display ipsec statistics
Syntax
display ipsec statistics [ tunnel-id integer ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
tunnel-id integer: Specifies an IPsec tunnel by its ID, which is in the range 1 to 2000000000.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display ipsec statistics command to display IPsec packet statistics.
If you do not specify any parameters, the command displays the statistics for all IPsec packets.
This command is supported only in FIPS mode.
Related commands: reset ipsec statistics.
Examples
# Display statistics on all IPsec packets.
<Sysname> display ipsec statistics
the security packet statistics:
input/output security packets: 47/62
input/output security bytes: 3948/5208
input/output dropped security packets: 0/45
dropped security packet detail:
not enough memory: 0
can't find SA: 45
queue is full: 0
authentication has failed: 0
wrong length: 0
replay packet: 0
packet too long: 0
wrong SA: 0
Table 44: Output description
Field | Description |
|---|---|
Connection ID | ID of the tunnel |
input/output security packets | Counts of inbound and outbound IPsec protected packets |
input/output security bytes | Counts of inbound and outbound IPsec protected bytes |
input/output dropped security packets | Counts of inbound and outbound IPsec protected packets that are discarded by the device |
dropped security packet detail | Detailed information about inbound/outbound packets that get dropped |
not enough memory | Number of packets dropped due to lack of memory |
can't find SA | Number of packets dropped due to finding no security association |
queue is full | Number of packets dropped due to full queues |
authentication has failed | Number of packets dropped due to authentication failure |
wrong length | Number of packets dropped due to wrong packet length |
replay packet | Number of packets replayed |
packet too long | Number of packets dropped due to excessive packet length |
wrong SA | Number of packets dropped due to improper SA |