Mcafee sidewinder health monitors are kicked out typically every min. You can query these values to gather over system status at that time_interval, and by using the
acat (
audit cat ) tool locally on the sidewinder appliance.
Here's a few samples of the execution of the cli-cmd & the expected output
acat -ae "area hmon and type top"
Since these are on a 1min interval, you could query any "top" status at that minute interval to find out performance indicators at that time-range
acat -ae "area hmon and type top and stime 20190111160000 and etime 20190111160000" /var/log/audit.*
To get sessions counts we have a similar check that we can call up from the audit logs
acat -ae "area hmon and type geninfo and stime 20190111160000 and etime 20190111160000" /var/log/audit.*
Remember to use
/var/log/audit.* to ensure you query all logs if your not reading the most current logs details.
The Sidewinder
acat is a powerful audit tool
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \