Transaction Log Format
You can use the transaction logging feature to log individual TCP transactions for a Cisco WAAS device. For information on configuring transaction logging, see the Configuring Transaction Logging in the chapter "Troubleshooting Your Cisco WAAS Network."
TFO transaction logs are kept on the local disk in the local/local1/logs/working.log directory.
There are several kinds of transaction log messages, which have different templates:
Optimized Flow Start message
Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :OT :Log_type :Conn_type :Peer_ID :App_map_name :App_name :App_classifier_name :TFO_cfgd_policy :TFO_drvd_policy :TFO_peer_policy :TFO_neg_policy :TFO_applied_policy :TFO_reject_reason :AO_cfgd_policy :AO_drvd_policy :AO_neg_policy :AO_reject_reason :SSL_reject_reason :DSCP :Link_rtt
Optimized Flow End message
Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :OT :Log_type :Conn_type :AO_neg_policy :Original_bytes_read :Original_bytes_written :Optimized_bytes_read :Optimized_bytes_written
Pass Through Flow message
Time_Stamp :Src_IP :Src_Port :Dst_IP :Dst_Port :BP :Bypass_Reason :TFO_cfgd_policy :TFO_drvd_policy :TFO_peer_policy :TFO_reject_reason :AO_cfgd_policy :AO_drvd_policy :AO_reject_reason
Optimized Flow TFO End message
Time_Stamp :Conn_ID :Src_IP :Src_Port :Dst_IP :Dst_Port :SODRE :END :Original_bytes_read :Original_bytes_written :Optimized_bytes_read :Optimized_bytes_written :Conn_close_state
System Restart message
Time_Stamp :0 :0 :0 :0 :0 :RESTART
The following table describes the fields found in the transaction log messages.
Field |
Description |
---|---|
Time_Stamp |
Time stamp indicating when the log message was generated. |
Conn_ID |
A unique identifier for the connection. |
Src_IP, Src_Port |
Source IP address and port number for the connection. |
Dst_IP, Dst_Port |
Destination IP address and port number for connection. |
OT |
Indicates an optimized connection. |
BP |
Indicates a pass-through connection. |
SODRE |
Indicates a log message generated by TFO. |
Log_type |
START or END indicates the start or end of the flow. |
Conn_type |
Type of connection: INTERNAL CLIENT–locally initiated connection from the WAE, EXTERNAL CLIENT–WAE acting as branch device for the connection,INTERNAL SERVER–locally terminated connection at the WAE, EXTERNAL SERVER–WAE acting as data center device for the connection. |
Peer_ID |
Device ID of the peer WAE. |
App_map_name |
Map name. |
App_classifier_name |
Classifier name. |
App_name |
Application name. |
TFO_cfgd_policy |
The TFO configured policy on the local device. |
TFO_drvd_policy |
The TFO derived policy on the local device based on the configured and dynamic conditions. This policy is used to negotiate with the peer WAE. |
TFO_peer_policy |
The TFO derived policy on the peer that is sent to the local device. |
TFO_neg_policy |
The TFO negotiated policy, which is the lowest common policy between the derived and peer policies. |
TFO_applied_policy |
The final policy applied to the connection. After the connection has been established, policy changes may be made to the connection based on the data on the connection, thus the applied policy can differ from the negotiated policy. |
TFO_reject_reason |
Indicates the reason for a rejected connection. “None” indicates the reject reason is not set. |
AO_cfgd_policy |
The application accelerator configured on the local device. This is derived from the accelerator configured in the corresponding policy. |
AO_drvd_policy |
The application accelerator derived policy on the local device. |
AO_neg_policy |
The application accelerator negotiated policy, which is the lowest common policy between the derived and peer policies. |
AO_reject_reason |
Indicates the reason an application accelerator rejected the connection. “None” indicates the reject reason is not set. |
SSL_reject_reason |
Indicates the reason the SSL accelerator rejected the connection. “None” indicates the reject reason is not set. |
DSCP |
Differentiated Services Code Point value set on the outgoing connection. |
Link_rtt |
Link round trip time in milliseconds. |
Original_bytes_read |
Bytes read on the original side of the connection. |
Original_bytes_written |
Bytes written on the original side of the connection. |
Optimized_bytes_read |
Bytes read on the optimized side of the connection. |
Optimized_bytes_written |
Bytes written on the optimized side of the connection. |
RESTART |
Indicates that the WAE was reloaded and the transaction log process was started. |
Here are some examples of transaction log messages:
Fully Optimized on both sides (with SSL rejection)
Fri Jan 31 03:15:41 2020 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :OT :START :EXTERNAL CLIENT :00.14.5e.95.4c.85 :basic :SSL :HTTPS :F :(TFO) (TFO) (TFO) (TFO) (TFO) :<None> :(None) (None) (None) :<None> :<Keepalive Timeout> :0 :0 Fri Jan 31 03:15:41 2020 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :SODRE :END :0 :0 :0 :0 :0 Fri Jan 31 03:15:41 2020 :43 :2.57.223.130 :4808 :2.57.223.2 :443 :OT :END :EXTERNAL CLIENT :(None) :284 :806 :806 :28
Fully Optimized on both sides
Mon Feb 3 14:31:21 2020 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) (DRE,LZ,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0 Mon Feb 3 14:31:26 2020 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :SODRE :END :370 :173 :299 :429 :0 Mon Feb 3 14:31:26 2020 :16 :2.75.52.131 :4374 :2.75.52.3 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :299 :429
Optimized with only DRE enabled
Mon Feb 3 14:48:31 2020 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(DRE,TFO) (DRE,TFO) (DRE,LZ,TFO) (DRE,TFO) (DRE,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0 Mon Feb 3 14:48:36 2020 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :SODRE :END :246 :468 :636 :405 :0 Mon Feb 3 14:48:36 2020 :27 :2.75.52.131 :4389 :2.75.52.2 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :636 :405
Optimized with only LZ enabled
Mon Feb 3 14:39:12 2020 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(LZ,TFO) (LZ,TFO) (DRE,LZ,TFO) (LZ,TFO) (LZ,TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0 Mon Feb 3 14:39:17 2020 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :SODRE :END :370 :173 :219 :295 :0 Mon Feb 3 14:39:17 2020 :20 :2.75.52.131 :4379 :2.75.52.3 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :219 :295
Optimized with both DRE and LZ disabled
Mon Feb 3 14:49:36 2020 :28 :2.75.52.131 :4390 :2.75.52.2 :80 :OT :START :EXTERNAL CLIENT :00.14.5e.83.8c.cf :basic :Web :HTTP :F :(TFO) (TFO) (DRE,LZ,TFO) (TFO) (TFO) :<None> :(HTTP) (HTTP) (HTTP) :<None> :<None> :0 :0 Mon Feb 3 14:49:41 2020 :28 :2.75.52.131 :4390 :2.75.52.2 :80 :OT :END :EXTERNAL CLIENT :(HTTP) :0 :0 :468 :246
Pass-Through Connection
Thu Jul 25 03:09:34 2019 :2.75.52.130 :40027 :2.75.52.2 :80 :BP :GLB_CFG :(DRE,LZ,TFO) (None) (None) :<Global Config> :(HTTP) (None) :<Global Config>
System Restart
Sun Oct 20 17:46:32 2019 :0 :0 : 0 :0 :0 :RESTART