RE: PIX/ASA uptime

From: Muhammad Ahmed (faisal3541@hotmail.com)
Date: Sun Aug 24 2008 - 00:46:06 ART

• Next message: Luan M Nguyen: "RE: OT : CONFIG T"
• Previous message: Luan M Nguyen: "RE: OT : CONFIG T"
• Maybe in reply to: Muhammad Ahmed: "PIX/ASA uptime"
• Next in thread: L Pham: "Re: PIX/ASA uptime"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Loc, I am trying to find out the uptime of the PIX in HA setup. It seems the
PIX reports the uptime for the HA pair but not for the Primary or Secondary
firewalls.

I was able to establish from syslog data that the Primary unit was rebooted
and then it was forced to become Active and has not failed over since then. In
this scenario I was able to look at the output of the "show failover" command
and rely on the "Active time" listed and hence I knew exactly how old the
access-list hit counters were.

The uptime listed in "sh ver" seems to rely on the availability of at least
one unit in the HA pair. In the above case, even though Primary was rebooted
15 days ago, sh ver output is listing at that it has been up for 1 year 266
days. It took this from the secondary unit.

I guess now the question really is does anyone know how to determine the real
uptime on a PIX in a HA pair via some command?

Any help would be greatly appreciated.

Best regards,
Muhammad

> Date: Sat, 23 Aug 2008 08:40:33 -0700> From: ccie17030@gmail.com> To:
faisal3541@hotmail.com> Subject: Re: PIX/ASA uptime> CC:
ccielab@groupstudy.com> > I am not res. for any of our FW but when it f/o: we
do received a> page so something must be logged somewhere, what is your show
log say> ?> Loc> > On Fri, Aug 22, 2008 at 8:29 PM, Muhammad Ahmed
<faisal3541@hotmail.com> wrote:> > Hello gurus,> >> > Please help me out here.
I do not have access to any spare PIX(s) so cannot> > test this for now.> >> >
Is there a way to determine real uptime on PIX running 6.3.5 in a HA setup?> >
What I see is that even though the standby might have rebooted it still shows>
> the same uptime as the Active unit.> >> > I am reviewing the access-list
hitcnt essentially to determine how old are the> > access-list counters. I
would rely on sh uptime from the "sh ver" command but> > I am reluctant to
trust it now that I know the standby has rebooted before the> > 265 days
listed as the uptime value.> >> > Also, can someone please tell me if the
hitcnt on access-list on the Primary> > PIX replicate to the Standby in case
there is a failover?> >> > Any help would be greatly appreciated.> >> > Best
regards,> > Muhammad> >> >> >

• Next message: Luan M Nguyen: "RE: OT : CONFIG T"
• Previous message: Luan M Nguyen: "RE: OT : CONFIG T"
• Maybe in reply to: Muhammad Ahmed: "PIX/ASA uptime"
• Next in thread: L Pham: "Re: PIX/ASA uptime"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART