reached—Number of sessions dropped because the number of sessions exceeded the limit.

  • Sessions dropped due to high rate—Number of sessions dropped because the number of connections per second exceeded the limit.

  • Sessions dropped due to suspicious packets—Number of sessions dropped because suspicious packets were found.

  • Packets allowed—Number of packets that the IDS rule allowed.

  • Packets dropped due to high pps—Number of packets dropped because the number of packets per second exceeded the limit.

Sample Output

show services service-sets statistics ids session-limits counters interface

Release Information

Command introduced in Junos OS Release 17.1.

Related Documentation