Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clearing hitcnt?

Status
Not open for further replies.
pixboy

pixboy

MIS
Joined
Nov 21, 2001
Messages
153
Location
US
OK, so this should be a simple one (I hope). How do you clear the "hitcnt" (hit count) numbers that show up in the Pix? We have a 520UR running 5.2.1 and we're trying to track down a large amount of traffic that's coming through the firewall and clogging up the works. A co-worker of mine resorted to resetting the Pix to clear the numbers, but that tends to result in downtime, so that's not a good option.

When you do a sh conduit w.x.y.z (yes, we're still using conduits -- that's not the issue right now!), it shows the conduits configured for w.x.y.z and the number of hits for each one. I need to reset the number of hits for each to zero.

I've tried searching this forum, Cisco's site and Google for the answers, but if it's out there, it's just too well buried.

Thanks!
 
Sort by date Sort by votes
clear access-list "access-list name" counters
 
Upvote 0 Downvote
Since we don't use access-lists on our Pix, would this work:

clear conduit (whatever the rest of the conduit line is) counters

????
 
Upvote 0 Downvote
HI.

Seems to me that you need either:

A network monitor (sniffer) to capture and analyze the traffic.

Or - logging to syslog server with level 6, and using software/scripts to parse the syslog messages.

Each option will need to support the high ammount of traffic. The syslog server option can scale well because it captures only sessions and not each byte. (But you will need some disk space...)

You should also use the command:
show conn
To monitor the current sessions.


Yizhar Hurwitz
 
Upvote 0 Downvote
We're using various network monitors to capture packets. The Pix's hitcnt figures can be useful in figuring out where to start monitoring. The only way we'd been able to reset those counters was to reboot the Pix, which isn't a pleasant option.
 
Upvote 0 Downvote
well, i don't think that this post is very actual! but just in case someone else needs a answer:

if you work with access-lists, you can clear the hitount by entering "clear access-list aclname counters"

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

marksb101
  • Locked
  • Question Question
506e and clearing config
Replies
5
Views
152
Supergrrover
Supergrrover
galloshes
  • Locked
  • Question Question
rationalise access-lists using show access-list hitcnt
Replies
1
Views
103
drae73
drae73
multisyncxp21
  • Locked
  • Question Question
pix 506 clearing
Replies
1
Views
33
dopehead
dopehead
Mike555
  • Locked
  • Question Question
Prevent users from clearing IE History
Replies
2
Views
77
Mike555
Mike555
lost4life
  • Locked
  • Question Question
Clearing Xlate
Replies
4
Views
174
dopehead
dopehead

Part and Inventory Search

Sponsor

Back
Top