Transaction Log Format

You can use the transaction logging feature to log individual TCP transactions for a WAAS device. For information on configuring transaction logging, see the “Configuring Transaction Logging” section.

TFO transaction logs are kept on the local disk in the local/local1/logs/working.log directory.

There are several kinds of transaction log messages that have different templates, as follows

  • Optimized Flow Start message:

Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :OT :Log_type :Conn_type :Peer_ID :App_map_name :App_name :App_classifier_name :Flag_directed_mode :TFO_cfgd_policy :TFO_drvd_policy :TFO_peer_policy :TFO_neg_policy :TFO_applied_policy :TFO_reject_reason :AO_cfgd_policy :AO_drvd_policy :AO_neg_policy :AO_reject_reason :SSL_reject_reason :DSCP :Link_rtt

  • Optimized Flow End Message:

Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :OT :Log_type :Conn_type :AO_neg_policy :Original_bytes_read :Original_bytes_written :Optimized_bytes_read :Optimized_bytes_written

  • Pass Through Flow Message:

Time_Stamp :Src_IP :Src_Port :Dst_IP :Dst_Port :BP :Bypass_Reason :TFO_cfgd_policy :TFO_drvd_policy :TFO_peer_policy :TFO_reject_reason :AO_cfgd_policy :AO_drvd_policy :AO_reject_reason

  • Optimized Flow TFO End Message:

Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :SODRE :END :Original_bytes_read :Original_bytes_written :Optimized_bytes_read :Optimized_bytes_written :Conn_close_state

  • System Restart Message:

Time_Stamp :0 :0 :0 :0 :0 :RESTART

Table B-1 describes the fields found in the transaction log messages.

 

Table B-1 Transaction Log Field Descriptions

Field
Description

Time_Stamp

Time stamp indicating when the log message was generated.

Conn_ID

A unique identifier for the connection.

Src_IP, Src_Port

Source IP address and port number for the connection.

Dst_IP, Dst_Port

Destination IP address and port number for connection.

OT

Indicates an optimized connection.

BP

Indicates a pass-through connection.

SODRE

Indicates a log message generated by TFO.

Log_type

START or END indicates the start or end of the flow.

Conn_type

Type of connection:
INTERNAL CLIENT–locally initiated connection from the WAE,
EXTERNAL CLIENT–WAE acting as branch device for the connection,
INTERNAL SERVER–locally terminated connection at the WAE,
EXTERNAL SERVER–WAE acting as data center device for the connection.

Peer_ID

Device ID of the peer WAE.

App_map_name

Map name.

App_classifier_name

Classifier name.

App_name

Application name.

TFO_cfgd_policy

The TFO configured policy on the local device.

TFO_drvd_policy

The TFO derived policy on the local device based on the configured and dynamic conditions. This policy is used to negotiate with the peer WAE.

TFO_peer_policy

The TFO derived policy on the peer that is sent to the local device.

TFO_neg_policy

The TFO negotiated policy, which is the lowest common policy between the derived and peer policies.

TFO_applied_policy

The final policy applied to the connection. After the connection has been established, policy changes may be made to the connection based on the data on the connection, thus the applied policy can differ from the negotiated policy.

TFO_reject_reason

Indicates the reason for a rejected connection. “None” indicates the reject reason is not set.

AO_cfgd_policy

The application accelerator configured on the local device. This is derived from the accelerator configured in the corresponding policy.

AO_drvd_policy

The application accelerator derived policy on the local device.

AO_neg_policy

The application accelerator negotiated policy, which is the lowest common policy between the derived and peer policies.

AO_reject_reason

Indicates the reason an application accelerator rejected the connection. “None” indicates the reject reason is not set.

SSL_reject_reason

Indicates the reason the SSL accelerator rejected the connection. “None” indicates the reject reason is not set.

DSCP

Differentiated Services Code Point value set on the outgoing connection.

Link_rtt

Link round trip time in milliseconds.

Original_bytes_read

Bytes read on the original side of the connection.

Original_bytes_written

Bytes written on the original side of the connection.

Optimized_bytes_read

Bytes read on the optimized side of the connection.

Optimized_bytes_written

Bytes written on the optimized side of the connection.

RESTART

Indicates that the WAE was reloaded and the transaction log process was started.

Here are some examples of transaction log messages:

Fully Optimized on both sides (with SSL rejection)

Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :OT :START :EXTERNAL CLIENT :00.14.5e.95.4c.85 :basic :SSL :HTTPS :F :(TFO) (TFO) (TFO) (TFO) (TFO) :<None> :(None) (None) (None) :<None> :<Keepalive Timeout> :0 :0
Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :SODRE :END :0 :0 :0 :0 :0
Fri Jan 30 03:15:41 2009 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :OT :END :EXTERNAL CLIENT :(None) :284 :806 :806 :28
 

Fully Optimized on both sides

Mon Feb 2 14:31:21 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0
Mon Feb 2 14:31:26 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :SODRE :END :370 :173 :299 :429 :0
Mon Feb 2 14:31:26 2009 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :299 :429
 

Optimized with only DRE enabled

Mon Feb 2 14:48:31 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(DRE,TFO) (DRE,TFO) (DRE,LZ,TFO) (DRE,TFO) (DRE,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0
Mon Feb 2 14:48:36 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :SODRE :END :246 :468 :636 :405 :0
Mon Feb 2 14:48:36 2009 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :636 :405
 

Optimized with only LZ enabled

Mon Feb 2 14:39:12 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(LZ,TFO) (LZ,TFO) (DRE,LZ,TFO) (LZ,TFO) (LZ,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0
Mon Feb 2 14:39:17 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :SODRE :END :370 :173 :219 :295 :0
Mon Feb 2 14:39:17 2009 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :219 :295
 

Optimized with both DRE and LZ disabled

Mon Feb 2 14:49:36 2009 :28 :2.75.52.131 :4390 :2.75.52.2 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(TFO) (TFO) (DRE,LZ,TFO) (TFO) (TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0
Mon Feb 2 14:49:41 2009 :28 :2.75.52.131 :4390 :2.75.52.2 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :468 :246
 

Pass-Through Connection

Thu Jul 24 03:09:34 2008 :2.75.52.130 :40027 :2.75.52.2 :80 :BP :GLB_CFG :(DRE,LZ,TFO) (None) (None) :<Global Config> :(HTTP) (None) :<Global Config>
 

System Restart

Sun Oct 25 17:46:32 2009 :0 :0 : 0 :0 :0 :RESTART