Transaction Log Format
You can use the transaction logging feature to log individual TCP transactions for a WAAS device. For information on configuring transaction logging, see the “Configuring Transaction Logging” section.
TFO transaction logs are kept on the local disk in the directory /local1/logs/tfo.
There are several kinds of transaction log messages that have different templates, as follows
- Optimized Flow Start message:
Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :OT :Log_type :Conn_type :Peer_ID :App_map_name :App_name :App_classifier_name :Flag_directed_mode :TFO_cfgd_policy :TFO_drvd_policy :TFO_peer_policy :TFO_neg_policy :TFO_applied_policy :TFO_reject_reason :AO_cfgd_policy :AO_drvd_policy :AO_neg_policy :AO_reject_reason :SSL_reject_reason :DSCP :Link_rtt
- Optimized Flow End Message:
Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :OT :Log_type :Conn_type :AO_neg_policy :Original_bytes_read :Original_bytes_written :Optimized_bytes_read :Optimized_bytes_written
- Pass Through Flow Message:
Time_Stamp :Src_IP :Src_Port :Dst_IP :Dst_Port :BP :Bypass_Reason :TFO_cfgd_policy :TFO_drvd_policy :TFO_peer_policy :TFO_reject_reason :AO_cfgd_policy :AO_drvd_policy :AO_reject_reason
- Optimized Flow TFO End Message:
Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :SODRE :END :Original_bytes_read :Original_bytes_written :Optimized_bytes_read :Optimized_bytes_written :Conn_close_state
Time_Stamp :0 :0 :0 :0 :0 :RESTART
Table B-1 describes the fields found in the transaction log messages.
Table B-1 Transaction Log Field Descriptions
|
|
Time_Stamp |
Time stamp indicating when the log message was generated. |
Conn_ID |
A unique identifier for the connection. |
Src_IP, Src_Port |
Source IP address and port number for the connection. |
Dst_IP, Dst_Port |
Destination IP address and port number for connection. |
OT |
Indicates an optimized connection. |
BP |
Indicates a pass-through connection. |
SODRE |
Indicates a log message generated by TFO. |
Log_type |
START or END indicates the start or end of the flow. |
Conn_type |
Type of connection: INTERNAL CLIENT–locally initiated connection from the WAE, EXTERNAL CLIENT–WAE acting as branch device for the connection, INTERNAL SERVER–locally terminated connection at the WAE, EXTERNAL SERVER–WAE acting as data center device for the connection. |
Peer_ID |
Device ID of the peer WAE. |
App_map_name |
Map name. |
App_classifier_name |
Classifier name. |
App_name |
Application name. |
Flag_directed_mode |
T (true) indicates a directed mode connection, F (false) otherwise. |
TFO_cfgd_policy |
The TFO configured policy on the local device. |
TFO_drvd_policy |
The TFO derived policy on the local device based on the configured and dynamic conditions. This policy is used to negotiate with the peer WAE. |
TFO_peer_policy |
The TFO derived policy on the peer that is sent to the local device. |
TFO_neg_policy |
The TFO negotiated policy, which is the lowest common policy between the derived and peer policies. |
TFO_applied_policy |
The final policy applied to the connection. After the connection has been established, policy changes may be made to the connection based on the data on the connection, thus the applied policy can differ from the negotiated policy. |
TFO_reject_reason |
Indicates the reason for a rejected connection. “None” indicates the reject reason is not set. |
AO_cfgd_policy |
The application accelerator configured on the local device. This is derived from the accelerator configured in the corresponding policy. |
AO_drvd_policy |
The application accelerator derived policy on the local device. |
AO_neg_policy |
The application accelerator negotiated policy, which is the lowest common policy between the derived and peer policies. |
AO_reject_reason |
Indicates the reason an application accelerator rejected the connection. “None” indicates the reject reason is not set. |
SSL_reject_reason |
Indicates the reason the SSL accelerator rejected the connection. “None” indicates the reject reason is not set. |
DSCP |
Differentiated Services Code Point value set on the outgoing connection. |
Link_rtt |
Link round trip time in milliseconds. |
Original_bytes_read |
Bytes read on the original side of the connection. |
Original_bytes_written |
Bytes written on the original side of the connection. |
Optimized_bytes_read |
Bytes read on the optimized side of the connection. |
Optimized_bytes_written |
Bytes written on the optimized side of the connection. |
RESTART |
Indicates that the WAE was reloaded and the transaction log process was started. |
Here are some examples of transaction log messages:
Fully Optimized on both sides (with SSL rejection)
Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :OT :START :EXTERNAL CLIENT :00.14.5e.95.4c.85 :basic :SSL :HTTPS :F :(TFO) (TFO) (TFO) (TFO) (TFO) :<None> :(None) (None) (None) :<None> :<Keepalive Timeout> :0 :0
Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :SODRE :END :0 :0 :0 :0 :0
Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :OT :END :EXTERNAL CLIENT :(None) :284 :806 :806 :28
Fully Optimized on both sides
Mon Feb 2 14:31:21 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0
Mon Feb 2 14:31:26 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :SODRE :END :370 :173 :299 :429 :0
Mon Feb 2 14:31:26 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :299 :429
Optimized with only DRE enabled
Mon Feb 2 14:48:31 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(DRE,TFO) (DRE,TFO) (DRE,LZ,TFO) (DRE,TFO) (DRE,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0
Mon Feb 2 14:48:36 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :SODRE :END :246 :468 :636 :405 :0
Mon Feb 2 14:48:36 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :636 :405
Optimized with only LZ enabled
Mon Feb 2 14:39:12 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(LZ,TFO) (LZ,TFO) (DRE,LZ,TFO) (LZ,TFO) (LZ,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0
Mon Feb 2 14:39:17 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :SODRE :END :370 :173 :219 :295 :0
Mon Feb 2 14:39:17 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :219 :295
Optimized with both DRE and LZ disabled
Mon Feb 2 14:49:36 2009 :28 :2.75.52.131 :4390 :2.75.52.2 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(TFO) (TFO) (DRE,LZ,TFO) (TFO) (TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0
Mon Feb 2 14:49:41 2009 :28 :2.75.52.131 :4390 :2.75.52.2 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :468 :246
Pass-Through Connection
Thu Jul 24 03:09:34 2008 :2.75.52.130 :40027 :2.75.52.2 :80 :BP :GLB_CFG :(DRE,LZ,TFO) (None) (None) :<Global Config> :(HTTP) (None) :<Global Config>
System Restart
Sun Oct 25 17:46:32 2009 :0 :0 : 0 :0 :0 :RESTART