问题:session 100%
日志报错:
Session utilization has reached 43257, which is 90% of the system capacity!
session 连接过高
解决方法:
1、通过telnet 或 consol的方法登录到防火墙
2、使用get session 查看总的session会话数,如果大于300 一般属于不正常情况
alloc 48000/max 48064, alloc failed 2682725821, mcast all
total reserved 0, free sessions in shared pool 64
id 36/s**,vsys 0,flag 04000000/0000/0001,policy 1,time 5,
if 0(nspflag 800801):192.168.0.57/40148->46.249.48.237/4
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 6(nspflag 800800):116.90.85.5/40148<-46.249.48.237/41
s token 4,vlan 0,tun 0,vsd 0,route 5
id 41/s**,vsys 0,flag 04000000/0000/0001,policy 1,time 6,
if 0(nspflag 800801):192.168.0.57/33967->46.249.48.237/3
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 6(nspflag 800800):116.90.85.5/33967<-46.249.48.237/38
s token 4,vlan 0,tun 0,vsd 0,route 5
id 42/s**,vsys 0,flag 04000000/0000/0001,policy 1,time 5,
if 0(nspflag 800801):192.168.0.57/39410->46.249.48.237/2
3、使用get session | i 192.168 查看192.168.段的session 连接情况
SSG140-> get session | i 192.168
if 0(nspflag 800801):192.168.0.57/46487->46.249.48.237/12707,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/55007->46.249.48.237/39983,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/48080->46.249.48.237/2469,17,848f69dc69bc,ses
s token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/43232->46.249.48.237/47998,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/39463->46.249.48.237/33930,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/46013->46.249.48.237/45993,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/37948->46.249.48.237/61889,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/38786->46.249.48.237/14897,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/37535->46.249.48.237/2187,17,848f69dc69bc,ses
s token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/32769->46.249.48.237/58035,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/44854->46.249.48.237/19293,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/34863->46.249.48.237/50367,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/44754->46.249.48.237/9409,17,848f69dc69bc,ses
s token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/42375->46.249.48.237/30999,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/41061->46.249.48.237/18728,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/45544->46.249.48.237/58502,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/37048->46.249.48.237/52232,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/35874->46.249.48.237/7843,17,848f69dc69bc,ses
s token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/56577->46.249.48.237/35131,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/57100->46.249.48.237/13237,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/48264->46.249.48.237/16853,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
if 0(nspflag 800801):192.168.0.57/56332->46.249.48.237/44035,17,848f69dc69bc,se
ss token 3,vlan 0,tun 0,vsd 0,route 1
4、找出故障服务器地址为 192.168.0.57
5、通过clear session src-ip 192.168.0.57 查看192.168.0.57的session的连接数
SSG140-> clear session src-ip 192.168.0.57
Total cleared software sessions :47877
6、进入192.168.0.57服务器top - 23:52:34 up 27 days, 4:48, 3 users, load average: 2.72, 2.92, 2.81
Tasks: 308 total, 3 running, 305 sleeping, 0 stopped, 0 zombie
Cpu(s): 8.5%us, 2.7%sy, 0.0%ni, 88.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 16316340k total, 1599156k used, 14717184k free, 154852k buffers
Swap: 33554424k total, 0k used, 33554424k free, 866596k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
7178 root 20 0 131m 4952 1188 R 100.0 0.0 3919:56 perl
7050 root 20 0 118m 4040 1952 R 100.0 0.0 4148:07 python
1 root 20 0 19272 1548 1260 S 0.0 0.0 0:02.48 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.04 ksoftirqd/0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
7 root RT 0 0 0 0 S 0.0 0.0 0:00.03 migration/1
8 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/1
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/1
找出问题
本文转自yzy121403725 51CTO博客,原文链接:http://blog.51cto.com/lookingdream/1826423,如需转载请自行联系原作者