cpview log
Contents |
versions
R77 and above
The table structure can change dramatically from version to version. For example the number of tables in the cpview database changed from 321 to 83 between r77.20 and r77.30.
opening the database
We will query it with the sqlite3 utility. We don't use the cpview binary because it is too limited.
[Expert@chkpfw1:0]# sqlite3 /var/log/CPView_history/CPViewDB.dat
example queries
list tables
sqlite> .tables
list columns
sqlite> .schema fw_counters
passing sqlite3 command via CLI
[Expert@chkpfw1:0]# sqlite3 /var/log/CPView_history/CPViewDB.dat '.tables'
query with start end times
sqlite3 /var/log/CPView_history/CPViewDB.dat 'select datetime(Timestamp, "unixepoch") as time,inbound_throughput/1048576/10 as MBS_IN,outbound_throughput/1048576/10 as MBS_OUT,concurrent_conns from fw_counters where time between "2016-01-05 00:00:00" and "2016-01-05 00:10:00"'
check for high cpu (77.20?)
sqlite3 /var/log/CPView_history/CPViewDB.dat 'select datetime(Timestamp, "unixepoch") as time,name_of_cpu,cpu_usage from fw_counters where cpu_usage between "90" and "100" '
cpu table
$ sqlite3 /var/log/CPView_history/CPViewDB.dat '.schema UM_STAT_UM_CPU_UM_CPU_ORDERED_TABLE' | tr ',' '\n' CREATE TABLE UM_STAT_UM_CPU_UM_CPU_ORDERED_TABLE (Timestamp INTEGER name_of_cpu INTEGER cpu_usage INTEGER cpu_usr_time INTEGER cpu_sys_time INTEGER cpu_idl_time INTEGER cpu_io_wait INTEGER cpu_interrupts INTEGER);