Transaction Log Format


You can use the transaction logging feature to log individual TCP transactions for a WAAS device. For information on configuring transaction logging, see the "Configuring Transaction Logging" section on page 16-54.

TFO transaction logs are kept on the local disk in the directory /local1/logs/tfo.

There are several kinds of transaction log messages that have different templates, as follows

Optimized Flow Start message:

Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :OT :Log_type :Conn_type :Peer_ID :App_map_name :App_name :App_classifier_name :Flag_directed_mode :TFO_cfgd_policy :TFO_drvd_policy :TFO_peer_policy :TFO_neg_policy :TFO_applied_policy :TFO_reject_reason :AO_cfgd_policy :AO_drvd_policy :AO_neg_policy :AO_reject_reason :SSL_reject_reason :DSCP :Link_rtt

Optimized Flow End Message:

Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :OT :Log_type :Conn_type :AO_neg_policy :Original_bytes_read :Original_bytes_written :Optimized_bytes_read :Optimized_bytes_written

Pass Through Flow Message:

Time_Stamp :Src_IP :Src_Port :Dst_IP :Dst_Port :BP :Bypass_Reason :TFO_cfgd_policy :TFO_drvd_policy :TFO_peer_policy :TFO_reject_reason :AO_cfgd_policy :AO_drvd_policy :AO_reject_reason

Optimized Flow TFO End Message:

Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :SODRE :END :Original_bytes_read :Original_bytes_written :Optimized_bytes_read :Optimized_bytes_written :Conn_close_state

Table B-1 describes the fields found in the transaction log messages.

Table B-1 Transaction Log Field Descriptions

Field
Description

Time_Stamp

Time stamp indicating when the log message was generated.

Conn_ID

A unique identifier for the connection.

Src_IP, Src_Port

Source IP address and port number for the connection.

Dst_IP, Dst_Port

Destination IP address and port number for connection.

OT

Indicates an optimized connection.

BP

Indicates a pass-through connection.

SODRE

Indicates a log message generated by TFO.

Log_type

START or END indicates the start or end of the flow.

Conn_type

Type of connection:
INTERNAL CLIENT-locally initiated connection from the WAE,
EXTERNAL CLIENT-WAE acting as branch device for the connection,
INTERNAL SERVER-locally terminated connection at the WAE,
EXTERNAL SERVER-WAE acting as data center device for the connection

Peer_ID

Device ID of the peer WAE.

App_map_name

Map name.

App_classifier_name

Classifier name.

App_name

Application name.

Flag_directed_mode

T (true)indicates a directed mode connection, F (false) otherwise.

TFO_cfgd_policy

The TFO configured policy on the local device.

TFO_drvd_policy

The TFO derived policy on the local device based on the configured and dynamic conditions. This policy is used to negotiate with the peer WAE.

TFO_peer_policy

The TFO derived policy on the peer that is sent to the local device.

TFO_neg_policy

The TFO negotiated policy, which is the lowest common policy between the derived and peer policies.

TFO_applied_policy

The final policy applied to the connection. After the connection has been established, policy changes may be made to the connection based on the data on the connection, thus the applied policy can differ from the negotiated policy.

TFO_reject_reason

Indicates the reason for a rejected connection. "None" indicates the reject reason is not set.

AO_cfgd_policy

The application accelerator configured on the local device. This is derived from the accelerator configured in the corresponding policy.

AO_drvd_policy

The application accelerator derived policy on the local device.

AO_neg_policy

The application accelerator negotiated policy, which is the lowest common policy between the derived and peer policies.

AO_reject_reason

Indicates the reason an application accelerator rejected the connection. "None" indicates the reject reason is not set.

SSL_reject_reason

Indicates the reason the SSL accelerator rejected the connection. "None" indicates the reject reason is not set.

DSCP

Differentiated Services Code Point value set on the outgoing connection.

Link_rtt

Link round trip time in milliseconds.

Original_bytes_read

Bytes read on the original side of the connection.

Original_bytes_written

Bytes written on the original side of the connection.

Optimized_bytes_read

Bytes read on the optimized side of the connection.

Optimized_bytes_written

Bytes written on the optimized side of the connection.


Here are some examples of transaction log messages:

Fully Optimized on both sides (with SSL rejection)

Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :OT :START :EXTERNAL CLIENT 
:00.14.5e.95.4c.85 :basic :SSL :HTTPS :F :(TFO) (TFO) (TFO) (TFO) (TFO) :<None> :(None) (None) (None) :<None> 
:<Keepalive Timeout>  :0 :0
Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :SODRE :END :0 :0 :0 :0 :0
Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :OT :END :EXTERNAL CLIENT :(None) :284 :806 
:806 :28

Fully Optimized on both sides

Mon Feb  2 14:31:21 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf 
:basic :Web :HTTP :F :(DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) :<None> :(HTTP) (HTTP) 
(HTTP) :<None> :<None>  :0 :0
Mon Feb  2 14:31:26 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :SODRE :END :370 :173 :299 :429 :0
Mon Feb  2 14:31:26 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :299 
:429

Optimized with only DRE enabled

Mon Feb  2 14:48:31 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf 
:basic :Web :HTTP :F :(DRE,TFO) (DRE,TFO) (DRE,LZ,TFO) (DRE,TFO) (DRE,TFO) :<None> :(HTTP) (HTTP) (HTTP) 
:<None> :<None>  :0 :0
Mon Feb  2 14:48:36 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :SODRE :END :246 :468 :636 :405 :0
Mon Feb  2 14:48:36 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :636 
:405

Optimized with only LZ enabled

Mon Feb  2 14:39:12 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf 
:basic :Web :HTTP :F :(LZ,TFO) (LZ,TFO) (DRE,LZ,TFO) (LZ,TFO) (LZ,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> 
:<None>  :0 :0
Mon Feb  2 14:39:17 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :SODRE :END :370 :173 :219 :295 :0
Mon Feb  2 14:39:17 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :219 
:295

Optimized with both DRE and LZ disabled

Mon Feb  2 14:49:36 2009 :28 :2.75.52.131 :4390 :2.75.52.2 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf 
:basic :Web :HTTP :F :(TFO) (TFO) (DRE,LZ,TFO) (TFO) (TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None>  :0 
:0
Mon Feb  2 14:49:41 2009 :28 :2.75.52.131 :4390 :2.75.52.2 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :468 
:246

Pass-Through Connection

Thu Jul 24 03:09:34 2008 :2.75.52.130 :40027 :2.75.52.2 :80 :BP :GLB_CFG :(DRE,LZ,TFO) (None) (None) :<Global 
Config> :(HTTP) (None) :<Global Config>