Mcafee sidewinder health monitors are kicked out typically every min. You can query these values to  gather  over  system status at that time_interval, and by using the acat ( audit cat )  tool locally on the sidewinder appliance.

Here's a few samples of the execution of the  cli-cmd & the expected output


acat -ae "area hmon and type top"

Since these are  on a 1min interval, you could  query any "top" status at that minute interval to find out performance indicators at that time-range

acat -ae "area hmon and type top and  stime 20190111160000 and etime 20190111160000" /var/log/audit.* 


To get  sessions counts we have a similar  check that we can call up from the  audit logs

acat -ae "area hmon and type geninfo and  stime 20190111160000 and etime 20190111160000" /var/log/audit.* 

Remember to use  /var/log/audit.*  to ensure you   query all logs if your not reading the most current  logs details.

The Sidewinder acat is a powerful audit tool

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \