Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

SmartView Tracker

Related Topics

Overview of Logging

Examples of Log Events

Examples of Account Statistics Logs

Overview of Logging

SmartView Tracker enables you to view entries in the Log File. Each entry in the Log File is a record of an event or an account record. SmartView Tracker gives you control over the information displayed in the Log File. You can navigate through the Log File and select the log entries that you would like to display. You can view the log entries for all the installed Check Point products or for a selected product, such as QoS or VPN.

Two types of events are logged. The table below describes features unique to event logs:

SmartView Tracker Non-Accounting Log Events

Log Event

Data Returned

Presentation

Express or Traditional Modes

Connection Reject

QoS rejects a connection when the number of guaranteed connections is exceeded and/or when you have configured the system not to accept additional connections.

The name of the matching rule on account of which the connection was rejected.

Generated as a reject log. Unified with the initial connection log.

Traditional mode only. PCG is a feature of Traditional mode.

Running Out of Packet Buffers

  • QoS's global packet buffers are exhausted.
  • One of the interface-direction's packet buffers is exhausted. A report is generated a maximum of once per 12 hours.

A string explaining the nature of the problem and the size of the relevant pool.

New log record created each time a global problem is reported.

Traditional mode only.

LLQ Packet Drop

When a packet is dropped from an LLQ connection. A report is generated a maximum of once per 5 minutes.

The following are logged:

  • Number of bytes dropped from the connection due to delay expiration
  • average packet delay.
  • jitter, which is computed as the maximum delay difference between two consecutive packets.

Unified with the initial connection log.

Traditional Mode only. LLQ is a feature of Traditional mode.

The next table describes the features unique to accounting logs.

Explaining the Accounting SmartView Tracker Log

Logged

Data Returned

Express or Traditional modes

General Statistics

The total bytes transmitted through QoS for each relevant interface and direction.

Inbound & outbound bytes transmitted by QoS.

Both

Drop Policy Statistics

  • Total bytes dropped from the connection as a result of QoS's drop policy.
  • Count of the bytes dropped from the connection because the maximum used memory fragments for a single connection was exceeded

 

Traditional Mode only

LLQ Statistics

Statistics about the LLQ connection.

The following are logged:

  1. Number of bytes dropped from the connection due to delay expiration
  2. Average packet delay.
  3. Jitter which is computed as the maximum delay difference between two consecutive packets.

Traditional Mode only. LLQ is a feature of Traditional mode.

The following two conditions must be met for a connection to be logged:

Further information on how to start the SmartView Tracker can be found in Enabling Log Collection.

Examples of Log Events

This section describes the log events in the SmartView Tracker:

Connection Reject Log

The connection is rejected because the rule exceeds the number of guaranteed connections, where Accept additional non-guaranteed connections is unchecked in the QoS Action Properties window (see QoS Action Properties). The log will include the name as well as the class of the rule in the following format: rule_name:<class>-><name>.

In the following example, the rule belongs to the class Best_Effort. The name of the rule (rule_name) is udp2.

Connection Reject Log — Example

Time

Product

Interface

Type

Action

Information

15:17:09

QoS

daemon

log

reject

rule_name:Best_Effort->udp2

LLQ Drop Log

When a packet from the LLQ connection is dropped, LLQ information is computed and logged from the last time a log was generated. This information includes significant data logged from the relevant interface-direction. In the following example, the information logged includes:

  • s_in_llq_drops: The number of bytes dropped from the connection on the Server-In interface direction.
  • s_in_llq_avg_xmit_delay: The average delay computed for all the connection's packets that were not dropped on the Server-In interface direction.
  • s_in_llq_max_delay: The maximum delay of a connection packet that was not dropped on the Server-In interface direction.
  • s_in_llq_xmit_jitter: The maximum delay difference between two consecutive successfully transmitted packets of the connection on the Server-In interface direction. Any packets which are dropped in between the two successfully transmitted packets are ignored.
  • s_in_llq_recommended_delay: The default delay that can be entered into the Add Low Latency QoS Class Properties window in order to achieve a minimal number of dropped bytes.

LLQ Drop Log — Example

Product

Type

Information

QoS

log

s_in_llq_drops:3000

s_in_llq_avg_xmit_delay: 900

s_in_llq_max_delay: 1351

s_in_llq_xmit_jitter: 1351

s_in_llq_recommended_delay:2000

In the above example relevant data was observed only on the Server-In interface direction, therefore only Server-In counters are available.

Note - There are several reasons why logging might not occur on a specified interface direction:

  • QoS might not be installed on all the interfaces directions.
  • No packets were seen on other interface directions.
  • Data on other interface directions might not be significant, for instance, the values logged might be all zeroes.

Pool Exceeded Log

The designated size of the pool is exceeded, whether the pool is set for a particular interface direction, or whether it represents the global pool. In the following example, the information logged includes:

  • an interface direction (ifdir) has a pool size of 8 fragments
  • the interface name is E100B1, and the direction is outbound (marked by little cube juxtaposed to the interface name which has an outward pointing arrow) in the Interface column.

Pool Exceeded Log — Example

Product

Interface

Type

Information

QoS

E100B1

control

info:Ifdir Memory Pool Exceeded Pool_size:8

Examples of Account Statistics Logs

In SmartView Tracker, the account logs always include the segment_time information (the time from which the information about the log was gathered) in the Information column.

The Mandatory Fields in Account Logs

Product

Type

Information

QoS

Account

segment_time 8May2002 12:24:57

Account Logs may include any or all of the above information:

Note - Only significant data is logged and presented in the same log record.

General Statistics Data

These statistics include the number of bytes transmitted through QoS in any relevant interface direction. In the following example:

  • s_in_bytes: 5768 bytes were transmitted through QoS on the Server-In interface direction.
  • s_out_bytes: 154294 bytes were transmitted through QoS on the Server-Out interface direction.

General Statistics Data — Example

...

Information

...

 

s_in_bytes:5768 s_out_bytes: 154294

 

Drop Policy Statistics Data

The number of bytes dropped from the connection in any relevant interface direction as a result of drop policy are logged. The drop policy is aimed at managing QoS packet buffers, see WFRED (Weighted Flow Random Early Drop). This includes the total number of bytes dropped from the connection since it exceeded its allocation. In the following example:

  • s_out_total_drops: 3914274 bytes were dropped from the connection as a result of drop policy, on the Server-Out interface direction.
  • s_out_exceed_drops: Out of total number of drops (s_out_total_drops) 3914274 bytes were dropped from the connection because it exceeded its allowed number of fragments, on the Server-Out interface direction.

Drop Policy Statistics Data — Example

...

Information

...

 

s_out_total_drops:3914274 s_out_exceed_drops: 3914274

 

LLQ Statistics Data

Data items are the same as in LLQ Drop Log, but are generated from the beginning of the connection, not from the last time a log was created.

 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print