Packetlogic 20 30 00 Intelligence Center Product Guide

PacketLogic Intelligence Center
Product Guide
Release 20.30
05-00391-A01
Copyright © 2019 Sandvine Corporation. All rights reserved. Any unauthorized reproduction prohibited. All other trademarks are
the property of their respective owners.
This documentation including all documentation incorporated by reference herein such as documentation provided or made
available on the Sandvine website are provided or made accessible "AS IS" and "AS AVAILABLE" and without condition,
endorsement, guarantee, representation, or warranty of any kind by Sandvine Corporation and its affiliated companies
("Sandvine") and Sandvine assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or
omissions in this documentation. In order to protect Sandvine proprietary and confidential information and/or trade secrets,
this documentation may describe some aspects of Sandvine technology in generalized terms. Sandvine reserves the right to
periodically change information that is contained in this documentation; however, Sandvine makes no commitment to provide
any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all.
Comments
If you have any comments, questions, or ideas in relation to the content in this documentation, we welcome your feedback.
Please send your feedback to Sandvine via email at docs@sandvine.com.
Contacting Sandvine
To view the latest Sandvine documentation or to contact Sandvine Customer Support, register for an account at https://
support.sandvine.com. See http://www.sandvine.com/about_us/contact.asp for a list of Sandvine Sales and Support offices.
Copyright © 2001-2019 Sandvine
ii
Table of Contents
1. About this document 1
1.1. Document scope ................................................................................................................................... 2
1.2. Related documents ................................................................................................................................ 2
1.3. Software and firmware download ............................................................................................................. 2
1.4. Typographical conventions ...................................................................................................................... 2
2. Introduction 3
2.1. About PacketLogic ................................................................................................................................. 4
2.1.1. Basic data flow ........................................................................................................................... 4
2.2. About PacketLogic Intelligence Center ...................................................................................................... 4
2.3. Interfaces overview ................................................................................................................................. 4
2.4. Glossary ............................................................................................................................................... 5
3. PacketLogic Client user interface 7
3.1. PacketLogic Client window ..................................................................................................................... 8
3.2. System Manager window ...................................................................................................................... 12
3.2.1. System Manager context menu .................................................................................................. 14
3.3. Statistics view ...................................................................................................................................... 15
3.3.1. Navigation tab ........................................................................................................................... 16
3.3.2. Bookmarks tab ......................................................................................................................... 18
3.3.2.1. Bookmarks tab context menu .......................................................................................... 19
3.3.2.2. Add Bookmark dialog ...................................................................................................... 20
3.3.3. Graphs tab ............................................................................................................................... 20
3.4. File menu ............................................................................................................................................ 22
3.5. Edit menu ........................................................................................................................................... 23
3.6. View menu .......................................................................................................................................... 25
3.7. Tools menu ......................................................................................................................................... 27
3.8. Bookmarks menu ................................................................................................................................. 28
3.9. Help menu .......................................................................................................................................... 29
3.10. Objects & Rules Editor window ............................................................................................................ 30
3.10.1. Objects & Rules Editor window overview .................................................................................... 30
3.10.2. Objects & Rules Editor File menu .............................................................................................. 31
3.10.3. Objects & Rules Editor Edit menu .............................................................................................. 32
3.11. NetObjects configuration pane ............................................................................................................. 33
3.11.1. NetObjects context menu ......................................................................................................... 34
3.12. ServiceObjects configuration pane ........................................................................................................ 36
3.13. StatisticsObjects configuration pane ..................................................................................................... 38
3.13.1. Fields tab ............................................................................................................................... 39
3.13.2. Distribution tab ........................................................................................................................ 40
3.13.3. Limits tab ............................................................................................................................... 42
3.13.4. Aggregation tab ....................................................................................................................... 43
3.14. IPFIXObjects configuration pane ........................................................................................................... 44
3.14.1. Template tab .......................................................................................................................... 45
3.14.2. Collectors tab ......................................................................................................................... 46
3.15. Conditions configuration pane .............................................................................................................. 48
3.16. Statistics rules configuration pane ........................................................................................................ 49
3.17. Channel Editor window ....................................................................................................................... 51
3.17.1. Physical Channels tab .............................................................................................................. 51
3.17.2. Divert Labels tab ..................................................................................................................... 53
3.17.3. Monitor Labels tab ................................................................................................................... 54
3.18. User Editor window ............................................................................................................................ 57
3.18.1. Database Permissions tab ........................................................................................................ 58
3.18.2. LiveView Permissions tab ......................................................................................................... 59
3.19. Log Level Editor window ..................................................................................................................... 61
3.20. Host Trigger Editor window ................................................................................................................. 63
iii
PacketLogic Intelligence Center Product Guide
3.21. Connection Protection Trigger Editor window ......................................................................................... 66

3.22. System Configuration Editor window ..................................................................................................... 68
3.22.1. System Configuration Editor File menu ....................................................................................... 69
3.23. Preferences window ........................................................................................................................... 70
3.23.1. System Overview tab ............................................................................................................... 71
3.23.2. LiveView tab ........................................................................................................................... 71
3.23.3. Statistics tab ........................................................................................................................... 72
3.23.4. Advanced tab ......................................................................................................................... 72
3.23.5. Proxy tab ................................................................................................................................ 73
3.24. Backup Manager window .................................................................................................................... 74
3.25. Resource Manager window ................................................................................................................. 76
3.26. File Manager window .......................................................................................................................... 78
3.27. Log Viewer window ............................................................................................................................ 80
3.27.1. Log Viewer File menu .............................................................................................................. 81
3.27.2. Log Viewer Edit menu .............................................................................................................. 81
3.28. Connection Search window ................................................................................................................. 82
3.29. Command-line mode .......................................................................................................................... 84
4. Interfaces 85
4.1. PacketLogic Client ............................................................................................................................... 86
4.1.1. Logging on to PacketLogic Client ................................................................................................ 86
4.1.2. Customizing tables .................................................................................................................... 87
4.1.3. Uploading a file to PacketLogic Client .......................................................................................... 87
4.1.4. Objects & Rules Editor opening modes ........................................................................................ 87
4.2. CLI ..................................................................................................................................................... 88
4.2.1. Logging on to the CLI ............................................................................................................... 88
4.3. SQL ................................................................................................................................................... 89
4.3.1. Statistics class in PacketLogic Python API .................................................................................... 89
4.3.1.1. Statistics.query ............................................................................................................... 89
4.3.1.2. Statistics.query_callback .................................................................................................. 90
4.3.2. Memory protection .................................................................................................................... 90
4.3.3. Statements ............................................................................................................................... 91
4.3.3.1. SELECT ........................................................................................................................ 91
4.3.3.2. SHOW .......................................................................................................................... 92
4.3.3.3. SET .............................................................................................................................. 92
4.3.4. Procedures ............................................................................................................................... 93
4.3.4.1. pls_date_list ................................................................................................................... 93
4.3.4.2. pls_list ........................................................................................................................... 93
4.3.4.3. pls_graph ...................................................................................................................... 96
4.3.4.4. pls_data_invalidate .......................................................................................................... 99
4.3.4.5. pls_graph_invalidate ........................................................................................................ 99
4.3.4.6. pls_list_daily_indexes ..................................................................................................... 100
4.3.4.7. pls_list_global_indexes ................................................................................................... 101
4.3.4.8. pls_list_procedures ....................................................................................................... 102
4.3.4.9. pls_recompress_daily_indexes ........................................................................................ 102
4.3.4.10. pls_recompress_global_indexes .................................................................................... 102
4.3.4.11. pls_subitem_count ...................................................................................................... 103
4.3.4.12. pls_subscriber_count ................................................................................................... 104
4.3.4.13. pls_subscriber_count_graph ......................................................................................... 105
4.3.5. Session variables .................................................................................................................... 106
4.3.6. Migration from PythonAPI calls .................................................................................................. 106
5. Statistics concepts 111
5.1. Objects and rules in statistics .............................................................................................................. 112
5.1.1. Creating a condition ................................................................................................................ 112
5.2. Local, remote, incoming, and outgoing traffic ......................................................................................... 113
5.3. Client-server versus source-destination ................................................................................................. 113
5.4. Traffic analysis ................................................................................................................................... 113
iv
5.4.1. Connection quality measurement ............................................................................................... 115

5.4.1.1. Monitoring points .......................................................................................................... 115
5.4.1.2. Statistics ...................................................................................................................... 116
5.4.1.3. QoE calculation ............................................................................................................ 117
5.4.1.4. Identifying packet drops ................................................................................................. 117
5.4.1.5. QoE metrics in an asymmetrical environment .................................................................... 117
5.4.2. Handshake Round-Trip Time (RTT) ............................................................................................ 117
5.4.2.1. RTT in an asymmetrical environment ............................................................................... 118
5.4.2.2. TCP ............................................................................................................................ 118
5.4.2.3. UDP ............................................................................................................................ 119
5.4.3. Timestamp option based Round-Trip Time (RTT) ......................................................................... 120
5.5. Traffic categorization ........................................................................................................................... 120
5.5.1. Traffic identification overview ..................................................................................................... 120
5.5.2. Introducing objects .................................................................................................................. 122
5.5.3. Object types for traffic categorization ......................................................................................... 122
5.5.3.1. NetObjects .................................................................................................................. 122
5.5.3.2. ServiceObjects ............................................................................................................. 123
5.5.4. Attributes ................................................................................................................................ 123
5.5.4.1. Attributes used by CGNAT ............................................................................................ 124
5.5.4.2. Standard attributes ........................................................................................................ 125
5.5.4.3. Attributes used by Statistics ........................................................................................... 125
5.5.4.4. Attributes used for VBS ................................................................................................. 125
5.5.5. Nesting and hierarchies ............................................................................................................ 126
5.5.6. Object - item relationships (OR, AND) ........................................................................................ 127
5.6. Subscriber identity integrity .................................................................................................................. 127
5.6.1. Obfuscated values in the statistics file system ............................................................................. 127
5.6.2. Obfuscated IPFIX elements ....................................................................................................... 127
5.6.3. Obfuscated data in Insights Data Storage ................................................................................... 128
6. PIC components and deployment 129
6.1. Statistics data flow ............................................................................................................................. 130
6.2. Software architecture .......................................................................................................................... 131
6.2.1. Engine ................................................................................................................................... 132
6.2.1.1. Processor .................................................................................................................... 132
6.2.1.2. Reaper ........................................................................................................................ 132
6.2.2. PacketLogic Ruleset Compiler Daemon (PLRCD) ......................................................................... 132
6.2.3. PacketLogic Daemon (PLD) ...................................................................................................... 133
6.2.3.1. Hosts .......................................................................................................................... 133
6.2.4. PacketLogic Database Daemon (PLDBD) .................................................................................... 133
6.2.4.1. Database daemon in a statistics system .......................................................................... 134
6.2.4.2. Resources ................................................................................................................... 134
6.2.4.3. External authentication sources ....................................................................................... 135
6.2.5. PacketLogic Statistics Daemon (PLSD) ....................................................................................... 136
6.2.5.1. PacketLogic Statistics Daemon system configuration ......................................................... 136
6.2.6. Internal communication ............................................................................................................. 136
6.2.7. Statistics daemon and statistics writer of different firmware version ................................................. 137
6.3. Deployment scenarios ........................................................................................................................ 137
6.3.1. Local statistics deployment ....................................................................................................... 138
6.3.2. One PRE and one PIC deployment ........................................................................................... 139
6.3.2.1. One PRE and one PIC configuration workflow .................................................................. 139
6.3.3. Multiple PREs and one PIC deployment ..................................................................................... 140
6.3.3.1. Multiple PREs and one PIC configuration workflow ............................................................ 141
6.3.4. PIC collector and PIC writer deployment ..................................................................................... 141
6.3.4.1. PIC collector and PIC writer configuration workflow ............................................................ 142
6.3.5. Downloading license ................................................................................................................ 143
6.3.6. Enabling/disabling local statistics ............................................................................................... 143
6.3.7. Adding a remote system for statistics collection ........................................................................... 144
v
6.3.8. Verifying statistics .................................................................................................................... 145

6.3.9. Proxying a database resource ................................................................................................... 145
6.4. Statistics user .................................................................................................................................... 146
6.4.1. Creating a statistics user .......................................................................................................... 146
6.5. Performance considerations ................................................................................................................. 147
6.6. Bandwidth considerations .................................................................................................................... 148
6.7. Centralized management ..................................................................................................................... 148
6.7.1. Proxy ..................................................................................................................................... 148
6.7.1.1. Proxying a database resource ........................................................................................ 149
6.7.1.2. System Overview .......................................................................................................... 149
6.7.2. System Diagnostics ................................................................................................................. 150
6.7.3. Resource copying ................................................................................................................... 150
6.7.4. Recommended use ................................................................................................................. 151
6.8. Monitoring PacketLogic ....................................................................................................................... 151
6.8.1. PIC KPIs ................................................................................................................................ 152
6.8.1.1. KPI specification ........................................................................................................... 152
6.8.2. Configuring an SNMP management station ................................................................................. 155
6.8.2.1. Installing the PacketLogic MIB ........................................................................................ 155
6.8.2.2. Example: polling a value using snmpget .......................................................................... 156
6.8.2.3. Example: polling a set of values using snmpwalk .............................................................. 156
6.8.2.4. Setting up a trap server ................................................................................................. 157
6.8.3. Built-in SNMP traps ................................................................................................................. 158
6.9. Backup and restore ............................................................................................................................ 158
6.9.1. Client backup ......................................................................................................................... 159
6.9.1.1. Backup procedure ........................................................................................................ 159
6.9.1.2. Restore procedure ........................................................................................................ 160
6.9.2. CLI backup ............................................................................................................................. 163
6.9.2.1. Configuring the remote host ........................................................................................... 163
6.9.2.2. Backup procedure ........................................................................................................ 164
6.9.2.3. Restore procedure ........................................................................................................ 167
6.10. PacketLogic update .......................................................................................................................... 168
6.10.1. PacketLogic update workflow .................................................................................................. 168
6.10.2. Updating firmware .................................................................................................................. 169
7. PacketLogic statistics file system 171
7.1. StatisticsObject .................................................................................................................................. 172
7.1.1. Creating a StatisticsObject ........................................................................................................ 172
7.2. Distribution tree structure ..................................................................................................................... 173
7.3. Depth in NetObjects and ServiceObjects .............................................................................................. 174
7.4. Depth in AS path ............................................................................................................................... 177
7.5. Value paths ....................................................................................................................................... 177
7.5.1. Fields ..................................................................................................................................... 177
7.5.2. Value types ............................................................................................................................ 179
7.6. Links ................................................................................................................................................ 184
7.6.1. Configuring a link ..................................................................................................................... 185
7.6.2. Link configuration example ........................................................................................................ 185
7.6.3. Requirements for linking ........................................................................................................... 186
7.6.4. Single or double NetObjects in a link ......................................................................................... 187
7.6.5. Depth and root in links ............................................................................................................. 188
7.6.6. Link back to the same StatisticsObject ...................................................................................... 189
7.7. Session Context in statistics ................................................................................................................ 190
7.7.1. Session Context in statistics workflow ........................................................................................ 190
7.7.2. Configuring a StatisticsObject for Session Context data ................................................................ 191
7.7.3. Configuring a statistics rule for Session Context data ................................................................... 192
7.8. Subscriber NetObjects ........................................................................................................................ 193
7.8.1. Configuring a subscriber Netobject ............................................................................................ 193
7.9. NAT statistics .................................................................................................................................... 193
vi
7.10. Averages based on usage analysis .................................................................................................... 194

7.10.1. Enabling averages based on usage analysis ............................................................................. 195
7.10.2. Viewing usage analysis data ................................................................................................... 195
7.11. Aggregation ..................................................................................................................................... 196
7.11.1. Configuring aggregation for a StatisticsObject ............................................................................ 197
7.11.2. Configuring an aggregation resource ........................................................................................ 197
7.12. Statistics ruleset templates ................................................................................................................ 198
7.12.1. Installing a statistics ruleset template ........................................................................................ 198
7.12.2. Objects and rules in statistics ruleset templates ......................................................................... 198
7.12.3. NetObject tree ...................................................................................................................... 199
7.12.4. T1 — No PSM ..................................................................................................................... 200
7.12.4.1. T1 NetObject structure ................................................................................................ 200
7.12.5. T2 — Subscriber awareness .................................................................................................. 200
7.12.5.1. T2 NetObject structure ................................................................................................ 201
7.12.6. T7 — BGP ........................................................................................................................... 201
7.12.7. T12 — ContentLogic ............................................................................................................. 201
8. PacketLogic statistics reading 203
8.1. Statistics reading overview .................................................................................................................. 204
8.2. Statistics reader proxy workflow ........................................................................................................... 204
8.3. Statistics reader peering ...................................................................................................................... 205
8.3.1. Multi-release peering ................................................................................................................ 205
8.3.2. Adding a statistics reader peer .................................................................................................. 206
8.4. Statistics view navigation ..................................................................................................................... 206
8.4.1. Statistics view address bar ....................................................................................................... 206
8.4.2. Statistics view workspace ......................................................................................................... 206
8.4.3. Bookmarks ............................................................................................................................. 207
8.5. Peak analysis ..................................................................................................................................... 207
8.5.1. Viewing peak data ................................................................................................................... 207
8.5.2. Enabling graph points .............................................................................................................. 208
8.6. Duration for limits ............................................................................................................................... 208
8.6.1. Viewing the duration for limits .................................................................................................... 208
8.7. Distribution example ........................................................................................................................... 209
9. Insights Data Storage 215
9.1. About Insights Data Storage ................................................................................................................ 216
9.2. Data export to Insights Data Storage .................................................................................................... 216
9.2.1. Data export configuration workflow ............................................................................................ 216
9.2.2. Enabling Insights data export .................................................................................................... 217
9.2.3. Adding Insights data collectors .................................................................................................. 218
9.2.4. Selecting dimensions for data export to Insights Data Storage ....................................................... 218
9.2.5. Selecting traffic for traffic data export ......................................................................................... 219
9.2.6. Values for data export .............................................................................................................. 220
9.2.6.1. Mandatory dimensions for data export ............................................................................. 220
9.2.6.2. Additional values for data export ..................................................................................... 220
9.2.7. Data loss prevention ................................................................................................................ 222
9.2.8. Moving of statistics process workflow ........................................................................................ 223
10. IPFIX 225
10.1. IPFIX export ..................................................................................................................................... 226
10.2. IPFIXObject ...................................................................................................................................... 226
10.2.1. Template .............................................................................................................................. 226
10.2.2. Collector ............................................................................................................................... 227
10.3. IPFIX export workflow ........................................................................................................................ 228
10.3.1. Configuring an IPFIXObject ...................................................................................................... 229
10.3.2. Configuring a statistics rule for IPFIX ......................................................................................... 229
10.3.3. Changing IPFIX system configuration values .............................................................................. 230
10.4. IPFIX elements ................................................................................................................................. 230
vii
10.4.1. Standard IPFIX elements ......................................................................................................... 231

10.4.2. Enterprise-specific IPFIX elements ............................................................................................ 232
10.5. Transport protocols ........................................................................................................................... 237
10.6. Flow ............................................................................................................................................... 237
10.7. Sampling ......................................................................................................................................... 239
11. Connection logging 241
11.1. About connection logging .................................................................................................................. 242
11.2. Configuring a statistics rule to log connections ..................................................................................... 243
11.3. Connection search ........................................................................................................................... 244
11.3.1. Searching for connections ...................................................................................................... 245
A. Statistics fields ............................................................................................................................................. 247
A.1. Traffic statistics total fields ................................................................................................................... 247
A.2. Traffic statistics graph fields ................................................................................................................. 255
A.3. Channel statistics total fields ................................................................................................................ 263
A.4. Channel statistics graph fields ............................................................................................................. 264
A.5. NAT statistics fields ............................................................................................................................ 266
A.6. Sub-item count statistics ..................................................................................................................... 268
B. System Configuration Values .......................................................................................................................... 271
B.1. Introduction ....................................................................................................................................... 271
B.1.1. Exceeding minimum and maximum values .................................................................................. 271
B.1.2. Restart Levels ......................................................................................................................... 271
B.2. BGP ................................................................................................................................................. 272
B.3. Connection Handling .......................................................................................................................... 272
B.4. Connsync ......................................................................................................................................... 276
B.5. ContentLogic ..................................................................................................................................... 276
B.6. DRDL ............................................................................................................................................... 276
B.7. Debugging ........................................................................................................................................ 277
B.8. Divert ................................................................................................................................................ 277
B.9. Filtering ............................................................................................................................................. 278
B.10. General ........................................................................................................................................... 278
B.11. GeoLogic ........................................................................................................................................ 279
B.12. Host statistics .................................................................................................................................. 279
B.13. IPFIX ............................................................................................................................................... 279
B.14. Insights ........................................................................................................................................... 280
B.15. Linesharing ...................................................................................................................................... 283
B.16. LiveView .......................................................................................................................................... 283
B.17. Low Level Filters .............................................................................................................................. 284
B.18. Packet Handling ............................................................................................................................... 284
B.19. Queue Sync .................................................................................................................................... 289
B.20. Ruleset ........................................................................................................................................... 289
B.21. Shaping .......................................................................................................................................... 291
B.22. Statistics ......................................................................................................................................... 292
C. System Diagnostics Values ............................................................................................................................ 295
C.1. Introduction ....................................................................................................................................... 295
C.2. BGP ................................................................................................................................................. 295
C.3. CAPWAP .......................................................................................................................................... 297
C.4. Comm .............................................................................................................................................. 298
C.5. Connection ....................................................................................................................................... 298
C.6. Connsync ......................................................................................................................................... 300
C.7. ContentLogic ..................................................................................................................................... 302
C.8. Divert ............................................................................................................................................... 303
C.9. Drdl .................................................................................................................................................. 306
C.10. Drdl - Bincode ................................................................................................................................ 307
C.11. EtherIP ............................................................................................................................................ 308
C.12. Ethernet .......................................................................................................................................... 308
C.13. Filtering ........................................................................................................................................... 311
viii
C.14.GRE ............................................................................................................................................... 312

C.15.GTP ............................................................................................................................................... 312
C.16.
GeoLogic - Engine ........................................................................................................................... 312
C.17.
GeoLogic - Userspace ..................................................................................................................... 313
C.18.
Header Enrichment .......................................................................................................................... 314
C.19.
Host Stats ...................................................................................................................................... 315
C.20.
ICMPv4 .......................................................................................................................................... 315
C.21.
ICMPv6 .......................................................................................................................................... 316
C.22.IPv4 ............................................................................................................................................... 316
C.23.IPv6 ............................................................................................................................................... 318
C.24.Insights ........................................................................................................................................... 320
C.25.
Interface .......................................................................................................................................... 322
C.26.
Ipfix Exporter ................................................................................................................................... 323
C.27.L2TP .............................................................................................................................................. 324
C.28.
Line Sharing .................................................................................................................................... 325
C.29.
Liveview .......................................................................................................................................... 326
C.30.
Load Balancer ................................................................................................................................. 328
C.31.NAT ............................................................................................................................................... 334
C.32.
Natsync .......................................................................................................................................... 335
C.33.PPPoE ............................................................................................................................................ 335
C.34.
Packet Processing ........................................................................................................................... 336
C.35.
Queue Sync .................................................................................................................................... 337
C.36.Rewrite ........................................................................................................................................... 339
C.37.
Ruleset - Compiler ........................................................................................................................... 351
C.38.
Ruleset - Daemon ........................................................................................................................... 353
C.39.
Ruleset - Dynamic Netobject ............................................................................................................. 353
C.40.
Ruleset - Engine .............................................................................................................................. 355
C.41.
Session Context - Daemon ............................................................................................................... 356
C.42.
Session Context - Engine ................................................................................................................. 358
C.43.
Shaping .......................................................................................................................................... 359
C.44.
Shaping Counter ............................................................................................................................. 361
C.45.
Statistics ......................................................................................................................................... 362
C.46.
Statistics Writer ................................................................................................................................ 367
C.47.System ........................................................................................................................................... 369
C.48.TCPv4 ............................................................................................................................................ 370
C.49.TCPv6 ............................................................................................................................................ 372
C.50.Teredo ............................................................................................................................................ 373
C.51.Tunnel ............................................................................................................................................ 374
C.52.UDPv4 ............................................................................................................................................ 374
C.53.UDPv6 ............................................................................................................................................ 374
C.54.
Web Liveview .................................................................................................................................. 374
C.55.
Debug values .................................................................................................................................. 375
C.56.
Default alerts ................................................................................................................................... 402
C.56.1. Introduction .......................................................................................................................... 402
D. Keyboard shortcuts ....................................................................................................................................... 415
D.1. General shortcuts .............................................................................................................................. 415
D.2. Main interface .................................................................................................................................... 415
D.3. Backup Manager ............................................................................................................................... 416
D.4. File Manager ..................................................................................................................................... 416
D.5. Log Viewer ........................................................................................................................................ 416
D.6. System Manager ............................................................................................................................... 417
D.7. Objects & Rules Editor ....................................................................................................................... 417
D.8. System Configuration Editor ................................................................................................................ 418
D.9. User Editor ........................................................................................................................................ 418
D.10. Tech Support .................................................................................................................................. 418
D.11. Resource Manager ........................................................................................................................... 418
D.12. Statistics Viewer ............................................................................................................................... 419
ix
D.13. Bookmark Manager .......................................................................................................................... 420

D.14. Calendar Tool .................................................................................................................................. 420
D.15. LiveView ......................................................................................................................................... 420
Index ............................................................................................................................................................... 423
x
1. About this document
1.1. Document scope
1.2. Related documents
1.3. Software and firmware download
1.4. Typographical conventions
This document is a guide to configuration and maintenance of an installed PacketLogic Intelligence Center (PIC). For more
information about the PacketLogic product line, see the PacketLogic Real-Time Enforcement product guide and the
PacketLogic Subscriber Manager Product Guide.
The appendices provide additional reference information and include lists of statistics field names, system configuration values,
system diagnostic values, and keyboard shortcuts.
1
1. About this document
1.1. Document scope

This document does not describe the installation of the product. For specifications and installation details, see the appropriate
Hardware Guide.
1.2. Related documents

You can download the following related documents from the Sandvine documentation library. The PacketLogic product guides
can also be downloaded from the File Manager in the respective PacketLogic Client. The PSM Product Guide is additionally
available directly from the PSM web interface.
PacketLogic Real-Time Enforcement Product Guide
PacketLogic Subscriber Manager Product Guide
PacketLogic Hardware Guide

A separate guide for each specific hardware platform is available in the Sandvine documentation library.
PacketLogic CLI Reference Guide

A reference for the command-line interface (CLI) of PacketLogic describing commands and the tree model of configuration
values.
1.3. Software and firmware download

You can download software and firmware from the Sandvine software library.
1.4. Typographical conventions

The following typographical conventions are used throughout this document.
Tip
A tip gives supplementary information providing alternative methods to complete a task.
Note
A note gives additional information that is not essential to complete a task.
Important
An important note gives important information that is essential to complete a task.
Caution
A caution means risk of data loss.
Warning
A warning means risk of personal injury or damage to equipment.
2
2. Introduction
2.1. About PacketLogic
2.2. About PacketLogic Intelligence Center
2.3. Interfaces overview
2.4. Glossary
This chapter is an introduction to PacketLogic Intelligence Center and its user interfaces.
3
2. Introduction
2.1. About PacketLogic

PacketLogic is a scalable traffic management product for all types of network environments consisting of three major
components: PacketLogic Real-Time Enforcement (PRE), PacketLogic Subscriber Manager (PSM), and PacketLogic Intelligence
Center (PIC).
2.1.1. Basic data flow

The basic flow of data through PRE is:
1. Receive a packet.
2. Analyze the packet to determine the following:
• Does the packet belong in an existing connection, or does it start a new one?
• Does the connection to which the packet belongs match any defined rules?
3. Enforce all rules to which the packet's connection applies.
4. If the packet has not been dropped or rejected during the enforcement of the rules, forward the packet.
2.2. About PacketLogic Intelligence Center

PacketLogic Intelligence Center (PIC) gathers traffic information from the network and builds statistics based on the configurations
of StatisticsObjects and statistics rules. You can explore stored statistics data directly and interactively in PacketLogic Client,
where data is presented as graphs and charts.
2.3. Interfaces overview

PacketLogic Client
PacketLogic Client is the graphical user interface of PacketLogic. You use the client to configure and monitor PacketLogic
and to view statistics. For more information, see Section 4.1, “PacketLogic Client” and Chapter 3, PacketLogic Client
user interface.
Command-Line Interface (CLI)

The command-line interface (CLI) of PacketLogic is used to configure PacketLogic. It is available either locally on a serial
port or remotely using a secure shell (SSH). For more information, see Section 4.2, “CLI” and the PacketLogic CLI
Reference Guide.
SQL interface
The SQL interface is used to query the statistics reader. For more information, see Section 4.3, “SQL”.
PythonAPI
PacketLogic supports automation of tasks and integration with other network nodes via the PacketLogic PythonAPI. The
PythonAPI has functions for accessing statistical data and connection logging, and for adapting the output. You can
create scripts for retrieving statistical data, or programs to integrate PacketLogic with other systems. For more information,
see http://python.proceranetworks.com.
SNMP
PacketLogic supports monitoring through the Simple Network Management Protocol (SNMP). For more information about
monitoring, see Section 6.8, “Monitoring PacketLogic”.
4
2. Introduction
See also
• Section 4.1, “PacketLogic Client”
• Chapter 3, PacketLogic Client user interface
• Section 4.2, “CLI”
• PacketLogic CLI Reference Guide
• Section 4.3, “SQL”
• Section 6.8, “Monitoring PacketLogic”
2.4. Glossary
Some components and concepts have many names to them. These are good to be familiar with, since they can be used
interchangeably depending on context.
Connection or flow
PacketLogic defines a connection as a flow of packets between two hosts, using a protocol. The connection is identified
by its 5-tuple consisting of client IP address, client port, IP protocol, server IP address, and server port.
Engine
The core software component performing traffic analysis, shaping, filtering and all other measures in the packet path. For
more information, see Section 6.2.1, “Engine”
Distribution
Specifies the structure of the stored value paths in statistics. Value paths will be stored for each level in the distribution.
For more information, see Section 7.2, “Distribution tree structure”.
Dynamic item
When the dynamic prefix (or dynprefix for short) is inserted under a NetObject it becomes a dynamic item (or dynitem
for short). See Dynamic prefix below. The unique key to any dynamic item is (netobjectid, ip-prefix). A NetObject item
inserted dynamically using the PacketLogic Python API. This allows changing NetObjects without resource transactions,
allowing a high rate of operations.
Dynamic prefix
Replacing dynamic item, dynamic IP, and dynitem as terminology. The basic idea was to be able to add IPs dynamically
under any NetObject. This is still the basic thought but today we add IP-Prefixes instead of IPs. Hence the proper name
is a dynamic prefix, not dynamic IP.
Named dynamic item

Also referred to as subscriber. A "virtual" NetObject, containing dynamic items. This allows using dynamic items in
integration schemes in large-scale deployments with a consistent name for a subscriber even though the actual IP address
changes.
Ruleset
The traffic management policies used to manage the traffic flow through a network.
Subscriber
Also referred to as named dynamic item above. For more information, see Section 2.2, “PSM components” in
PacketLogic Subscriber Manager Product Guide.
5
2. Introduction
MiB, GiB, TiB (mebibyte, gibibyte, and tebibyte)

2 20
Units used for size. These are standards-based binary multiples of bytes. A mebibyte is 1024 (or 2 ) bytes, a gibibyte
3
is 1024 bytes, and so on.
Value path
Statistics data in PacketLogic is composed of value paths. A value path consists of a set of counters with an associated
search path and optional graph data. For more information, see Section 7.5, “Value paths”.
Value type
The type of a statistics value path. Specifies if a value path is, for example, a service, a ServiceObject, a NetObject, or
an AS path. For more information, see Section 7.5.2, “Value types”.
See also
• Section 6.2.1, “Engine”
• Section 7.5, “Value paths”
• Section 7.5.2, “Value types”
6
3. PacketLogic Client user interface
3.1. PacketLogic Client window
3.2. System Manager window
3.3. Statistics view
3.4. File menu
3.5. Edit menu
3.6. View menu
3.7. Tools menu
3.8. Bookmarks menu
3.9. Help menu
3.10. Objects & Rules Editor window
3.11. NetObjects configuration pane
3.12. ServiceObjects configuration pane
3.13. StatisticsObjects configuration pane
3.14. IPFIXObjects configuration pane
3.15. Conditions configuration pane
3.16. Statistics rules configuration pane
3.17. Channel Editor window
3.18. User Editor window
3.19. Log Level Editor window
3.20. Host Trigger Editor window
3.21. Connection Protection Trigger Editor window
3.22. System Configuration Editor window
3.23. Preferences window
3.24. Backup Manager window
3.25. Resource Manager window
3.26. File Manager window
3.27. Log Viewer window
3.28. Connection Search window
3.29. Command-line mode
This chapter describes the PacketLogic Client user interface. Use the client to configure and monitor PIC and to view statistics.
Note
This section contains information about the parts of the PacketLogic Client interface that relate to PIC. For
more information about views and configuration panes that are not included here, see the PacketLogic Real-
Time Enforcement Product Guide.
See also
• Section 2.3, “Interfaces overview”
7
3.1. PacketLogic Client window

Use PacketLogic Client to configure and monitor PacketLogic and to view statistics.
Interface element Description
1 Main toolbar
Contains tools for managing the system.
2 Navigation pane
Displays the tree structure for navigating the PacketLogic system.
3 Work area
Displays the configuration options for the objects selected in the navigation pane.
4 Status bar
Displays the following information about the PacketLogic system:
• Version: The currently running PacketLogic firmware version.
Pointing to Version displays a tool tip with the firmware version and the version of the
currently loaded Application Recognition Module (ARM) for service definitions in DRDL.
Double-clicking opens a window with details about the currently loaded ARM.
• System ID: The unique system identifier for the PacketLogic system.
8

• System: The IP address on the administration interface of the PacketLogic system.
• Username: The user that is logged on to PacketLogic.
• Time: The current time and date on the PacketLogic system. The value is N/A until
LiveView has been opened.
5 Views
Tabs for navigating the PacketLogic views.
• System Overview: For more information, see Section 5.3, “System Overview” in
PacketLogic Real-Time Enforcement product guide.
• LiveView: For more information, see Section 5.4, “LiveView” in PacketLogic Real-Time
Enforcement product guide.
• System Diagnostics view: For more information, see Section 5.5, “System
Diagnostics view” in PacketLogic Real-Time Enforcement product guide.
• Statistics view: For more information, see Section 3.3, “Statistics view”.
System Manager
Opens the System Manager window. For more information, see Section 3.2, “System
Manager window”.
Objects & Rules Editor
Opens the Objects & Rules Editor window in the Open Without Stealing Resource mode.
Click and hold displays the following opening options:
• Open Without Stealing Resource
• Steal Resource And Open
• Open Read Only
For more information, see Section 3.10, “Objects & Rules Editor window”.
User Editor
Opens the User Editor window. For more information, see Section 3.18, “User Editor
window”.
Host Trigger Editor
Opens the Host Trigger Editor window. For more information, see Section 3.20, “Host
Trigger Editor window”.
Connection Protection Trigger Editor
Opens the Connection Protection Trigger Editor window. For more information, see Section
3.21, “Connection Protection Trigger Editor window”.
Backup Manager
9

Opens the Backup Manager window. For more information, see Section 3.24, “Backup
Manager window”.
File Manager
Opens the File Manager window. For more information, see Section 3.26, “File Manager
window”.
Log Viewer
Opens the Log Viewer window. For more information, see Section 3.27, “Log Viewer
window”.
Connection Search
Opens the Connection Search window. For more information, see Section 3.28,
“Connection Search window”.
Pause
This option is only available in LiveView. Stops updating the real-time information in LiveView.
Real-time information is active by default.
Start
This option is only available in LiveView when you have clicked Pause. Starts updating the real-
time information in LiveView.
10
See also
• Appendix D, Keyboard shortcuts
• Section 3.2, “System Manager window”
• Section 3.10, “Objects & Rules Editor window”
• Section 3.18, “User Editor window”
• Section 3.20, “Host Trigger Editor window”
• Section 3.21, “Connection Protection Trigger Editor window”
• Section 3.24, “Backup Manager window”
• Section 3.26, “File Manager window”
• Section 3.27, “Log Viewer window”
• Section 3.28, “Connection Search window”
• Section 5.3, “System Overview” in PacketLogic Real-Time Enforcement product guide
• Section 5.4, “LiveView” in PacketLogic Real-Time Enforcement product guide
• Section 5.5, “System Diagnostics view” in PacketLogic Real-Time Enforcement product guide
• Section 3.3, “Statistics view”
11
3.2. System Manager window

You use the System Manager window to connect to one or more PacketLogic systems.
Open the System Manager and click Quick Connect to open a connection to a single system in a separate window. To combine
and aggregate information from multiple PacketLogic systems (or multiple LVAs in PL15000 platforms) in a single Client window,
include the system address of each system into the Synced systems list under Advanced options. See also Section 5.4.2.7,
“Synced Systems” in PacketLogic Real-Time Enforcement product guide.
1 Navigation pane
The navigation pane contains a tree structure with folders and PacketLogic systems.
New Folder Adds a new folder.
New System Adds a new system.
Name The name of the PacketLogic system.
Address The IP address of the PacketLogic system.
Username The name of the user connecting to the system.
Password The password of the user.
Default view The view to open on initial connection.
12
Automatically connect to Connects directly to a specific system when you start PacketLogic Client instead of opening
this system on startup the System Manager window.
Advanced options Expands Advanced options to show additional configuration options.
Use compression Uses compression for the communication between the PacketLogic system and PacketLogic
Client.
Note
Using compression reduces the bandwidth used, but it may increase the CPU load on the
PacketLogic system in order to perform the compression.
Use different password for Allows PacketLogic Client to send one password to log on to the database and another
LiveView login password to log on to the PacketLogic Daemon (PLD) and LiveView. This can be useful in
deployments with external authentication mechanisms.
For more information about PacketLogic Daemon, see Section 6.2.3, “PacketLogic Daemon
(PLD)”.
Use proxy if available Allows PacketLogic Client to connect through a SOCKS5 proxy.
This option is only available if you have configured a proxy in the in the Preferences window.
For more information, see Section 3.23, “Preferences window”.
Synced systems Adds PacketLogic systems to the Synced systems list to combine and aggregate information
from multiple PacketLogic systems—or from multiple LVA modules in PL15000 platforms. The
list contains IP addresses to PacketLogic systems that are configured in the System Manager
window.
If systems are added in the Synced systems list, PacketLogic Client connects to each system
(or LVA in PL15000 platforms) in the list simultaneously, and combines the relevant information
into a single view.
• Information from Local Hosts, ServiceObjects, Services, and any other custom view is
aggregated from all synced systems into a single LiveView.
• Information about resources and configuration is only shown for the current system.
If the Synced systems list is left empty, the client connects solely to the system address
defined in the main dialog.
Synced systems must have the same logon account and must have the same objects and
rules defined. This is intended for systems that are proxied to the same proxy host.
For more information, see Section 5.4.2.7, “Synced Systems” in PacketLogic Real-Time
Opens a dialog to enter the IP address of a PacketLogic system to be added to the Synced
Add system systems list.
Removes the selected system from the Synced systems list.

Remove system
Edits the IP address of the selected system in the Synced systems list.
Edit system
13
Quick Connect Opens a Quick Connect dialog to connect to a PacketLogic system.
Settings Opens the Preferences window. For more information, see Section 3.23, “Preferences
window”.
Save Saves the configuration.
Close Closes the System Manager window.
Connect Connects to the PacketLogic system.
See also
• Section 6.2.3, “PacketLogic Daemon (PLD)”
• Section 3.23, “Preferences window”
• Section 5.4.2.7, “Synced Systems” in PacketLogic Real-Time Enforcement product guide
• Section 3.2.1, “System Manager context menu”
3.2.1. System Manager context menu

Folders and systems have a context-sensitive menu with the following options:
Menu item Description
New System Adds a new system to the folder.
New Folder Adds a new subfolder to the folder.
Rename Renames the folder or system.
Delete Removes the folder or system.
Import Systems Imports a list of systems.
Export All Systems Exports a list of all systems to a file.
See also
14
3.3. Statistics view

Use Statistics view to view data in the PacketLogic statistics file system.
1 Tabs
• Navigation tab: This tab has options for which data to display in a view. For more
information, see Section 3.3.1, “Navigation tab”.
• Bookmarks tab: This tab has options for creating bookmarks for views. For more
information, see Section 3.3.2, “Bookmarks tab”.
• Graphs tab: This tab has options for selecting which objects to display in the chart. For
more information, see Section 3.3.3, “Graphs tab”.
2 Hyperlink
Blue text is a hyperlink to another view. Clicking the text opens the view. Right-clicking the text
opens the view in a new tab.
3 Address bar
A link location with the chart type and the embedded value path for the view. The value type
is referred to as splittype.
4 Workspace
This area shows a chart of the statistics distribution according to the settings in the Navigation
tab and the selected chart type.
15
Back
Goes to the previous view. Clicking the small black arrow displays a list of views.
Forward
Goes to the next view. Clicking the small black arrow displays a list of views.
Up
Goes up one level in the distribution.
Reload
Reloads the displayed data.
Home
Goes to the root level of the distribution, shown as a bar chart of all configured
StatisticsObjects.
Chart Type
• Bar Chart: This chart type shows the accumulated total of the value as a list of items.
• Pie Chart: This chart type shows the ratio between items for the accumulated total. Both
the value and the percentage of each item are displayed.
• Percent Bar Chart: This chart type shows the accumulated total of the value as a
segmented bar chart with the ratio for each item as a percentage.
• Line Chart: This chart type shows the variation in the value over time.
• Stacked Area Chart: This chart type shows the variation in the value over time
Add new tab
Opens a new tab.
See also
• Section 3.3.1, “Navigation tab”
• Section 3.3.2, “Bookmarks tab”
• Section 3.8, “Bookmarks menu”
• Section 3.3.3, “Graphs tab”
3.3.1. Navigation tab

Use the Navigation tab to select which data to display in a view and to navigate and view the stored statistics.
16
Interval A time interval for which to display statistics and a date in the calendar. Clicking the blue arrows
goes back or forward one time interval. Right-clicking the calendar goes to the current date.
Sort by Defines a value to sort items by in the chart and if the sort order is ascending or descending.
Max results The maximum number of items to display.
Include <Others> This option is only available for bar charts. Shows an item named <Others> with the
accumulated value of all items that are excluded by the Max results option.
Show duration for matches This option is only available for bar charts. Shows a bar chart that lists the duration for which
the values have been within set limits during the interval.
Calculate average per Shows a graph with values that are averaged per subscriber. NetObjects with the attribute
subscriber Statistics - Count as subscriber selected define what constitutes a subscriber in this context.
For more information, see Section 5.5.4, “Attributes”.
Apply Applies the Interval, Sort by, and Max results settings.
Distribution Defines which distribution to show in the workspace.
If the system configuration values PLS_CHANNELSTATS_ENABLED and

PLS_SHAPINGOBJECTSTATS_ENABLED in the Statistics folder are set to True, the
Distribution list includes Channel Statistics and ShapingObject Statistics, respectively.
These distributions show the same data as in LiveView.
17
Data type Defines which type of data to show in the chart. The available types depend on the Fields
configuration in the StatisticsObject.
If Distribution is set to Channel Statistics or ShapingObject Statistics, the same data types
as in LiveView are available.
Selecting Packets in the Data type list, displays Quality of Experience (QoE) data.
Values Defines which values to show in the chart. Clicking the arrow displays limiting options, which
are editable on double-click.
Show 95th percentile This option is only available for line charts. Adds a horizontal line to the graph, at the value of
the 95th percentile. The values are based on the incoming bps and outgoing bps values. If
both these values are included in the chart, the highest of the two percentile values is shown.
See also
• Section 5.5.4, “Attributes”
• Section 3.13, “StatisticsObjects configuration pane”
• Section 7.1, “StatisticsObject”
• Section 8.6, “Duration for limits”
• Section 8.5, “Peak analysis”
3.3.2. Bookmarks tab

Use the Bookmarks tab to create and view local and remote bookmarks. The bookmarks are also available from the Bookmarks
menu.
Bookmark folders The Local Bookmarks folder contains locally stored bookmarks and the Remote Bookmarks
folder contains remotely stored bookmarks.
18
Add
Adds a bookmark or folder. The following options are available:
• Add Bookmark: Opens the Add bookmark dialog to create a new bookmark.
• New Folder: Creates a new empty folder.
• Add all Tabs as Bookmark Folder: Opens the Add bookmark dialog to create a new
folder with all currently open tabs as bookmarks.
Delete
Deletes the selected bookmark or a folder.
See also
• Section 3.3.2.1, “Bookmarks tab context menu”
• Section 3.3.2.2, “Add Bookmark dialog”
• Section 3.8, “Bookmarks menu”
3.3.2.1. Bookmarks tab context menu

Folders and bookmarks have a context-sensitive menu with the following options:
Add Bookmark Opens the Add bookmark dialog.
Copy Copies the bookmark or folder to paste it in another folder.
Cut Cuts the bookmark or folder to paste it in another folder.
Delete Deletes the bookmark or folder.
Export Bookmarks Exports the bookmarks in the folder to a file in PacketLogic Bookmarks (.pbx) format. See
Section 8.4.3, “Bookmarks” for more information about the file format.
Export Data On a bookmark:
Exports all or a range of pages as a .pdf or .csv file with the statistics view defined in the
bookmark. If more than one bookmark is exported, the settings are applied to each bookmark.
On a folder:
Exports all the statistics views defined as bookmarks in the folder in .pdf or .csv format. All
bookmarks can be exported in a single file or in a folder with one file for each bookmark.
Import Bookmarks Imports a file of exported bookmarks in PacketLogic Bookmarks (.pbx) format. See Section
8.4.3, “Bookmarks” for more information about the file format.
19
New Folder Creates a new folder in the current folder.
Open Opens the bookmark in the currently active tab.
Open Folder in Tabs Opens all the bookmarks in the folder in one tab each.
Open in New Tab Opens the bookmark in a new tab.
Paste Pastes a bookmark or folder in the current folder.
Properties Opens the Add Bookmark dialog to edit the bookmark properties.
Rename Renames the bookmark or folder.
See also
• Section 3.3.2.2, “Add Bookmark dialog”
3.3.2.2. Add Bookmark dialog

Use the Add Bookmark dialog to create or edit a bookmark.
Name The name of the bookmark.
Location The path to a statistics view as seen in the address bar.
Interval The time interval.
• A fixed time period or an interval relative to the current date, Current or Last.
• The interval length. It can be Day, Week, Month, Quarter, HalfYear, Year, or Custom.
For Custom, the time interval can be defined in seconds.
Start date The start date of a fixed time interval.
Maximum number of values The maximum number of items to display.
See also
3.3.3. Graphs tab

Use the Graphs tab to select which objects to display in line charts and stacked area charts.
20
Graphs Defines which objects to display in the chart.
Maximum Y value Limits the view of the graph on the value (y) axis.
Use usage analysis data Displays averages based on usage analysis. For more information, see Section 7.10,
“Averages based on usage analysis”.
See also
• Section 7.10, “Averages based on usage analysis”
21
3.4. File menu

The File menu has the following options:
System Manager Opens the System Manager window. For more information , see Section 3.2, “System
Manager window”.
Quick Connect Opens a Quick Connect dialog to connect to a PacketLogic system.
Reconnect Opens a new PacketLogic Client connection to the current PacketLogic system.
Check for updates Checks the Sandvine server for a more current version of PacketLogic Client.
Close Window Closes the current PacketLogic Client. If multiple clients are open, the remaining clients are
unaffected. If no other clients are open, the client quits.
Quit Closes all PacketLogic Clients.
Note
In the Mac OS X client, this option is located on the PacketLogic Client menu.
See also
22
3.5. Edit menu

The Edit menu has the following options:
Objects & Rules Opens the Objects & Rules Editor window in one of the following modes:
• Open Without Stealing Resource: Opens the editor without locking the resource for
exclusive use.
• Steal Resource And Open: Applies an exclusive lock on the resource before opening
the editor.
• Open Read Only: Opens the editor in read-only mode
For more information, see Section 3.10, “Objects & Rules Editor window” and Section
4.1.4, “Objects & Rules Editor opening modes”.
Channels Opens the Channel Editor window. For more information, see Section 3.17, “Channel Editor
window”.
Users Opens the User Editor window. For more information, see Section 3.18, “User Editor
window”.
Log Levels Opens the Log Level Editor window. For more information, see Section 3.19, “Log Level
Editor window”.
Host Triggers Opens the Host Trigger Editor window. For more information, see Section 3.20, “Host
Trigger Editor window”.
Connection Protection Opens the Connection Protection Trigger Editor window. For more information, see Section
Triggers 3.21, “Connection Protection Trigger Editor window”.
System Configuration Opens the System Configuration Editor window. For more information, see Section 3.22,
“System Configuration Editor window”.
Preferences Opens the Preferences window. For more information, see Section 3.23, “Preferences
window”.
Note
In the Mac OS X client, this option is located on the PacketLogic Client menu.
23
See also
• Section 3.17, “Channel Editor window”
• Section 3.19, “Log Level Editor window”
• Section 3.21, “Connection Protection Trigger Editor window”
• Section 3.22, “System Configuration Editor window”
24
3.6. View menu

The View menu has different options depending on which view you have open.
Add Guide Line Adds a horizontal guide line to the chart at a configurable y-axis value.
Back Goes to the previous view.
Bar Chart Displays the view as a bar chart.
Close Tab Closes the current tab. This option is not available if there is only one tab.
Find Shows a search box to search for a string in the current view.
Forward Goes to the next view.
Full Screen Mode Shows the current chart in full-screen mode. Pressing Esc exits full-screen mode.
Home Goes to the root level of the distribution, which shows as a bar chart of all configured
StatisticsObjects.
Line Chart Displays the current view as a line chart.
Main Toolbar Shows/Hides the Main Toolbar. For more information, see Section 3.1, “PacketLogic Client
window”.
Manage Compare URLs In line charts, compares added URLs in the same graph. The URLs must have the same
splittype.
New Tab Opens a new tab.
Next Date Interval Goes forward one time interval.
Percent Bar Chart Displays the view as a percent bar chart.
Pie Chart Displays the view as a pie chart.
Previous Date Interval Goes back one time interval.
Reload Reloads the displayed data.
Remove Guide Lines Removes a horizontal guide line.
Show Location Bar Shows/Hides the address bar.
Show Page Navigation Bar Shows/Hides the page navigation bar.
Show Trend Lines in Line In line charts, shows calculated trend lines.
Chart
Stacked Area Chart Displays the current view as a stacked area chart.
Up Goes up one level in the distribution.
25
See also
• Section 3.1, “PacketLogic Client window”
26
3.7. Tools menu

The Tools menu has the following options:
Backup Manager Opens the Backup Manager window to create and restore client side backups. For more
information, see Section 3.24, “Backup Manager window”.
Resource Manager Opens the Resource Manager window to configure resource proxy. For more information,
see Section 3.25, “Resource Manager window”.
File Manager Opens the File Manager window to access files in the database. For more information, see
Section 3.26, “File Manager window”.
Log Viewer Opens the Log Viewer window to display configured logs. For more information, see Section
3.27, “Log Viewer window”.
Connection Search Opens the Connection Search window to search for current and ended connections. For
more information, see Section 3.28, “Connection Search window”.
Commit Log Opens the Commit Log window to view the log to which records are written when you save
changes made to a resource.
Note
The commit log is not an authoritative record of past actions in the system, since any user
can clear it. For a more reliable record, write the syslog to a remote server and use the audit
log levels.
Dynamic Items Editor Opens the Dynamic Items Editor window to view or remove configured dynamic items.
VBS Viewer Opens the VBS Viewer window to view or reset data for VBS objects.
DRDL Revision Info Opens the DRDL Revision Info dialog to view a log of all configuration changes made to
DRDL.
See also
• Section 3.24, “Backup Manager window”
• Section 3.25, “Resource Manager window”
27
3.8. Bookmarks menu

The Bookmarks menu is only available in Statistics view. The following options are available:
Add Bookmark Opens the Add bookmark dialog to create a new bookmark in the Local Bookmarks folder.
Add all Tabs as Bookmark Opens the Add bookmark dialog to create a new folder in the Local Bookmarks folder with
Folder all currently open tabs as bookmarks.
Local Bookmarks Opens a locally stored bookmark.
Remote Bookmarks Opens a remotely stored bookmark.
See also
28
3.9. Help menu

The Help menu has the following options:
About Information about the PacketLogic Client software, including build date and protocol version.
Note
In the Mac OS X client, this information is located on the PacketLogic Client menu.
System Information Information about the PacketLogic system to which PacketLogic Client is connected. The
following information is provided:
• The host address.
• The logged on user.
• The running PacketLogic version.
• The system ID.
Request Support Opens a web browser to submit a support request to the Sandvine technical support.
Interactive Support Opens an Internet Relay Chat (IRC) conversation with the Sandvine technical support.
To use the interactive support function, enter a nick name and click Connect. In the IRC
window, type text in the field at the bottom and click Enter to submit the question.
See also
29
3.10. Objects & Rules Editor window

Use the Objects & Rules Editor window to view, create, and maintain the ruleset for traffic management.
3.10.1. Objects & Rules Editor window overview
1 Navigation pane
The navigation pane contains a tree structure with folders for different types of objects and
rules. For more information about the available objects and rules, see Section 5.5.3, “Object
types for traffic categorization”.
2 Workspace
The workspace contains specific configuration options for the selected object, item, or rule.
For more information, see the sections describing each type of object or rule.
New
Creates a new item or object. This option applies to the currently selected level in the object
hierarchy.
Save
Saves the current ruleset.
Cut
30

Cuts the selected item or object.
Copy
Copies the selected item or object.
Paste
Pastes an item or object.
Move rule up
This option is only available when viewing the Filtering rules folder is selected. Moves the
selected filtering rule up in the ruleset.
Move Rule down
This option is only available when viewing the Filtering rules folder is selected. Moves the
selected filtering rule down in the ruleset.
New
hierarchy.
Remove
Removes the selected item or object.
See also
• Section 3.10.2, “Objects & Rules Editor File menu”
• Section 3.10.3, “Objects & Rules Editor Edit menu”
• Section 5.5.3, “Object types for traffic categorization”
• Section 7.12, “Statistics ruleset templates”
3.10.2. Objects & Rules Editor File menu

The File menu has the following options (some of the options are not available in read-only mode):
New Creates a new item or object. This option applies to the currently selected level in the object
hierarchy.
Verify Compiles the current ruleset.
Save Saves the current ruleset.
Roll Back Changes Reverts all changes made in the Objects & Rules Editor since the last time it was saved.
31
Steal Resource Applies an exclusive lock on the Rules & Objects Configuration resource to prevent any other
sessions from saving changes to it.
Note
This option requires read and write permissions on the Resource and Rules & Objects
Configuration resources.
Import Template Imports an XML template with object and rule definitions to the ruleset. When a ruleset is
imported, all definitions in the XML file are added to the current ruleset. Saving the ruleset
activates the changes.
The following options are available:
• Local: Imports a locally stored template.
• Stock: Imports a predefined statistics ruleset templates. For more information, see
Section 7.12, “Statistics ruleset templates”.
Export Template Exports the selected objects and rules to an XML file, which can be imported to PacketLogic
Client.
Save & Close Saves the current ruleset and closes the Objects & Rules Editor window.
Close Closes the Objects & Rules Editor window without saving any changes.
See also
• Section 3.10.1, “Objects & Rules Editor window overview”
3.10.3. Objects & Rules Editor Edit menu

The Edit menu is not available in read-only mode. The following options are available:
Cut Cuts the selected item or object.
Copy Copies the selected item or object.
Paste Pastes an item or object.
See also
• Section 3.10.1, “Objects & Rules Editor window overview”
32
3.11. NetObjects configuration pane

Use the NetObjects configuration pane to configure NetObjects.
1 NetObjects folder
This folder contains all configured NetObjects.
The icon representing the NetObject in the navigation pane has an eye if the NetObject
is visible.
Object name The name of the NetObject.
Object visible Displays the NetObject under Local Hosts in Live View.
Name/Value The objects and items in the NetObject.
New
hierarchy.
Remove
Comment Adds additional information about the object.
Expand a NetObject and select an item in the navigation pane to show the definition of the item. For details, see Section 5.5.3,
“Object types for traffic categorization”.
33
Protocol The IP protocol.
Address A single IP address.
Range A set of IP addresses entered as the starting and an ending IP addresses of a range.
Network A network entered as prefix and netmask of the network.
The network can also be written as prefix length, which will be translated into a netmask. For
example, 24 is translated into 255.255.255.0.
See also
• Section 5.5.4, “Attributes”
• Section 3.11.1, “NetObjects context menu”
3.11.1. NetObjects context menu

Right-click a NetObject to open a context-sensitive menu with the following options:
New Creates a new item or object.
Cut Cuts the selected object.
Copy Copies the selected object.
Paste Pastes an item or object.
Rename Renames the object.
Delete Deletes the object.
Visible Makes the NetObject visible under Local Hosts in Live View.
Link Speed Opens the Link Speed dialog to define incoming and outgoing link speed. These values are
used to show horizontal lines indicating the link speed in line charts and stacked area charts
for the NetObject in Statistics view.
34
Attribute Editor Opens the Attribute Editor dialog to set attributes on the object. For more information about
attributes, see Section 5.5.4, “Attributes”.
Properties Shows the object properties.
See also
• Section 3.11, “NetObjects configuration pane”
35
3.12. ServiceObjects configuration pane

Use the ServiceObjects configuration pane to configure ServiceObjects.
1 ServiceObjects folder
This folder contains all configured ServiceObjects.
Object name The name of the ServiceObject.
Name/Value The objects and items in the ServiceObject.
New
hierarchy.
Remove
Expand a ServiceObject and select an item in the navigation pane to show the services. For details, see Section 5.5.3, “Object
types for traffic categorization”.
36
Available Shows services available for adding to the ServiceObject.
Selected Shows services selected for including in the ServiceObject.
Adds or removes a service from the ServiceObject.
See also
37
3.13. StatisticsObjects configuration pane

Use the StatisticsObjects configuration pane to configure StatisticsObjects.
1 Tabs
The following tabs are available:
• Fields: Specifies which metric values to store as statistics. For more information, see
Section 3.13.1, “Fields tab”.
• Distribution: Specifies how the statistical data is organized. For more information, see
Section 3.13.4, “Aggregation tab”.
• Limits: Specifies how much data a value must accumulate to be included in statistics.
For more information, see Section 3.13.2, “Distribution tab”.
• Aggregation: Specifies whether to store data on an aggregation system. For more

information, see Section 3.13.4, “Aggregation tab”.
2 StatisticsObjects folder
This folder contains all configured StatisticsObjects.
Object name The name of the StatisticsObject.
38
See also
• Section 3.13.1, “Fields tab”
• Section 3.13.4, “Aggregation tab”
• Section 3.13.2, “Distribution tab”
• Section 3.13.4, “Aggregation tab”
• Section 3.16, “Statistics rules configuration pane”
3.13.1. Fields tab

Use the Fields tab to specify which values of a connection to store as statistics.
Field The Field column lists the available values of a connection that you can store as statistics.
For more information about total fields and graph fields, see Section 7.5.1, “Fields”. The
name in the Field column is the same as the total field name.
Incoming Bytes and Metrics for incoming bytes and outgoing bytes will always be stored as long as any other field
Outgoing Bytes fields is selected, whether the check boxes for Incoming Bytes and Outgoing Bytes are selected
39

or not. Daily Sum and Graph Points are handled separately. Thus, if any check boxes are
selected in the Daily Sum column only, the accumulated total of incoming and outgoing bytes
will be collected, but not the graph data for incoming and outgoing bytes, and vice versa.
Daily Sum Stores accumulated metrics, that is, how much has been accumulated until now.
Graph Points Stores graph point metrics, that is, samples that show how the metric has varied over time.
Note
Graph point values consume considerable resources compared to daily sum values. Ensure
that Graph Point check boxes are selected only where needed.
Sub-Item Count field Collects sub-item count statistics for every level in the StatisticsObject distribution. Only the
number of sub-items on the next level will be counted.
Quality fields Stores raw Quality of Experience (QoE) data automatically. For more information about the
PacketLogic quality measurement, see Section 5.4.1, “Connection quality measurement”.
QoE data is shown in Statistics view when selecting Packets in the Data type list. For more
information, see Section 3.3, “Statistics view”.
The following QoE fields (with the corresponding quality fields) are available:
• Incoming Packet Drops (Incoming Quality (External))
• Outgoing Packet Drops (Outgoing Quality (Internal))
• Incoming Packet Retransmissions (Incoming Quality (Internal))
• Outgoing Packet Retransmissions (Outgoing Quality (External))
See also
• Section 7.5.1, “Fields”
• Section 5.4.1, “Connection quality measurement”
3.13.2. Distribution tab

Use the Distribution tab to configure a tree structure—a distribution—for how to store statistics. You define by which criteria to
organize the statistics data, and how it can be browsed in Statistics view.
40
Distribution The distribution consists of value types on different levels.
Depth The Depth option is available for some value types. For more information, see Section 7.5.2,
“Value types”.
Graph Points The Graph Points list has the following options:
• None: Graph data is not collected.
• Normal: Graph data is collected for the fields that have Graph Points selected in the
Fields tab.
• Usage analysis: Calculates averages based on usage analysis. For more information,
see Section 7.10, “Averages based on usage analysis”.
Graph point values consume considerable resources compared to daily sum values. Use them
only where needed.
Priority The priority defines the granularity with which data is stored for the distribution level. The
available options are:
• Normal: Values are updated if the transferred data exceeds the threshold set by
the system configuration values PLS_CONN_THRESHOLD_IN (for inbound traffic) and
PLS_CONN_THRESHOLD_OUT (for outbound traffic). To avoid value cache exhaustion,
values with normal priority are not created when the value cache usage on PIC exceeds
PLS_PRIORITY_THRESHOLD value.
• High: Values with high priority are always updated. The values are never filtered based on
storage thresholds. The root level of a StatisticsObject distribution has always high priority.
Column Name This option is available for the Session Context Column and Remote GeoIP value types.
Selecting Exclude in the list excludes the column name from the distribution.
41

For more information about Session Context data, see Section 7.7, “Session Context in
statistics”.
Link/Root/Property The Link/Root/Property option is available for some value types. A link, a root object, or a
property, depending on the value type. For more information, see Section 7.5.2, “Value
types”.
Add
Adds a new level with a value type in the distribution. This option applies to the currently
selected level in the distribution.
The available value types are described in Section 7.5.2, “Value types”.
Remove
Removes the selected level from the distribution.
See also
• Appendix B, System Configuration Values
• Section 7.7, “Session Context in statistics”
3.13.3. Limits tab

Use the Limits tab to define how much data a value must accumulate to be included in statistics.
Minimum incoming bytes The minimum level for incoming traffic.
Minimum outgoing bytes The minimum level for outgoing traffic.
42
See also
3.13.4. Aggregation tab

Use the Aggregation tab to enable aggregation of statistics.
Aggregate this object to the Stores the data of the StatisticsObject on the aggregation system. For more information, see
aggregation server Section 7.11, “Aggregation”.
See also
• Section 7.11, “Aggregation”
43
3.14. IPFIXObjects configuration pane

Use the IPFIXObjects configuration pane to configure IPFIXObjects.
1 Tabs
• Template: This tab specifies which IPFIX fields to export in the IPFIX records and in which
format. For more information, see Section 3.14.1, “Template tab”.
• Collectors: This tab is used to add IPFIX collectors. For more information, see Section
3.14.2, “Collectors tab”.
2 IPFIXObjects folder
This folder contains all configured IPFIXObjects.
Object name The name of the IPFIXObject.
44
See also
• Section 10.2, “IPFIXObject”
• Section 3.14.1, “Template tab”
• Section 3.14.2, “Collectors tab”
3.14.1. Template tab

Use the Template tab to configure an IPFIX template.
Available Fields Shows fields available for adding to the template.
Field Shows fields selected for export in IPFIX records.
Value The Value option is available for some fields that require additional specifications. For more
information, see Section 10.2.1, “Template”.
Depth The Depth option is available for some fields that require additional specifications. For more
Adds or removes a field from the template.
45
Moves a field up or down.
See also
• Section 3.14, “IPFIXObjects configuration pane”
• Section 10.2.1, “Template”
3.14.2. Collectors tab

Use the Collectors tab to add IPFIX collectors.
Address The IPv4 address of the collector.
Port The port number of the collector.
Add collector
Adds a new collector and opens a dialog to enter address and port of the collector.
Remove collector
Removes the selected collector.
46
See also
• Section 3.14, “IPFIXObjects configuration pane”
• Section 10.2.2, “Collector”
47
3.15. Conditions configuration pane

Use the Conditions configuration pane to view all available conditions. It is possible to create new conditions here, but you
normally create them in the configuration pane of a rule. For more information about conditions, see Section 6.6.2.1, “Use
conditions to create rules” in PacketLogic Real-Time Enforcement product guide.
1 Conditions folder
This folder contains all configured conditions.
Conditions This list shows conditions and objects.
New
Creates a new condition or object. This option applies to the currently selected level in the
condition hierarchy.
Remove
Removes the selected condition or object.
See also
• Section 5.1.1, “Creating a condition”
• Section 6.6.2.1, “Use conditions to create rules” in PacketLogic Real-Time Enforcement product guide
• Section 6.6.2.1.7, “Object types and their characteristics” in PacketLogic Real-Time Enforcement product guide
48
3.16. Statistics rules configuration pane

Use the Statistics rules configuration pane to configure statistics rules and to link StatisticsObjects and IPFIXObjects to the rule.
1 Statistics rules folder
This folder contains all configured statistics rules.
Rule name The name of the statistics rule.
Rule enabled Activates the rule.
Clicking the Statistics rules folder in the navigation pane shows check boxes for all statistics
rules.
Enable connection log Enables connection logging as part of this rule.
Enable Insights Traffic Exports data for traffic matching this rule to Insights Data Storage.
Perspective storage
Type This column shows a list of traffic identification objects that traffic must match in order to
match the rule. For more information how to set up conditions, see Section 3.15, “Conditions
configuration pane”.
The value in the column is either the condition operator or the object type.
Name/Object This column contains a name for a condition or an object for an object type.
New
Creates a new condition or object. This option applies to the currently selected level.
Remove
Removes the selected condition or object.
49
Comment Adds additional information about the rule.
StatisticsObject and IPFIXObjects are added to a rule in separate configuration panes. Selecting a StatisticsObject or
IPFIXObjects for a rule opens the configuration pane.
StatisticsObjects Opens a pane to configure a StatisticsObject linked to the rule.
IPFIXObjects Opens a pane to configure an IPFIXObject linked to the rule.
Available Shows objects available for linking to the statistics rule.
Selected Shows objects selected for linking to to the statistics rule.
Adds or removes a selected object from the Selected list.
See also
• Section 3.15, “Conditions configuration pane”
• Section 5.1, “Objects and rules in statistics”
50
3.17. Channel Editor window

Use the Channel Editor window to configure the channels in the system. There are three tabs for configuring physical channels,
divert labels, and monitor labels.
See also
• Section 3.17.1, “Physical Channels tab”
• Section 3.17.2, “Divert Labels tab”
• Section 3.17.3, “Monitor Labels tab”
3.17.1. Physical Channels tab

Use the Physical Channels tab to configure the interfaces in the channel pair. For more information, see Section 8.16,
“Configuring channel interface direction” in PacketLogic Real-Time Enforcement product guide.
ID The ID of the channel.
Label The channel label.
51
Location The location of the channel.
Internal Media The internal media.
External Media The external media.
Used for The intended use of the channel. These options are available:
• None: The channel is not used.
• Traffic: The channel is used for traffic inspection, management, and forwarding.
• Shunt: The channel shunts all traffic. For more information about shunting, see Section
7.2, “Shunting” in PacketLogic Real-Time Enforcement product guide.
Note
When you shunt traffic through a channel that is dedicated for shunting, any Shunt
options, Actions, or Port filtering configured, will not be processed.
• Divert: The channel is enabled for divert. To use it in a filtering rule, include it in a divert
label on the Divert Labels tab. For more information about divert, see Section 7.11,
“Advanced traffic steering” in PacketLogic Real-Time Enforcement product guide.
• Monitor: The channel is enabled for monitor. To use it in a filtering rule, include it in a
monitor label on the Monitor Labels tab. This uses both channel interfaces, one for each
direction of the traffic. For more information about monitor, see Section 7.10.4, “Monitor”
in PacketLogic Real-Time Enforcement product guide.
• FlowSync/Monitor: The internal interface of the channel is used for FlowSync. The
external interface of the channel is enabled for Monitor. To use it in a filtering rule, include
it in a monitor label on the Monitor Labels tab. This uses only one channel interface
for monitor, sending both directions of the monitored traffic on that interface. For more
information, see Section 6.5.2.1, “Flow synchronization” in PacketLogic Real-Time
Enforcement product guide and Section 7.10.4, “Monitor” in PacketLogic Real-Time
Direction The channel interface direction. For more information, see Section 8.16, “Configuring
channel interface direction” in PacketLogic Real-Time Enforcement product guide. These
options are available:
• Default: Keeps the default direction with Int being an internal interface and Ext an external
interface.
• Reverse: Swaps the directions to make the interface marked Int acts as an external
interface, and the interface marked Ext acts as an internal interface.
• Int/Int: Sets both interfaces to act as internal interfaces.
• Ext/Ext: Sets both interfaces to act as external interfaces.
Cancel Closes the window without saving any changes.
OK Saves the changes and closes the window.
52
See also
• Section 8.16, “Configuring channel interface direction” in PacketLogic Real-Time Enforcement product guide
• Section 7.2, “Shunting” in PacketLogic Real-Time Enforcement product guide
• Section 7.11, “Advanced traffic steering” in PacketLogic Real-Time Enforcement product guide
• Section 7.10.4, “Monitor” in PacketLogic Real-Time Enforcement product guide
3.17.2. Divert Labels tab

Use the Divert Labels tab to configure divert labels.
Label A list of added divert labels. Divert labels are used as targets for filtering rules with action Divert.
For details, see Section 7.11.2.3, “Divert labels” in PacketLogic Real-Time Enforcement
product guide.
Load balancing Defines how to load balance traffic over the entries in a divert label. The available options are:
• None: No load balancing is used.
53

• Hash Local Host: Selects the entry based on a hash of the local host IP address.
• Round-robin: Uses simple round robin among the available entries.
Channel The physical channel that is used.
VLAN The VLAN tag added to the traffic matched to this divert label.
Asymmetric Defines if the VLAN tag is to have different VLANs added depending on their direction.
Internal The IP configuration on the internal divert interface.
The subnet for the heartbeat address must be different from the external heartbeat subnet and
from any of the interface subnets.
External The IP configuration on the external divert interface.
The subnet for the heartbeat address must be different from the internal heartbeat subnet and
from any of the interface subnets.
Add
Adds a new label/channel.
Remove
Removes the selected label/channel.
OK Saves the changes and close the window.
See also
• Section 7.11.2.3, “Divert labels” in PacketLogic Real-Time Enforcement product guide
3.17.3. Monitor Labels tab

Use the Monitor Labels tab to configure monitor labels.
54
Label A list of added divert labels. Monitor labels are used as targets for filtering rules. For more
information, see Section 7.10.4.3, “Monitor label” in PacketLogic Real-Time Enforcement
product guide.
Load balancing Defines how to load balance traffic over the entries in a divert label. The available options are:
• None: No load balancing is used.
• Hash Local Host: Selects the entry based on a hash of the local host IP address.
• Round-robin: Uses simple round robin among the available entries.
Channel The physical channel that is used.
VLAN The VLAN tag added to traffic matched to this monitoring label.
Add
Adds a new label/channel.
Remove
Removes the selected label/channel.
OK Saves the changes and closes the window.
55
See also
• Section 7.10.4.3, “Monitor label” in PacketLogic Real-Time Enforcement product guide
56
3.18. User Editor window

Use the User Editor window to add users and configure access permissions.
1 Navigation pane
The navigation pane contains a list of all users.
Right-clicking a user opens a context-sensitive menu with the following options:
• Cut
• Copy
• Paste
• Paste Permissions
• Change Password
• Rename
• Delete User
2 Tabs
57

• Database Permissions: Database permissions for the user. For more information, see
Section 3.18.1, “Database Permissions tab”.
• LiveView Permissions: LiveView permissions for the user. For more information, see
Section 3.18.2, “LiveView Permissions tab”.
• Host Access List: IP addresses of hosts from which the user is allowed to connect to
PacketLogic. An empty list means that no access restriction is applied.
• Inactivity: Defines after how long time an inactive user is logged off PacketLogic Client.
• Public Keys: Public SSH keys of trusted users.
New User
Creates a new user.
Save
Saves the user configuration.
Cut
Cuts the selected user.
Copy
Copies the selected user.
Paste
Pastes a user.
See also
• Section 3.18.1, “Database Permissions tab”
• Section 3.18.2, “LiveView Permissions tab”
3.18.1. Database Permissions tab

Use the Database Permissions tab to control which configuration settings that are available to the user. Permission can have
the value None, Read Only, or Read & Write.
Name Description
Aggregation Permission to aggregate statistics.
Backups Permission to create (Read) and restore (Write) backups.
58
Name Description
Channel Management Permission to view (Read) and edit (Write) channel names and link modes.
CommitLog Permission to view (Read) and add to/clear (Write) the commit log
Connection Log Permission to store connection logs.
Connection Protection Permission view (Read) and manipulate (Write) connection protection triggers.
Triggers
Dynamic Ruleset Permission to view (Read) and manipulate (Write) the dynamic parts of the ruleset.
File Server Permission to list (Read) the files in the file manager, and to upload and change (Write) the files.
Host Triggers Permission to view (Read) and manipulate (Write) the host triggers.
Logs Permission to read (Read) logs and clear (Write) logs.
PLSCD (PacketLogic Permission regulating if a PLCOMMD client can connect to the PLCOMMD server (Write) or
Session Contexts Daemon) not (Read).
Resource Permission to modify properties in the Resource Manager window.
Rules & Object Permission to view (Read) and edit (Write) the objects and rules.
Configuration
StatReader Permission to view (Read) statistics.
StatWriter Permission to store (Write) statistics.
StatWriter Backup Permission to store (Write) statistics on the backup.
System Configuration Permission to view (Read) and edit (Write) system configuration values.
System Diagnostics Permission to view (Read) system diagnostics data and to change (Write) the alert limits.
System Overview Permission to view (Read) and manipulate (Write) System Overview.
User Management Permission to view (Read) and edit (Write) other users and their permissions.
See also
3.18.2. LiveView Permissions tab

Use the LiveView permissions tab to control which views the user has access to in PacketLogic Client. Permissions can be
enabled or disabled.
Name Description
Category details Permission to see category details.
Category view Permission to see the Category view.
Channel stats view Permission to see the Channel Statistics view.
59
Name Description
Connection detail Permission to see properties for connections.

properties
Connection details Permission to see information about an individual connection.
Dynamic Objects Permission for API connectivity to add, list, or remove dynamic objects.
Expanded NetObjects Permission to see IP addresses in Local hosts view.
Firewall log view Permission to see the Filtering Log view.
Firewall view Permission to see the Filtering Rules view.
Generic Surveillance Permission to use LiveView.
Host details Permission to see details about hosts.
Service details Permission to see detailed information about different services, such as FTP.
Services view Permission to see the ServiceObjects view.
Shaping view Permission to see the ShapingObjects view.
Statistics view Not currently in use.
System administration Permission to perform administrative tasks in LiveView.
System diagnostics Permission to use the System Configuration Editor window.
VBS Query Permission to see the VBS view.
See also
60
3.19. Log Level Editor window

Use the Log Level Editor window to specify how much information to log from different PacketLogic facilities.
Facility The part of the PacketLogic system.
Level The log levels have generic meanings, but the implementation of log levels may vary depending
on which facility you configure. The following levels are available:
• Emergency: The system is unusable. A panic condition has occurred.
• Alert: An action must be taken immediately. A condition that you must correct
immediately, such as a corrupted database, has occurred.
• Critical: Critical conditions, such as hard device errors, have occurred.
• Error: Error conditions have occurred.
• Warning: Warning conditions have occurred.
• Notice: Normal but significant conditions have occurred. Conditions that are not errors,
but that may require special handling.
• Info: Information messages.
61

• Debug: Debug-level messages. Messages that contain information that you normally only
use when you debug a program.
• Verbose: Messages that contain extended information.
Cancel Closes the Log Level Editor window.
See also
62
3.20. Host Trigger Editor window

Use the Host Trigger Editor window to add and configure host triggers. For more information about triggers, see Section 7.12,
“Triggers” in PacketLogic Real-Time Enforcement product guide.
1 Navigation pane
The navigation pane contains a list of added host triggers.
Right-clicking a host trigger opens a menu with the following options:
• Rename
• Cut
• Copy
• Delete Host Trigger
New trigger
Adds a new trigger.
Save
Saves the host trigger configuration.
Cut
Cuts the selected trigger.
63
Copy
Copies the selected trigger.
Paste
Pastes a trigger.
Trigger type The type of host trigger. For more information, see Section 7.12.2.1, “Host trigger types” in
Script to run The Python code to execute when the conditions in the host trigger match.
Scripts can be uploaded in the File Manager window. For more information, see Section
3.26, “File Manager window”.
Remote Custom View This option is only available for the trigger type Dynamic LiveView. Defines which remote custom
view to base the trigger on.
Condition A condition for when the trigger will be set off. Conditions can be based on the following
metrics:
• Incoming: The limit on incoming bandwidth.
• Outgoing: The limit on outgoing bandwidth.
• Incoming CPS: The limit on incoming connections per second.
• Outgoing CPS: The limit on outgoing connections per second.
• Connections: The limit on concurrent connections.
• Unestablished Connections: The limit on unestablished connections.
• Seen per host outgoing Hop Limits: The limit in number of seen per host outgoing
Hop Limits.
• In internal QoE: The limit on the In internal Quality of Experience (QoE) value.
• Out internal QoE: The limit on the Out internal Quality of Experience (QoE) value.
• In external QoE: The limit on the In external Quality of Experience (QoE) value.
• Out external QoE: The limit on the Out external Quality of Experience (QoE) value.
• Subitem count: The limit on sub items in a node. This condition will match on any level
in the tree, if the actual number of children for the node exceeds the configured value. It
is most useful for triggers based on the Dynamic LiveView trigger type.
Note
While all other limits set the trigger off when the value is above the configured value, QoE limits
set the trigger off when the value is below the configured value.
Add
Adds a new condition.
64
Remove
Removes the selected condition.
See also
• Section 7.12, “Triggers” in PacketLogic Real-Time Enforcement product guide
• Section 7.12.2.1, “Host trigger types” in PacketLogic Real-Time Enforcement product guide
• Section 7.3, “Hop limit tracking” in PacketLogic Real-Time Enforcement product guide
• Section 5.4.1, “Connection quality measurement”
65
3.21. Connection Protection Trigger Editor window

Use the Connection Protection Trigger Editor window to define connection protection triggers. For more information about
triggers, see Section 7.12, “Triggers” in PacketLogic Real-Time Enforcement product guide.
1 Navigation pane
The navigation pane contains a list of added connection protection triggers.
Right-clicking a connection protection trigger opens a menu with the following options:
• Rename
• Cut
• Copy
• Delete Connection Protection Trigger
New trigger
Adds a new trigger.
Save
Saves the connection protection trigger configuration.
Cut
Cuts the selected trigger.
66
Copy
Copies the selected trigger.
Paste
Pastes a trigger.
Script to run The Python code to execute when the conditions in the connection protection trigger match.
Scripts can be uploaded in the File Manager window. For more information, see Section
3.26, “File Manager window”.
See also
• Section 7.12, “Triggers” in PacketLogic Real-Time Enforcement product guide
67
3.22. System Configuration Editor window

Use the System Configuration Editor window to configure the system settings.
1 Navigation pane
The navigation pane contains folders for different types of system configuration values. The
name of values and folders containing values that are set to something different than the default
value, have bold formatting.
For more information about the system configuration values, see Appendix B, System
Configuration Values.
Save
Saves and writes the changes from PacketLogic Client to the PacketLogic system.
For configuration changes to take effect, the configuration must be reloaded. See Close &
Reload Configuration on the File menu.
Description A brief description of the system configuration value.
Default value The default value.
Value A new value can be entered to change the default settings.
For more information about values that exceed the minimum and maximum values, see
Section B.1.1, “Exceeding minimum and maximum values”.
Restore to Default Returns to the default settings.
68
See also
• Section B.1.1, “Exceeding minimum and maximum values”
• Section 3.22.1, “System Configuration Editor File menu”
3.22.1. System Configuration Editor File menu

Save Saves and writes the changes from PacketLogic Client to the PacketLogic system.
Close & Reload Closes the System Configuration Editor window and reloads the configuration.
Configuration
Close & Reboot System Closes the System Configuration Editor window and reboots the system.
Close Closes the System Configuration Editor window.
See also
• Section 3.22, “System Configuration Editor window”
69
3.23. Preferences window

Use the Preferences window to configure how you want values to be presented, set the size of the diagnostics log, set a
browsing start point, check for updates, configure proxy host and port, and a number of other settings for the following tabs:
• System Overview
• LiveView
• Statistics View
• Advanced
• Proxy
70
See also
• Section 3.23.1, “System Overview tab”
• Section 3.23.2, “LiveView tab”
• Section 3.23.3, “Statistics tab”
• Section 3.23.4, “Advanced tab”
• Section 3.23.5, “Proxy tab”
3.23.1. System Overview tab

The System Overview tab has the following option:
Chart time interval (hours) The interval in hours between 1 and 24 for the information shown in graphs in System Overview.
See also
3.23.2. LiveView tab

The LiveView tab has the following settings:
Update interval (seconds) The interval in seconds for updating information in LiveView.
Show transfer rates as The scaling of the transfer rates shown in LiveView. The available options are:
• Automatic: Make LiveView adapt the scale to the current levels.
• kbps
• Mbps
• Gbps
Number of decimals The number of decimals to display for numbers in LiveView.
Use reverse hostname Makes PacketLogic Client perform a DNS lookup for the hosts in a connection when you view
lookup in the connection details for a connection in LiveView.
view
Caution
Use the reverse hostname lookup option with care. The DNS server must be able to handle the
load of requests from PacketLogic. If the DNS server is overloaded, it may stop responding.
71
Time out if inactive for The number of seconds a view can be inactive before the server stops sending updates.
(seconds)
Default setting: 30 seconds
Max distribution levels The options are:
• No Limit
Displays the existing number of levels regardless of how many levels there are.
• 1 to 10
Displays the selected number of levels.
See also
3.23.3. Statistics tab

The Statistics tab has the following options:
Home page The starting point for browsing statistics in Statistics view.
Custom fonts The fonts used in Statistics view.
Congestion line in line Displays a horizontal line in line charts for a certain percentage of linkspeed.
charts
The congestion line is displayed in line charts of NetObjects where the linkspeed attribute
is set. For more information about the linkspeed attribute, see Section 3.11, “NetObjects
configuration pane”.
See also
• Section 3.11, “NetObjects configuration pane”
3.23.4. Advanced tab

The Advanced tab has the following options:
Language The language used by PacketLogic Client. Select System Language in the list to retrieve the
language setting from the PacketLogic system.
Max length of system The maximum length of the system diagnostics log.
diagnostics log
72
Do a ruleset compile on Compiles the ruleset on commit in the Objects & Rules Editor window. For more information,
commit in Objects & Rules see Section 3.10, “Objects & Rules Editor window”.
Editor
Check for updates on Makes PacketLogic Client contact the Sandvine server when it is started to check for a newer
startup version of PacketLogic Client.
See also
3.23.5. Proxy tab

The Proxy tab has the following options:
Host The name or IP address of the host acting as a SOCKS proxy.
Port The port used by the proxy.
See also
73
3.24. Backup Manager window

Use the Backup Manager window to create, restore, download, and manage backups in PacketLogic Client.
Note
Backups only take resources stored locally. Proxied resources are not included. For more information, see
Section 3.25, “Resource Manager window”.
New Backup
Creates a new backup.
Restore
Restores the selected backup.
Download
Downloads the selected backup. Transfers the backup file from the PacketLogic system to
the host running PacketLogic Client.
Upload
Uploads a backup. Transfers a file from the host running PacketLogic Client to the PacketLogic
system.
Delete
74

Deletes the selected backup.
Backup A list of backups consisting of the PacketLogic ruleset stored in XML format with
the file extension .plb. The files are automatically named date-time.plb, for example,
20110419-12.18.plb.
See also
• Section 6.9.1, “Client backup”
75
3.25. Resource Manager window

Use the Resource Manager window to specify where the configuration for different database resources is stored.
Name The name of the resource. For more information, see Section 6.2.4.2, “Resources”.
Mode The mode of a resource:
• Local: The resource is stored and managed on the local PacketLogic system only.
• Proxy: The resource is stored on another PacketLogic system. You can view and manage
the resource on the local PacketLogic system, but the operations are transparently
sent to the other (proxy) PacketLogic system. For more information, see Section 6.7,
“Centralized management”.
Status The status of the resource.
Proxy Address The address of the proxy PacketLogic system if the mode of the resource is set to Proxy.
Edit Opens the Editing Resource dialog box where you configure:
• Mode
• Proxy address
• Proxy user
• Proxy password
76
Steal Steals a resource locked by another user.
Close Closes the Resource Manager window.
See also
• Section 6.2.4.2, “Resources”
• Section 6.7, “Centralized management”
77
3.26. File Manager window

Use the File Manager window to manage files stored in PacketLogic. Typical files are Python scripts used for triggers and
snoopers, license files, and the PacketLogic SNMP MIB.
1 Navigation pane
The navigation pane contains folders for different types of files. The following folders are
available:
• DHCP Snooping files
• Documentation: The product guide and signatures.
• Firewall Trigger Files
• Host Trigger Files
• License upload
• PCAP Writer files
• PCAP-2 Writer files
• RADIUS Snooping files
• SIP Snooper files
78

• SNMP
2 Workspace
The workspace shows a list of the files in the selected folder.
Upload File
Uploads a file to the File Manager. Transfers a file from the host running PacketLogic Client
to PacketLogic.
Download File
Downloads a file from the File Manager. Transfers a file from PacketLogic to the host running
PacketLogic Client.
Delete File
Deletes the selected file.
Refresh File List
Refreshes the contents of the File Manager.
See also
79
3.27. Log Viewer window

Use the Log Viewer window to view and and download logs.
1 Navigation pane
The navigation pane contains a list of all log files. Clicking a file shows the content in the
workspace.
Save
Saves the selected log file on the local file system.
Refresh
Refreshes the selected log file.
Copy
Copies the selected text.
Find
Searches the log for a text string.
Filter Filters the log file content by a text string.
80
Apply Applies a filter.
Clear Removes a filter.
See also
• Section 3.27.1, “Log Viewer File menu”
• Section 3.27.2, “Log Viewer Edit menu”
3.27.1. Log Viewer File menu

Save Saves the selected log file on the local file system.
Refresh Refreshes the selected log file.
Close Closes the Log Viewer window.
See also
3.27.2. Log Viewer Edit menu

The Edit menu has the following options:
Copy Copies the selected text.
Select All Selects all of the log content.
Find Searches the log for a text string.
See also
81
3.28. Connection Search window

Use the Connection Search window to search for all connections matching given criteria.
Remove
Removes added criteria.
Max results The maximum number of connections to display in the search result.
Add Criteria Adds a search criterion. The search requires at least one search criterion, which can contain
one or no values.
The following search criteria are available:
• Client: The IPv4 address, IPv6 address, or port of the client. It can be entered as an
exact match or as s range.
• Server: The IPv4 address, IPv6 address, port, or host name of the server. IP addresses
and ports can be entered as an exact match or as a range.
• Host: The IPv4 or IPv6 address of the client or the server. It can be entered as an exact
match or as a range.
• Start Time Interval: A time interval during which the connection was initiated.
• End Time Interval: A time interval during which the connection ended.
• Service: The service.
82

• Protocol: The protocol.
• Visible NetObject: The visible NetObject.
• Rewrite Client: The IPv4 address or port after NAT rewrite of the client. It can be entered
as an exact match or as a range.
• Rewrite Server: The IPv4 address or port after NAT rewrite of the server. It can be entered
as an exact match or as a range.
• Rewrite Host: The IPv4 address of the client or the server after NAT rewrite It can be
entered as an exact match or as a range.
Reset Removes any search criteria and sets the time interval to the default value.
Export Exports the search result in a text file with the values separated by semicolon.
Search Performs a search based on the added criteria.
Close Closes the Connection Search window.
See also
• Section 11.3, “Connection search”
83
3.29. Command-line mode

You can run PacketLogic Client in command-line mode to allow scripting. This is specifically intended for generating statistics
reports from scripts. When the client is started in command-line mode, the following arguments are available.
Note
This way of generating reports is only available on Linux, not on Windows or MacOS.
• --server=ip_address: IP address to a PacketLogic system.
• --user=user_name: User to use at logon.
• --password=password: Password to use at logon.
• --bookmark-file=path_to_bookmark_file: The file path to the bookmark file to be used for export in .pdf or .csv format. You
need to also specify the name of the bookmark within the file with the --bookmark argument, for example, --bookmark-
file=Bookmarks.pbx --bookmark=StatisticsObjects --create-pdf. See Section 8.4.3, “Bookmarks”
for information about how to generate a bookmark file.
• --bookmark=bookmark: The bookmark to be used for export in .pdf or .csv format. This is the name attribute in the
bookmark file. See Section 8.4.3, “Bookmarks” for more information about the bookmark file format.
• --create-pdf: Create a .pdf file from a specified bookmark. Requires that a bookmark is specified with --bookmark.
• --create-csv: Create a .csv file from specified bookmark. Requires that a bookmark is specified with --bookmark.
• --template=path_to_report_template: Create a report specified in the report template XML file given as argument. For more
information, see the Report Studio Product Guide.
• --input- name_of_template_input =value: Enter the input values for the report template. For more information, see the
Report Studio Product Guide.
• --only-reports Only enable the report generation interface of the client.
Use plclient --help for a list of the available arguments on the command line.
You can use either --create-pdf or --create-csv to generate statistics without opening the client. (If you provide both, only the
one entered last on the command line will be used.) The resulting file is named as the bookmark from which the statistics are
generated, with a .pdf or .csv file name extension. If there are multiple bookmarks with the same name, the first one found is used.
Note
You can use the commands --server, --user, and --password to start PacketLogic Client as usual, connecting
directly with the specified authentication details and bypassing the System Manager window.
See also
• Section 8.4.3, “Bookmarks”
84
4. Interfaces
4.1. PacketLogic Client
4.2. CLI
4.3. SQL
This chapter describes the PacketLogic interfaces.
See also
• Section 2.3, “Interfaces overview”
85
4. Interfaces
4.1. PacketLogic Client

PacketLogic Client is the graphical user interface of PacketLogic used to configure and monitor PacketLogic and to view statistics.
This section describes how you navigate and use the client interface. All configuration options are described in Chapter 3,
PacketLogic Client user interface.
The client consists of views, menus, editors and managers. The editors and managers open in separate windows. Frequently
used tools for managing the system are available on a main toolbar. Many of the views, editors, and managers also have context-
sensitive menus, opened on right-click.
Additionally, keyboard shortcuts are available for accessing many of the functions. The keyboard shortcut for a menu item is
shown next to the item. For a list of all available keyboard shortcuts, see Appendix D, Keyboard shortcuts.
See also
• Chapter 4, Interfaces
• Appendix D, Keyboard shortcuts
• Section 4.1.1, “Logging on to PacketLogic Client”
• Section 4.1.4, “Objects & Rules Editor opening modes”
4.1.1. Logging on to PacketLogic Client

When you start PacketLogic Client, the System Manager window is opened to allow you to connect to a PacketLogic system.
system.
Note
If you have configured the PacketLogic Client to connect directly to a specific system, the System Manager
window is not opened.
To log on to the client
1. Start PacketLogic Client.
2. In the System Manager window, click New System and perform the following steps.
3. In the Name box, type a name for the new system.
4. In the Address box, type the IP address of the system.
5. In the Username box, type your user name.
6. In the Password box, type your password.
7. Optionally, click the view to be opened on initial connection in the Default view list.
8. Optionally, select the Automatically connect to this system checkbox.
9. Click Connect.
86
4. Interfaces
4.1.2. Customizing tables

You adjust columns in tables to change the size or order of columns and to select which columns to show.
To customize tables
1. In PacketLogic Client, open a view where where values are displayed in columns.
2. To resize or move a column, drag the column header row.
3. To select which columns to display, right-click a column header row and then click a value in the list.
See also
4.1.3. Uploading a file to PacketLogic Client

You upload a file to make it available in PacketLogic Client.
To upload a file
1. In PacketLogic Client, go to Tools, and then select File Manager.
2. Select the Upgrade files folder.
3. Go to Transfer, and then select Upload File.
4. Select a locally stored file to upload.
5. Select Open.
See also
4.1.4. Objects & Rules Editor opening modes

The the Objects & Rules Editor window has configuration options for viewing, creating, and maintaining the ruleset for traffic
management.
Prerequisites:
• The Objects & Rules Editor needs FileServ permission to work. FileServ is used to get the available attributes for objects
and rules as well as service properties.
• The ruleset compilation done when you commit works more reliably if PacketLogic Client has access to sysconfig. Sysconfig
is used to set the max complexity and max rules settings in the ruleset compiler. If PacketLogic Client has no access to
sysconfig, it uses the default values.
You can open the Objects & Rules Editor from the Edit menu or from the main toolbar. There are three different opening
modes available in a submenu. If you click the Objects & Rules Editor button on the toolbar, the default mode is used. Click
and hold displays the other options.
87
4. Interfaces
Open Without Stealing Resource

Opens the editor without locking the resource for exclusive use. This is the default mode.
Steal Resource And Open

Applies an exclusive lock on the Rules & Objects Configuration resource to prevent any other sessions from saving
changes to it. Use the lock when snoopers or custom integration scripts perform operations on the ruleset that cause
the ruleset to reload at a high rate.
Note
This option requires read and write permissions on the Resource and Rules & Objects Configuration
resources.
Open Read Only

Opens the editor in read-only mode. This has the following implications:
• You cannot perform any actions on the objects or rules.
• The view is not affected by subsequent updates to the objects or rules made by another PacketLogic Client or by API
calls, such as snoopers or custom integrations.
See also
4.2. CLI
The command-line interface (CLI) is used for basic configuration tasks when setting up certain systems administration tasks.
This reference describes the supported commands together with a tree model of all configuration values. A tree model of the
supported configuration values complete with a description of all available CLI commands is included in the PacketLogic CLI
Reference Guide.
See also
• Section 3.1, “PacketLogic Client window”
• Section 4.2.1, “Logging on to the CLI”
4.2.1. Logging on to the CLI

You log on to the CLI to access the command line commands required for configuring or operating the PacketLogic system.
Note
The command-line interface (CLI) is available on port 42002 via SSH to the administration interface of
PacketLogic, or by using a console cable connected to the console interface of PacketLogic.
To log on to the CLI
1. In a terminal, type ssh pladmin@IP_address –p 42002.
2. Type the password.
88
4. Interfaces
4.3. SQL
You can use a subset of the Structured Query Language (SQL) to query the statistics reader and retrieve data from the statistics
storage. The result of a query is delivered in a table format.
The SQL interface features:
• SELECT statements that can use:
• WHERE for filtering rows
• ORDER BY for sorting rows
• LIMIT to limit records
• OFFSET to exclude records
• SET statements for session specific configurations
• SHOW statements for listing session variables
The SQL interface is provided over the following wire protocol:
• The PacketLogic Database Daemon (PLDBD) API : A Sandvine specific protocol that you can access via the PacketLogic
PythonAPI. The PythonAPI is the only supported client for this protocol.
4.3.1. Statistics class in PacketLogic Python API

The Statistics class in PacketLogic PythonAPI has two methods to provide access to the SQL interface.
Note
Several other methods are available in the Statistics module. These methods are still supported, but they are
considered deprecated since we recommend you to use the SQL interface for accessing data.
• query: This method can be used for smaller queries where the entire result set is returned in a single dictionary.
• query_callback: This method can be used for large result sets as the result will be processed row by row using callbacks.
A benefit of this method is that not all memory in the client will be used.
4.3.1.1. Statistics.query
This method sends the SQL query to the system, and the entire result set is stored in memory before returning the data. This
method is optimal for smaller queries where the result set does not use a lot of memory.
Parameters
Query in the form of an SQL string.
Returns
A dictionary with information about columns, rows and notice messages, for example:
{"columns": ["name", "bytes_in", "bytes_out"],

"rows": [("461233124", 1231515, 1231451),
("469878922", 9879872, 3874872),
("469879872", 8927342, 8723423)],
"notices": ["statement_execution_time: 0.001488"]}
89
4. Interfaces
Example
import packetlogic2
c = packetlogic2.connect("my_ip_address_to_pic", "my_username", "my_password")
s = c.Statistics()
# List all dates with traffic.
query = """SELECT name, bytes_in, bytes_out
FROM pls_list(date_from='2015-12-31', date_to='2015-12-31',
value_path='/PSM?0/By Subscriber?NetObject',
table_name='traffic');
"""
data = s.query(query)
# Print the name column in rows.
for row in data["rows"]:
print row[0]
4.3.1.2. Statistics.query_callback
This method sends the SQL query to the system, and the callbacks are invoked when row description, row or notice message
has been received. This method is ideal when processing large volumes of data.
Parameters
• Query in the form of an SQL string.
• row_desc_cb - A callback that takes a list of column names as argument.
• row_data_cb - A callback that takes a list of row values as argument.
• notice_cb=none - A callback that takes the notice message as argument.
Returns
This method does not return anything.
Example
# This sample will export traffic data to a 'export.csv' file.

import csv
import packetlogic2
c = packetlogic2.connect("my_ip_address_to_pic", "my_username", "my_password")
s = c.Statistics()
with open("export.csv", "w+") as f:
writer = csv.writer(f, quoting=csv.QUOTE_NONNUMERIC)
def write_data(data):
writer.writerow(data)
s.query_callback("SELECT * FROM pls_list(date_from='2015-05-05', "
"date_to='2015-05-05', "
"table_name='traffic', "
"value_path='/PSM?Statistics Object/All subscribers?
NetObject')",
write_data, write_data)
4.3.2. Memory protection

There is a limit to the amount of memory that can be used by a query. This is to avoid all PIC memory being used by queries
that, for example, use a stored procedure with a recursion_depth parameter and ORDER BY. Such a query could otherwise
force PIC to cache the entire result set in memory before sending it to the client.
90
4. Interfaces
The limit is configured by setting the system configuration value PLDB_STATREADER_MAX_RESULTSET_SIZE_MB. Default
is 1000 MB. This value can be overridden per session using:
-- Temporary override memory usage to 10 GB for this session only.

SET max_resultset_size TO 10000000000;
4.3.3. Statements
The following statements are supported for querying the statistics storage.
4.3.3.1. SELECT
The SELECT statement is used to retrieve data from the statistics storage. SELECT can use WHERE, ORDER BY and LIMIT
to filter and sort the result set.
Syntax diagram
Examples
SELECT columns FROM procedure (args) WHERE expr ORDER BY expr LIMIT x OFFSET y
SELECT name, bytes_in FROM pls_list(date_from='2015-12-01', date_to='2015-12-31',

value_path='/', table_name='traffic');
91
4. Interfaces
SELECT name FROM pls_list(date_from='2015-12-01', date_to='2015-12-31',

value_path='/', table_name='traffic') ORDER BY name DESC;

value_path='/', table_name='traffic') WHERE name LIKE 'G%' ORDER BY name DESC;

value_path='/', table_name='traffic') LIMIT 2 OFFSET 2;
4.3.3.2. SHOW
The SHOW statement will list all session variables or a single session variable.
Syntax diagram
Example
SHOW ALL;
name, setting, description

--------------------------
'peering', True, 'Send query metrics (execution time) back to the caller. Default
= False'
'query_metrics', False, 'Pass queries to peers and aggregate results. Default =
True'
SHOW peering;
peering
-------
True
4.3.3.3. SET
A SET statement can alter a session variable to a new value or to the default value. A change is only valid for the lifetime of
the current connection. A session variable can be used to temporarily turn off peering or to output query metrics. See Section
4.3.5, “Session variables”.
Syntax diagram
Examples
SET query_metrics TO True;

SET peering TO False;
92
4. Interfaces
4.3.4. Procedures
The following procedures are available for use in the SQL interface. To list all procedures, use:
SELECT name FROM pls_list_procedures();
4.3.4.1. pls_date_list
This procedure lists the dates that have stored statistics.
Peering support
Yes
Parameters
None
Example
SELECT date FROM pls_date_list () ORDER BY date DESC;
date
------------
2016-02-12
2016-02-11
2016-02-10
2016-02-09
2016-02-08
...
4.3.4.2. pls_list
This procedure lists data from a time interval and returns the total amount for each node that is found. If the date parameters
specify time, for example 2015-12-31 20:00, the query will read graph data instead of the daily totals data.
Peering support
Yes
Parameters
Mandatory parameters:
• date_from
• date_to
• value_path - The path to the statistics distribution.
• table_name - The table that the procedure will read data from, channel, nat, traffic or shapingobject. See Table 4.1.
Optional parameters:
• recursion_depth - The number of levels that the query will recursively traverse down through the statistics distribution.
Example
SELECT name, bytes_in, bytes_out

FROM pls_list(date_from='2016-02-11', date_to='2016-02-11',
table_name='traffic', value_path='/Mobile Subscribers?0')
ORDER BY bytes_in;
93
4. Interfaces
name | bytes_in | bytes_out

------------+-----------+-----------
46709659507 | 123128084 | 11118006
46709057553 | 134162646 | 11221862
46710974606 | 134715908 | 10965094
46710545712 | 137041866 | 13347526
46709701339 | 137244634 | 12533298
...
The following tables and field names are available:
TABLE 4.1 Statistics storage tables and totals data fields

channel nat traffic shapingobject
parent_path (parent query for parent_path (parent query for parent_path (parent query for parent_path (parent query for
this node) this node) this node) this node)
level (recursion level, 0 is the level (recursion level, 0 is the level (recursion level, 0 is the level (recursion level, 0 is the
first level) first level) first level) first level)
name name name name

a a a a
value_type value_type value_type value_type
flags flags flags flags
path_flags path_flags path_flags path_flags
rx_packets port_blocks_low bytes_in copies
tx_packets port_blocks_high bytes_out connections
rx_bytes tcp_low_ports bytes_total bytes_in
tx_bytes tcp_low_ports_alloc_errors curconns_in congested_bytes_in
rx_errors tcp_high_ports curconns_out packets_in
tx_errors tcp_high_ports_alloc_errors conns congested_packets_in
rx_drops udp_low_ports conns_in drops_in
tx_drops udp_low_ports_alloc_errors conns_out avg_latency_in
udp_high_ports uconns max_latency_in
udp_high_ports_alloc_errors uconns_in avg_queue_in
icmp_low_ports uconns_out max_queue_in
icmp_low_ports_alloc_errors pktdrops_in bytes_out
icmp_high_ports pktdrops_out congested_bytes_out
icmp_high_ports_alloc_errors bytedrops_in packets_out
l4_translation_errors_out bytedrops_out congested_packets_out
subitem_count_nat_host avg_latency_in drops_out
subitem_count_nat_pool avg_latency_out avg_latency_out
quality_int_in max_latency_out
94
4. Interfaces
quality_int_out avg_queue_out
quality_ext_in max_queue_out
quality_ext_out
quality_pkts_in
quality_pkts_out
rtt_in
rtt_out
packets_in
packets_out
subitem_count_netobject
subitem_count_host
subitem_count_remotehost
subitem_count_localvhost
subitem_count_remotevhost
subitem_count_base_service
subitem_count_service
subitem_count_service_object
subitem_count_vlan_in
subitem_count_vlan_out
subitem_count_xfbflag
subitem_count_ipprotocol
subitem_count_dscp_in
subitem_count_dscp_out
subitem_count_channel_in
subitem_count_channel_out
subitem_count_mpls_in
subitem_count_mpls_out
subitem_count_int_aspath
subitem_count_ext_aspath
subitem_count_origin_as
subitem_count_int_bgpcomm
subitem_count_ext_bgpcomm
95
4. Interfaces
subitem_count_ttl
subitem_count_property
subitem_count_content_category
a
The name and ID for each value type are listed in Section 7.5.2, “Value types”.
4.3.4.3. pls_graph
This procedure lists graph data from a time interval and returns the total amount for each node that is found.
Peering support
Yes
Parameters
• date_from
• date_to
• value_path
• resolution - The resolution of the returned data. Resolution must be set to a multiple of the graph resolution specified
for the statistics storage. If this parameter is not set, or if it is set to 0, the statistics storage graph resolution will be
used for the retrieved data.
Examples
The following example uses the resolution parameter:
SELECT ts, gmtoffset, freq, bytes_in, bytes_out

FROM pls_graph(date_from='2016-02-11 00:00', date_to='2016-02-11 11:59',
value_path='/Mobile Subscribers?0', resolution=3600);
ts | gmtoffset | freq | bytes_in | bytes_out

-----------+-----------+------+--------------+-------------
1455145200 | 3600 | 3600 | 384734722794 | 34523252360
1455148800 | 3600 | 3600 | 384606091664 | 34409715646
1455152400 | 3600 | 3600 | 384814173230 | 34530325270
1455156000 | 3600 | 3600 | 384568026806 | 34684948254
...
The following example uses the recursion_depth parameter:
SELECT name, parent_path, level, ts, bytes_in,

FROM pls_graph(date_from='2016-02-11 00:00', date_to='2016-02-11 00:09',
value_path='/Mobile Subscribers?0', recursion_depth=1)
ORDER BY parent_path, level;
name | parent_path | level | ts | bytes_in |

-------------------+-----------------------+-------+------------+-------------+
Mobile Subscribers | | 0 | 1455145200 | 32087212288 |
Mobile Subscribers | | 0 | 1455145500 | 32048673088 |
96
4. Interfaces
46709784834 | /Mobile Subscribers?0 | 1 | 1455145200 | 75689320 |

...
The following tables and field names are available:
TABLE 4.2 Statistics storage tables and graph data fields

name name name name
parent_path (parent query for parent_path (parent query for parent_path (parent query for parent_path (parent query for
this node) this node) this node) this node)
a a a a
value_type value_type value_type value_type
level (recursion level, 0 is the level (recursion level, 0 is the level (recursion level, 0 is the level (recursion level, 0 is the
first level) first level) first level) first level)
ts ts ts ts
gmtoffset gmtoffset gmtoffset gmtoffset
freq freq freq freq
rx_packets port_blocks_low bytes_in copies
tx_packets port_blocks_high bytes_out connections
rx_speed tcp_low_ports cps bytes_in
tx_speed tcp_low_ports_alloc_errors cps_in congested_bytes_in
rx_errors tcp_high_ports cps_out packets_in
tx_errors tcp_high_ports_alloc_errors ucps congested_packets_in
rx_drops udp_low_ports ucps_in drops_in
tx_drops udp_low_ports_alloc_errors ucps_out avg_latency_in
udp_high_ports curconns_in max_latency_in
udp_high_ports_alloc_errors curconns_out avg_queue_in
icmp_low_ports pktdrops_in max_queue_in
icmp_low_ports_alloc_errors pktdrops_out bytes_out
icmp_high_ports bytedrops_in congested_bytes_out
icmp_high_ports_alloc_errors bytedrops_out packets_out
l4_translation_errors_out avg_latency_in congested_packets_out
subitem_count_nat_host avg_latency_out drops_out
subitem_count_nat_pool quality_int_in avg_latency_out
97
4. Interfaces
quality_int_out max_latency_out
quality_ext_in avg_queue_out
quality_ext_out max_queue_out
quality_pkts_in
quality_pkts_out
link_speed_in
link_speed_out
link_utilization_in
link_utilization_out
rtt_in
rtt_out
packets_in
packets_out
subitem_count_netobject
subitem_count_host
subitem_count_remotehost
subitem_count_localvhost
subitem_count_remotevhost
subitem_count_base_service
subitem_count_service
subitem_count_service_object
subitem_count_vlan_in
subitem_count_vlan_out
subitem_count_xfbflag
subitem_count_ipprotocol
subitem_count_dscp_in
subitem_count_dscp_out
subitem_count_channel_in
subitem_count_channel_out
subitem_count_mpls_in
subitem_count_mpls_out
subitem_count_int_aspath
98
4. Interfaces
subitem_count_ext_aspath
subitem_count_origin_as
subitem_count_int_bgpcomm
subitem_count_ext_bgpcomm
subitem_count_ttl
subitem_count_property
a
The name and ID for each value type are listed in Section 7.5.2, “Value types”.
4.3.4.4. pls_data_invalidate
This procedure removes statistics values from the PIC storage (StatsFS). Both daily total values and graph data points are
invalidated by pls_data_invalidate.
Warning
Once the data has been invalidated it cannot be recovered.
Peering support
No
Parameters
• date_from
• date_to
• value_path
• delete_root - If set to True, the value path set with value_path will be invalidated along with all of its child values. If
set to False, only the child values are invalidated.
Example
SELECT * FROM pls_data_invalidate(date_from='2014-06-12',

date_to='2014-06-13',
value_path='/PSM?0',
delete_root=True);
4.3.4.5. pls_graph_invalidate
This procedure removes graph data from the PIC storage. Daily total values are not invalidated by pls_graph_invalidate.
Warning
Once the graph data has been invalidated it cannot be recovered.
99
4. Interfaces
Peering support
No
Parameters
• date_from
• date_to
• value_path
• delete_root - If set to True, the value path set with value_path will be invalidated along with all of its child values. If
set to False, only the child values are invalidated.
Example
SELECT * FROM pls_graph_invalidate(date_from='2014-06-12',

date_to='2014-06-13',
value_path='/PSM?0',
delete_root=True);
4.3.4.6. pls_list_daily_indexes
This procedure lists meta data about daily indexes that are stored in the PIC storage. This is an internal query and will not return
any statistics data.
Peering support
No
Parameters
None
Example
SELECT path, version, total_values

FROM pls_list_daily_indexes() ORDER BY path;
path | version | total_values |

------------------------------------------------------+---------+--------------+
/statistics/partitions/internal/statistics/2015-12-18 | 8 | 7306490 |
Output columns
Name Description
path The path to the daily index in the local file system.
version The version of the daily index.
total_blocks The number of total blocks allocated.
total_values The number of total values created for this day.
graph_values The number of graph values created for this day.
100
4. Interfaces
Name Description
max_values The maximum number of values that can be created this

day.
size_compressed Compressed size of all the files in this global index.
size_uncompressed Uncompressed size of all the files in this global index.
compression_ratio Compression ratio of this global index

(size_uncompressed / size_compressed).
compression_algorithms | separated list of compression algorithms used on files in

this global index.
4.3.4.7. pls_list_global_indexes
This procedure lists all global indexes in the PIC storage. This is an internal query and will not return any statistics data.
Peering support
No
Parameters
None
Example
Output columns
Name Description
path
version
max_values
max_values_ext
startday
endday
last_write
values
values_collision
links
links_collision
size_compressed Compressed size of all the files in this global index.
size_uncompressed Uncompressed size of all the files in this global index.
compression_ratio Compression ratio of this global index

(size_uncompressed / size_compressed).
compression_algorithms | separated list of compression algorithms used on files in

this global index.
101
4. Interfaces
4.3.4.8. pls_list_procedures
This procedure lists all procedures that can be called in SQL.
Peering support
No
Parameters
None
Example
SELECT name FROM pls_list_procedures() ORDER BY name;
name
-------------------------
pls_data_invalidate
pls_date_list
pls_graph
pls_graph_invalidate
pls_list
pls_list_daily_indexes
pls_list_global_indexes
pls_list_procedures
pls_subitem_count
pls_subscriber_count
4.3.4.9. pls_recompress_daily_indexes
This procedure recompress data for a day with the specificed compression algorithm.
Peering support
No
Parameters
• daily_path - The file system path to the daily index.
• compression_algorithm - The compression algorithm to use (LZO, LZ4).
Example
SELECT * FROM pls_recompress_daily_indexes(daily_path='/statistics/partitions/

internal/statistics/2016-05-15', compression_algorithm='LZ4');
4.3.4.10. pls_recompress_global_indexes
This procedure recompress data for a global index with the specificed compression algorithm.
Peering support
No
102
4. Interfaces
Parameters
• global_path - The file system path to the global index.
• compression_algorithm - The compression algorithm to use (LZO, LZ4).
Example
SELECT * FROM pls_recompress_global_indexes(global_path='/statistics/partitions/

internal/statistics/values01/1463004000', compression_algorithm='LZ4');
4.3.4.11. pls_subitem_count
This procedure counts the number of items of each value type on the subsequent level in the statistics distribution for every
statistics value.
Peering support
Yes
Parameters
• date_from
• date_to
• value_path
Optional parameter:
If recursion depth is not specified or set to 0, the subitem count for the queried value path will be returned.
Example
SELECT parent_path, level, value_type, count

FROM pls_subitem_count(date_from='2014-06-12', date_to='2014-06-12',
value_path='/PSM?0', recursion_depth=2)
ORDER BY parent_path, value_type;
parent_path | level | value_type | count

-------------------------------+-------+------------+-------
'/PSM?0' | 0 | 514 | 2
'/PSM?0/1.1.1.1?514' | 1 | 518 | 1
'/PSM?0/1.1.1.1?514' | 1 | 524 | 2
'/PSM?0/1.1.1.2?514' | 1 | 518 | 2
'/PSM?0/1.1.1.2?514/HTTP?518' | 2 | 524 | 1
Output columns
Name Description
parent_path
level
value_type
103
4. Interfaces
Name Description
count
4.3.4.12. pls_subscriber_count
This procedure counts the number of subscribers that have been active during the time interval. If using the recursion_depth
parameter, the count can be retrieved for every NetObject in the distribution.
Warning
Using recursion_depth along with long time intervals will result in a query that may take minutes to complete.
Peering support
Yes
Parameters
• date_from
• date_to
• value_path
If recursion depth is not specified or set to 0, the subscriber count for the queried value path will be returned.
Example
SELECT parent_path, level, count

FROM pls_subscriber_count(date_from='2015-12-10', date_to='2015-12-31',
value_path='/PSM?0', recursion_depth=2);
parent_path | level | count

---------------------------------------+-------+---------
/PSM?0 | 0 | 1829929
/PSM?0/By Region?513 | 1 | 1829929
/PSM?0/By Region?513/Region 00?513 | 2 | 343998
/PSM?0/By Roaming?513 | 1 | 1829929
/PSM?0/By Roaming?513/Operator 0?513 | 2 | 57818
104
4. Interfaces
Output columns
Name Description
parent_path
level
count
4.3.4.13. pls_subscriber_count_graph
This procedure counts the number of subscribers that have been active during the time interval.
Peering support
Yes
Parameters
• date_from
• date_to
• value_path
• resolution - The resolution of the returned data. Resolution must be set to a multiple of the graph resolution specified
for the statistics storage. If this parameter is not set, or if it is set to 0, the statistics storage graph resolution will be
used for the retrieved data.
Example
SELECT ts, gmtoffset, freq, count

FROM pls_subscriber_count_graph(date_from='2015-12-31',
date_to='2015-12-31',
value_path='/stats?0')
LIMIT 10;
ts | gmtoffset | freq | count

------------+-----------+------+-------
1451516400 | 3600 | 300 | 2036
1451516700 | 3600 | 300 | 2022
1451517000 | 3600 | 300 | 2056
1451517300 | 3600 | 300 | 2002
1451517600 | 3600 | 300 | 2029
1451517900 | 3600 | 300 | 1990
1451518200 | 3600 | 300 | 2002
1451518500 | 3600 | 300 | 2007
1451518800 | 3600 | 300 | 1992
1451519100 | 3600 | 300 | 2006
(10 rows)
Output columns
Name Description
ts
105
4. Interfaces
Name Description
gmtoffset
freq
count
4.3.5. Session variables

Session variables are set per session and do not affect concurrent users. Changes to session variables are per connection and
will be lost after client has disconnected.
datestyle
Not in use. Provided since the RPostgreSQL library will try to set it during connect.
max_resultset_size
Maximum number of bytes to allocate for a result set to a client. This variable can be set to prevent PIC from using all
memory. See Section 4.3.2, “Memory protection”.
peering
Pass queries to peers and aggregate results. See Section 8.3, “Statistics reader peering”. This is a boolean value
set to True as default.
query_metrics
Send back query metrics back to the client. The metrics are:
• statement_execution_time - The total time in seconds to process a statement.
• subquery_count - The number of sub-queries (peering queries or recursion) created to process the query.
This is a boolean value set to False as default. The following is an example of query_metrics in use:
SET query_metrics TO TRUE;

SELECT date FROM pls_date_list() ORDER BY date DESC LIMIT 5;
NOTICE: statement_execution_time: 0.000628

NOTICE: subquery_count: 0
date
------------
2016-02-12
2016-02-11
2016-02-10
2016-02-09
2016-02-08
4.3.6. Migration from PythonAPI calls

This section contains examples on how to migrate data fetching calls that use the PythonAPI to SQL interface queries. The SQL
API and the PythonAPI returns data in different formats. Data is returned as dictionaries by the PythonAPI, while the SQL API
returns lists of rows. Column names also differ between the APIs. The examples below contain examples on how to accomplish
formerly used PythonAPI calls with SQL interface queries.
All examples below require the following code execution:
import packetlogic2
c = packetlogic2.connect("my_ip_address", "my_username", "my_password")
106
4. Interfaces
s = c.Statistics()
Statistics.data_invalidate
PythonAPI format:
s.data_invalidate("2015-12-31", "2015-12-31", "/stats?0/By Subscriber?

513/4654548777?513", deleteroot=True)
SQL interface format:
data = s.query("SELECT * FROM pls_data_invalidate(date_from='2015-12-31', "

" date_to='2015-12-31', "
" value_path='/stats?0/By Subscriber?513/4654548777?513', "
" delete_root=TRUE);")
Statistics.date_list
PythonAPI format:
dates = s.date_list()
data = s.query("SELECT date FROM pls_date_list() ORDER BY date ASC;")

# Convert to a list of dates.
dates = [row[0] for row in data["rows"]]
Statistics.fields_list
There is no equivalent SQL call. Known column names are documented here for every procedure.
Statistics.graph
PythonAPI format:
data = s.graph("2015-12-31", "2015-12-31", "/stats?0/PSM?513/By Subscriber?

513/467054673545?513", numvals=0)
data = s.query("SELECT ts, bytes_in, bytes_out "

"FROM pls_graph(date_from='2015-12-31', date_to='2015-12-31', "
" value_path='/stats?0/PSM?513/By Subscriber?513/467054673545?
513');")
Statistics.graph_invalidate
PythonAPI format:
s.graph_invalidate("2015-12-31", "2015-12-31", "/stats?0/By Subscriber?

513/4654548777?513", deleteroot=True)
s.query("SELECT * FROM pls_graph_invalidate(date_from='2015-12-31',"

" date_to='2015-12-31', "
" value_path='/stats?0/By Subscriber?513/4654548777?513', "
" delete_root=TRUE);")
Statistics.list
PythonAPI format:
data = s.list("2015-12-31", "2015-12-31", "/stats?0/PSM?513/")
107
4. Interfaces
data = s.query("SELECT name, value_type, bytes_in, bytes_out "

"FROM pls_list(date_from='2015-12-31', date_to='2015-12-31', "
" value_path='/stats?0/PSM?513/', table_name='traffic');")
Statistics.list_duration
There is no equivalent SQL call. It is possible to execute the pls_graph procedure and calculate duration on the client.
Statistics.list_search
The list_search PythonAPI function cannot handle peering setups, and will only read data from the system that the query
executes on. The SQL pls_list procedure handles bot peering and recursion.
PythonAPI format:
data = s.list_search('2015-12-31', '2015-12-31', 'stats?0/PSM?513/',

'46705456785', recursiondepth=3)
data = s.query("SELECT parent_path, name, value_type, bytes_in, bytes_out "

" value_path='stats?0/PSM?513/', table_name='traffic', "
" recursion_depth=3) "
"WHERE name='46705456785';")
Statistics.list_subscribers
There is no equivalent SQL call that will return a unique list of subscribers between two dates. It is possible to execute
the pls_list query recursively and only filter NetObjects instead.
Statistics.names_list
PythonAPI format:
my_names = s.names_list("2015-10-10", "2015-10-10", "/")
data = s.query("SELECT name, value_type, flags "

"FROM pls_list(date_from='2015-10-10', "
" date_to='2015-10-10', value_path='/', "
" table_name='traffic');")
my_names = [{"name": row[0], "value_type": row[1], "flags": row[2]} for row in
data["rows"]]
Statistics.path_is_expandable
There is no equivalent SQL call that will return True or False. The example below will instead use the pls_list procedure
and check the flags column.
PythonAPI format:
expandable = s.path_is_expandable("2015-10-10", "2015-10-10", "/stats?0/PSM?513/")
data = s.query("SELECT name, flags FROM pls_list(date_from='2015-10-10', "

" date_to='2015-10-10', value_path='/stats?0/') "
"WHERE name = 'PSM' AND value_type = 513;")
expandable = True if data["rows"][0][1] & s.FLAG_EXPANDABLE else False
Statistics.subitem_count
PythonAPI format:
data = s.subitem_count("2015-12-31", "2015-12-31", "/stats?0/")
108
4. Interfaces
data = s.query("SELECT value_type, count "

"FROM pls_subitem_count(date_from='2015-12-31', "
" date_to='2015-12-31', value_path='/stats?0/');")
Statistics.subitem_count_list
The pls_subitem_count procedure supports recursion which can be used to recurse one level and filter that level with
a WHERE statement.
PythonAPI format:
data = s.subitem_count_list("2015-12-31", "2015-12-31", "/stats?0/")
data = s.query("SELECT value_type, count "

"FROM pls_subitem_count(date_from='2015-12-31', "
" date_to='2015-12-31', value_path='/stats?0/', "
"WHERE level = 1;")
Statistics.subscriber_count
PythonAPI format:
data = s.subscriber_count("2015-12-31", "2015-12-31", "/stats?0/")
data = s.query("SELECT count "

"FROM pls_subscriber_count(date_from='2015-12-31', "
" date_to='2015-12-31', value_path='/stats?0');")
Statistics.subscriber_count_graph
PythonAPI format:
data = s.subscriber_count_graph("2015-12-31", "2015-12-31", "/stats?0/PSM?513/",

numvals=0)
data = s.query("SELECT ts, gmtoffset, freq, count "

"FROM pls_subscriber_count_graph(date_from='2015-12-31', "
" date_to='2015-12-31', value_path='/stats?0/PSM?513/');")
Statistics.subscriber_count_list
PythonAPI format:
data = s.subscriber_count_list("2015-12-31", "2015-12-31", "/stats?0/PSM?513/")
data = s.query("SELECT count "

"FROM pls_subscriber_count(date_from='2015-12-31', "
" date_to='2015-12-31', value_path='/stats?0/PSM?513/', "
"WHERE level = 1;")
Statistics.toplist
The PythonAPI will return the top N nodes for each of the fields being stored.
109
4. Interfaces
The SQL example here will only return top 10 of one of the fields (bytes_in).
PythonAPI format:
data = s.toplist('2015-12-31', '2015-12-31', '/stats?0/PSM?513/By Subscriber?513',

10, offset=20)
data = s.query("SELECT name, value_type, bytes_in, bytes_out"

" value_path='/stats?0/PSM?513/By Subscriber?513', "
" table_name='traffic') "
"ORDER BY bytes_in DESC LIMIT 10 OFFSET 20;")
Statistics.transfer_get
There is no equivalent SQL call that will return just a single node. Instead the pls_list procedure can be used with a WHERE
statement to only retrieve the desired node.
PythonAPI format:
data = s.transfer_get("2015-12-31", "2015-12-31", "/stats?0/PSM?513")
data = s.query("SELECT bytes_in, bytes_out "

" value_path='/stats?0/', table_name='traffic') "
"WHERE name = 'PSM' and value_type = 513);")
110
5. Statistics concepts
5.1. Objects and rules in statistics
5.2. Local, remote, incoming, and outgoing traffic
5.3. Client-server versus source-destination
5.4. Traffic analysis
5.5. Traffic categorization
5.6. Subscriber identity integrity
This chapter describes key concepts relevant for understanding PacketLogic statistics.
See also
• Section 2.4, “Glossary”
111
5.1. Objects and rules in statistics

You determine which statistics to collected and how to store them by using objects and rules. Objects specify what information
to store about traffic and rules specify conditions for which traffic to select. Examples include statistics for local visited websites,
remote visited websites, applications, protocols, and users defined by, for example, IPs, MAC-addresses, Switch Ports using
DHCP snooper and option 82, or RADIUS user names.
• Data stored in the statistics file system (StatsFS) of PacketLogic is configured in StatisticsObjects. The fields in the object
configuration specify which metrics to store and the distribution specifies how the information is organized. You use statistics
rules to match traffic to StatisticsObjects.
• IPFIX data export is configured in IPFIXObjects. The objects contain templates for building IPFIX records and a list of IPFIX
collectors to which the records are exported. The templates specify the format in which the data will be built and which
values to export. You use statistics rules to match traffic to IPFIXObjects.
• Insights data export is configured with system configuration values. You use statistics rules to match traffic for Insights
data export.
• Connection logging can be enabled for a statistics rule. Traffic matching the rule is logged in the connection log.
See also
• Chapter 7, PacketLogic statistics file system
• Chapter 10, IPFIX
• Chapter 9, Insights Data Storage
• Chapter 11, Connection logging
• Section 6.6.2.3, “Rules for traffic management and statistics” in PacketLogic Real-Time Enforcement product guide
5.1.1. Creating a condition

You create a condition to specify which traffic to select with a rule.
To create a condition
1. In the navigation pane, expand one of the rules folders and select a rule.
2. In the workspace, click Add Condition, and then click New Condition.
3. In the Type column, select the operator (AND, OR, or NOT).
4. Optionally, in the Name/Object column, type a name for the condition.
Note
Conditions can be reused in other rules. To make the condition more generic, do not associate the
name of the condition with the rule.
5. In the workspace, click Add Object.
112
6. In the Type column, select the object from the list, or—where applicable—point to the object and select the condition
type. For more information about condition types, see Section 6.6.2.1.7, “Object types and their characteristics”
Note
Only object types with configured objects are available in the list.
7. In the Type column, select the object to use in the condition.
8. Optionally, add more conditions and objects.
9. On the File menu, click Verify to compile the ruleset.
10. If the Verify Output dialog shows any errors, correct the errors and compile again.
Note
You must correct all errors in the condition to be able to commit the rule to the live ruleset.
11. On the File menu, click Save to commit the ruleset.
See also
• Section 3.15, “Conditions configuration pane”
• Section 6.6.2.1, “Use conditions to create rules” in PacketLogic Real-Time Enforcement product guide
• Section 6.6.2.1.7, “Object types and their characteristics” in PacketLogic Real-Time Enforcement product guide
5.2. Local, remote, incoming, and outgoing traffic

PacketLogic has an "inside" and an "outside". PacketLogic is connected to the surrounding network with one internal and one
external interface per channel. The network connected to the internal interface is considered local, and the network connected
to the external interface is considered remote.
Along the same lines, traffic is considered "incoming" or "outgoing". Traffic coming from the local network (arriving on the internal
interface) destined for the remote network is outgoing, and traffic coming from the remote network (arriving on the external
interface) destined for the local network is incoming.
5.3. Client-server versus source-destination

Most rule sets use the concept of source and destination instead of client and server. PacketLogic uses the client-server concept
because of the state-keeping properties of the PacketLogic network stack. A client is the host transmitting the first packet. In
the returning packet from the server the client is still the same host. Thus, it is more intuitive to use the client-server concept,
as it minimizes the rules needed.
5.4. Traffic analysis

Note
This section contains an overview of PacketLogic traffic analysis related to PIC. For more information on traffic
analysis, see the PacketLogic Real-Time Enforcement Product Guide.
113
PacketLogic analyzes each packet that arrives on its channel interfaces. However, PacketLogic does not take action based on
an isolated packet. Instead, it looks at the connection to which the packet belongs. All of the analyzed information is kept for each
individual connection. Most of the selection rules and traffic manipulation in PacketLogic apply to connections, not packets.
This provides great advantages in both identification and management of traffic. For identification purposes, it gives a complete
view of an entire connection, which will always be more detailed than single packets. For management purposes, it gives
more precise and concise rules. Since PacketLogic keeps track of, for example, which connections that connect to server
ftp.domain.com using the service FTP, you only need need to know that you want to limit or prioritize such connections, not
how they break down into packets. That is taken care of by PacketLogic.
Each connection takes up resources in the form of an entry in the internal connection table. The maximum size of this table is
defined by the system configuration value MAX_CONNECTIONS in the Connection Handling folder. When the table is full, a new
connection will be allocated an entry by least recently used (LRU) selection of unestablished connections. Should that also fail,
the connection cannot allocate resources to track it. By default, this means packets for the connection are dropped. Setting
the system configuration value SHUNT_CONNECTION_FAILURES in the Connection Handling folder to True changes this to
shunting (direct forwarding), meaning the packets are forwarded directly without analysis or rule application. Shunted traffic is
accounted in the system diagnostics values Shunted bytes (connection create failure) and Shunted packets (connection create
failure) in the Connection zone. For more information, see Appendix C, System Diagnostics Values.
FIGURE 5.1 Traffic analysis in PacketLogic
114
1. Packet analysis
PacketLogic analyzes each packet that arrives on its channel interfaces and collects data from the packets header.
2. Connection tracking
PacketLogic keeps track of which connection the packet is part of.
3. DRDL connection analysis
The type (service) of traffic is determined by analyzing the connection using the Datastream Recognition Definition
Language (DRDL).
4. Flow behavior analysis
The characteristics of the connection is measured and categorized by setting flow behavior flags to provide generic
information about the connection.
5. Collecting BGP AS information
Information about the traffic from the network and general environment (such as time and BGP AS path).
5.4.1. Connection quality measurement

PRE calculates the Quality of Experience (QoE) for TCP connections using packet counters in the inbound and outbound traffic.
QoE metrics for each TCP connection are subsequently represented as column data in the Dynamic LiveView, as shown in
Figure 5.2. The metrics are also accessible from the Python API.
FIGURE 5.2 PRE LiveView – showing top services with QoE measurements in real time
5.4.1.1. Monitoring points

Each QoE measurement is derived from two separate listening points (Inbound external and Internal outbound) in the internal
and external channel interfaces, as shown in Figure 5.3.
115
FIGURE 5.3 QoE monitoring of inbound and outbound traffic
QoE monitoring is performed separately for both directions in each channel interface, where:
• Inbound internal traffic represents packets sent on the internal channel interface that are destined for a host on the
internal side.
• Outbound external traffic represents packets sent on the external channel interface, destined for a host on the external
side.
• Outbound Internal represents packets received on the internal channel interface that are destined for a host on the
external side.
• Inbound external traffic represents packets received on the external channel interface that are destined for a host on
the internal side.
5.4.1.2. Statistics
QoE measurements can also be archived as statistical data in PRE and PIC, as shown in Figure 5.4
FIGURE 5.4 PRE Statistics view – showing inbound and outbound service (Facebook) traffic
116
5.4.1.3. QoE calculation

Expressed as percentage ratio, each QoE metric is based on following calculation:
FIGURE 5.5 QoE calculation
5.4.1.4. Identifying packet drops

Packet drops are identifiable through retransmissions, or gaps in the TCP sequences, of packets received in the Inbound external
and Outbound internal traffic.
• In the incoming (Inbound external and Outbound internal) traffic, packet drops are identifiable as gaps in the TCP sequences.
• In the outgoing (Outbound external and Inbound internal) traffic, packet drops are only identifiable as retransmissions in
the incoming (Inbound external and Outbound internal) traffic – indicating that a transmitted packet has not reached its
destination.
Note
By checking if the retransmitted packet correlates to a previously sent ACK packet, it is possible to determine
exactly where in the traffic the packet has been lost. If the retransmission corresponds to an ACK packet
previously sent in the opposite direction, it can be concluded that it was the ACK packet that was lost – not
the original packet.
Example: A packet retransmitted in the Outbound internal traffic correlates to an ACK packet seen earlier in the Inbound external
traffic. As the ACK packet was previously seen in the opposite direction, this is the direct result of a drop in the Inbound internal
traffic of that TCP connection.
5.4.1.5. QoE metrics in an asymmetrical environment

In an asymmetrical environment, each PRE will only be able to see parts of the QoE metrics, depending on which PRE detected
each drop or retransmission. The consequence of this is that the QoE metrics will be divided over the PRE systems. This affects
LiveView, where the QoE presented will be calculated on a subset of the packets, drops and retransmissions. However, the
QoE metrics will be aggregated to the correct value once it is collected to statistics.
When a retransmission is detected, to make sure it is properly accounted for, a flag is set in the flow sync UPDATE message.
This will cause the current data direction and sequence number to be sent to the flow sync peer. With this information it is
possible for the flow sync peer to account for the retransmission.
5.4.2. Handshake Round-Trip Time (RTT)

PacketLogic accounts handshake round-trip times for TCP and, optionally, UDP connections. The values are accounted as
either external or internal handshake RTT. The measurements differ between TCP (see Section 5.4.2.2, “TCP”) and UDP (see
Section 5.4.2.3, “UDP”).
The values are shown in connection details for individual connections, aggregated in dynamic LiveView, and available as averages
as fields in StatisticsObjects for statistics.
117
5.4.2.1. RTT in an asymmetrical environment

In an asymmetrical environment, each PRE will only be able to see a subset of the handshake RTT, depending on if it has the
client connection or not. This might cause minor discrepancies when the RTT on two flow synced PRE system is compared in
LiveView. However, the RTT will be aggregated to the correct value once it is collected to statistics.
To make sure RTT is correctly aggregated, a timestamp is added to the hello messages in the flow sync network. This makes
it possible to calculate the "ping time" between different PRE systems, which is used later in the RTT calculation.
5.4.2.2. TCP
PacketLogic stores time stamps (based on the clock on the PacketLogic system) when the SYN packet, the SYN/ACK packet,
and the ACK packet of a TCP connection are seen on the channel interfaces of PacketLogic. The difference in time between
the SYN and SYN/ACK packets is accounted as the handshake RTT towards the client side, and the difference in time between
the SYN/ACK and the ACK packets is accounted as the handshake RTT towards the server side. Depending on whether the
client is internal or external, the values are stored as follows:
Internal handshake RTT

For TCP connections with the client on the internal network, this is the difference between the time when the SYN/ACK
and the ACK packets were seen. Based on Figure 5.6, this is calculated as T3 - T2 .
For TCP connections with the client on the external network, this is the difference between the time when the SYN and
the SYN/ACK packets were seen. Based on Figure 5.7, this is calculated as T2 - T1 .
FIGURE 5.6 TCP handshake RTT for client on internal network
External handshake RTT

For TCP connections with the client on the external network, this is the difference between the time when the SYN/ACK
and the ACK packets were seen. Based on Figure 5.7, this is calculated as T3 - T2 .
For TCP connections with the client on the internal network, this is the difference between the time when the SYN and
the SYN/ACK packets were seen. Based on Figure 5.6, this is calculated as T2 - T1 .
118
FIGURE 5.7 TCP handshake RTT for client on external network
5.4.2.3. UDP
For UDP, RTT measurements are optional and enabled by the system configuration value
UDP_RESPONSE_RTT_AS_HANDSHAKE_RTT (see Appendix B, System Configuration Values). If UDP RTT measurements
are enabled, PacketLogic measures the time between the first request packet and the first response in UDP connections. If
the client is on the internal side and the server is on the external side of PacketLogic, the calculated RTT is set as the External
handshake RTT for the connection. If the client is on the external side and the server is on the internal side of PacketLogic, the
calculated RTT is set as the Internal handshake RTT for the connection.
FIGURE 5.8 UDP handshake RTT for client on internal network
119
FIGURE 5.9 UDP handshake RTT for client on external network
5.4.3. Timestamp option based Round-Trip Time (RTT)

PacketLogic can calculate round-trip times for TCP connections if the optional timestamp field is present in the TCP header.
Note
This is not the same metric as the handshake RTT described in Section 5.4.2, “Handshake Round-Trip Time
(RTT)”.
For connections where the optional timestamp field is present in the TCP header, PacketLogic tries to set a calculated RTT value.
A calibration is attempted to determine if the timestamp field can be reliably used to calculate RTT. If the calibration succeeds,
RTT is calculated and stored. This is done separately for the internal and the external side. This means that there can be a value
in one direction but not the other.
5.5. Traffic categorization

Note
This section contains an overview of PacketLogic traffic categorization concepts and objects related to PIC.
For more information on traffic categorization and object types, see the PacketLogic Real-Time Enforcement
Product Guide.
The information collected during the traffic analysis is kept for each individual connection and available for viewing in the
PacketLogic client. The PacketLogic ruleset allows for categorization based on the extracted information.
5.5.1. Traffic identification overview

PacketLogic identifies traffic to a great level of detail. The following criteria are possible to match connections to:
Host and network IP addresses

These criteria are defined in NetObjects, as individual IP addresses, address ranges, or entire IP subnets (for details,
see Section 5.5.3.1, “NetObjects”).
Layer 4 Port numbers

These criteria are defined in PortObjects, as individual port numbers or ranges of ports (for details, see Section
6.6.1.3.2, “PortObjects” in PacketLogic Real-Time Enforcement product guide). For example port 21 or ports
6081-6089.
120
Network protocols
These criteria are defined in ProtocolObjects, by protocol name (such as TCP or UDP) or protocol number for
proprietary protocols (for details, see Section 6.6.1.3.3, “ProtocolObjects” in PacketLogic Real-Time Enforcement
product guide).
Services generating the traffic

These criteria are defined in ServiceObjects, as lists of service names from the services that PacketLogic identifies.
Services are defined as distinct connection signatures recognized by DRDL and can be specific to, for example,
applications or protocols (for details, see Section 5.5.3.2, “ServiceObjects”).
URL category
These criteria are defined in ContentLogicObject, as lists of URL categories from the set of categories recognized by
PacketLogic (for details, see Section 6.6.1.3.5, “ContentLogicObjects” in PacketLogic Real-Time Enforcement product
guide).
Time and date

These criteria are defined in TimeObjects, as time intervals which can be made recurring (for details, see Section
6.6.1.3.6, “TimeObjects” in PacketLogic Real-Time Enforcement product guide).
The ID number of the VLAN in which the connection flows

These criteria are defined in VlanIDObjects, as individual VLAN ID numbers, or ranges of VLAN ID numbers (for details,
see Section 6.6.1.3.9, “VlanIDObjects” in PacketLogic Real-Time Enforcement product guide).
The priority level of the VLAN in which the connection flows

These criteria are defined in VlanPriorityObjects, as a VLAN priority number (for details, see Section 6.6.1.3.10,
“VlanPriorityObjects” in PacketLogic Real-Time Enforcement product guide).
Diffserv Codepoint (DSCP)

These criteria are defined in DSCPObjects, as individual DSCP numbers or ranges of DSCP numbers (for details, see
Section 6.6.1.3.11, “DSCPObjects” in PacketLogic Real-Time Enforcement product guide).
Channel
These criteria are defined in ChannelObjects, as individual channels (for details, see Section 6.6.1.3.12,
“ChannelObjects” in PacketLogic Real-Time Enforcement product guide).
Properties of the connection (such as file size, server version, user name). Which properties that are
available depends on the application
These criteria are defined in PropertyObjects, as property names and matching strings (optionally with wild cards) (for
details, see Section 6.6.1.3.13, “PropertyObjects” in PacketLogic Real-Time Enforcement product guide).
Flow behavior, which define characteristics such as timing, packet size and distribution
These criteria are defined in FlagObjects, as different transfer behavior (XFB) flags to match as set or not set (for details,
see Section 6.6.1.3.14, “FlagObjects” in PacketLogic Real-Time Enforcement product guide).
The level of tunneling in which to match traffic

These criteria are defined in TunnelLevelObjects, as a number of tunnel levels to strip before looking at
actual connection information (for details, see Section 6.6.1.3.15, “TunnelLevelObjects” in PacketLogic Real-Time
Enforcement product guide).
The type of tunnel to look into

These criteria are defined in TunnelTypeObjects, as any of a set of supported tunnel types (for details, see Section
6.6.1.3.16, “TunnelTypeObjects” in PacketLogic Real-Time Enforcement product guide).
Multiprotocol Label Switching (MPLS) labels

These criteria are defined in MPLSObjects, as individual MPLS labels or ranges of labels (for details, see Section
6.6.1.3.17, “MPLSObjects” in PacketLogic Real-Time Enforcement product guide).
121
Other PacketLogic systems

This is an object type identifying other PacketLogic systems, defined by their machine ID (for details, see Section
6.6.1.3.18, “SystemObjects” in PacketLogic Real-Time Enforcement product guide).
The AS path (BGP routing)

These criteria are defined in BGPObjects, as AS numbers, optionally specifying where in the path the number shall occur
to match (for details, see Section 6.6.1.3.7, “BGPObjects” in PacketLogic Real-Time Enforcement product guide).
5.5.2. Introducing objects

PacketLogic relies on the concept of objects to categorize traffic in an intuitive way. Objects are created to categorize the traffic
on the network into different categories that are to receive different service levels (such as groups of hosts that are to have limited
bandwidth, services that are to be prioritized, and so on). The objects consist of items which form the object. For example, a
ServiceObject can consist of multiple services (items), and a NetObject can consist of a range of IP addresses (an item) except
a specified subrange (another item in the same object).
Each object has a name identifier.
Note
• Avoid using NOT conditions in conjunction with objects that can have any direction because it can lead
to unexpected behavior, such as matching all or no traffic.
• Object names must not exceed 255 characters in length.
5.5.3. Object types for traffic categorization

Each object consists of a list of subobjects and items.
5.5.3.1. NetObjects
NetObjects group different network entities into named objects for hosts with different IP addresses or IP network classes.
NetObjects can be used in rules, which simplifies maintenance of the rules. If a NetObject is modified, it will affect all rules that
use this NetObject.
Items in the NetObject configuration can be of three different types:
• Address: An IP address
• Range: A set of IP addresses specified with a starting IP address and an ending IP address.
• Network: A network is a prefix and a netmask. The network can also be written as prefix length, which will be translated
into a netmask, that is, 24 will be translated into 255.255.255.0.
To exclude a range use the exclude construction available in the the conditions-based ruleset. See Section 6.6.2.1, “Use
conditions to create rules” in PacketLogic Real-Time Enforcement product guide.
When used in rules, a NetObject can be used in four different ways:
• Client NetObject: To match this criterion the client IP address in the connection must be matched by the NetObject.
• Server NetObject: To match this criterion the server IP address in the connection must be matched by the NetObject.
• Host NetObject: To match this criterion either the server or client IP address in the connection must be matched by the
NetObject.
122
Note
Due to the implementation of the Host NetObject criterion, do not use Host NetObject not equals a
NetObject. The logical expansion of this will make such a rule match all traffic.
• Local NetObject: To match this criterion the internal IP of the connection must be matched by the NetObject. Internal IP is
the destination IP of an inbound packet and the source IP of an outbound packet.
5.5.3.1.1. Dynamic objects and items
Regular NetObjects and their contained items are defined statically. To change them, you must acquire a lock on the resource,
make the changes, and commit the changes for writing. For large-scale deployments, this can cause problems by an excessive
rate of these transactions. For these purposes, there is a special type of NetObjects and items, referred to as Dynamic.
5.5.3.2. ServiceObjects
ServiceObjects group services together. A service is the PacketLogic representation of the type of traffic carried in a connection.
If the same rule should apply to several services, a ServiceObject can be used. Each ServiceObject consists of a list of items,
where each item is a service.
You can download signature documentation with lists of supported services and protocols in the File Manager window in
PacketLogic Client. Additionally, there are a number of services that are not signatures:
Asymmetric
The service Asymmetric is traffic where PacketLogic determines it only sees one direction of the traffic.
Not Analyzed
The service Not Analyzed is traffic that DRDL does not process.
Being Analyzed
The service Being Analyzed matches all traffic that has not got enough packet information to determine which service it is.
Note: PacketLogic can only detect what service a connection uses after the first data packet has been sent. The
connection is classified as Being Analyzed until enough data is gathered to determine the service.
Unknown
The Unknown service matches all traffic which after enough packet information still can not match the connection to a
known service.
Untracked
The service Untracked matches all traffic where PacketLogic has not seen the initiation of the connection.
No signatures loaded
This service is set on all connections when the engine has not yet loaded a signature set. This is temporary, and as soon
as the signatures are loaded, the full signature set is used. However, all connections that have already set the service
to No signatures loaded stay that way, since DRDL does not reevaluate connections retroactively. As these connections
close or time out, they should gradually disappear altogether.
Incompatible string table

This service is set when the services set by the engine does not correlate to the string table (essentially the list of service
names) in PLD. This can for example occur when a PL15000/PL20000 is upgraded, updating the string table in PLD on
the SM module, but without rebooting FPs, causing them to set services according to the previous string table.
5.5.4. Attributes
123
An object can have a number of attributes defined. An attribute is a generic key-value pair, where certain key-value pairs are used
for PacketLogic functionality. For example, link speed attributes, subscriber definitions, and limits for volume-based shaping can
be defined here, as well as attributes defining if the object shall be handled in any special way when displaying it in the client.
Attributes can be viewed, added, and edited by right-clicking an object in the Objects & Rules editor in the PacketLogic client
(Section 3.10, “Objects & Rules Editor window”).
5.5.4.1. Attributes used by CGNAT

NAT - Pool id (nat-pba-pool-id)
The ID used to reference this object as a pool of IP addresses to use for NAT
Applies to: NetObject
NAT - Pool granularity for low ports (nat-pba-granularity-low)

The number of ports in each port block in the low port range (1023 and below) in the NAT pool this object defines
NAT - Pool granularity for high ports (nat-pba-granularity-high)

The number of ports in each port block in the high port range (1024 and above) in the NAT pool this object defines
NAT - Max number of low port blocks (nat-max-low-blocks)

The number of port blocks allowed in the low port range (1023 and below) per subscriber in the NAT pool this object
defines
NAT - Max number of high port blocks (nat-max-high-blocks)

The number of port blocks allowed in the high port range (1024 and above) per subscriber in the NAT pool this object
defines
NAT - Enable EIF (full cone) (nat-eif-enabled)

The NAT pool defined by this object shall use Endpoint-Independent Filtering (EIF), also known as "full cone" NAT
NAT - Allocate ports from first block (nat-pba-reuse-first)

The NAT pool defined by this object shall allocate ports from port blocks in ascending block allocation order
NAT - Rewrite non-TCP/UDP/ICMP/PPTP-GRE connections (nat-unhandled-protocols)

The NAT pool defined by this object shall rewrite source IP addresses for all connections, not just TCP, UDP, ICMP,
and PPTP-GRE
NAT - Only use this pool on specified systems (comma separated) (nat-systemids)
The NAT pool defined by this object shall only be active on specified systems. The value of this attribute should be an
comma separated list of systemids
NAT - Dynamic IP search length (nat-search-length)

The maximum number of IP address candidates allowed to test when chosing a rewrite IP address.
124
NAT - Service specific connection TTL (nat-connection-ttl)

Connections having a service added to this Service Object will have the specified value as TTL instead of the default TTL
Applies to: ServiceObject
5.5.4.2. Standard attributes

Hidden (hidden)
The object shall not be shown in the client interface.
Handled by automation (automatic)

A warning is displayed when the object is opened in the client, informing the user that the object is handled by integration/
automation and may be changed without warning. This is typically used for objects managed by the PSM in integrated
deployments, and is recommended to use for any object managed by an automated process.
Comments (Comments)
Free text containing comments relevant for the object
ServiceObject categorization ID (treeid)

Assigned object ID for ServiceObject categorization. This is handled by the system and shall not be manually altered.
Applies to: ServiceObject
PropertyObject item decryption key index (encrypted)

An index (range 1-256) to select a decryption key in a table of keys for encrypted objects.
Applies to: PropertyObject
5.5.4.3. Attributes used by Statistics

Statistics - Count as subscriber (stats-is-subscriber)
This object is considered a subscriber for the purposes of accounting subscribers in statistics.
Statistics - Linkspeed, Incoming (stats-linkspeed-in)

Integer value in bps (range 1-40000000000) stating the inbound linkspeed for the object. This is used to show linkspeed
related statistics.
Statistics - Linkspeed, Outgoing (stats-linkspeed-out)

Integer value in bps (range 1-40000000000) stating the outbound linkspeed for the object. This is used to show linkspeed
related statistics.
5.5.4.4. Attributes used for VBS

VBS - Duration (vbs-duration)
Integer value in seconds (range 1-5184000) stating the length of the sliding time window in VBS (only applicable for
internal VBS).
Applies to: ShapingObject
VBS - Inbound transfer limit (%d) ()

Integer value in bytes (range 0-1099511627776 with increments of 1024) stating the inbound VBS limit of the object. x
is a sequence number in the set of objects that are created to implement a VBS object with multiple limits.
125
VBS - Inbound bandwidth limit (%d) ()

Integer value in bps (range 0-40000000000) stating the inbound speed of the VBS object when the corresponding
transfer limit has been reached. x is a sequence number in the set of objects that are created to implement a VBS object
with multiple limits.
VBS - Outbound transfer limit (%d) ()

Integer value in bytes (range 0-1099511627776 with increments of 1024) stating the outbound VBS limit of the object.
x is a sequence number in the set of objects that are created to implement a VBS object with multiple limits.
VBS - Outbound bandwidth limit (%d) ()

Integer value in bps (range 0-40000000000) stating the outbound speed of the VBS object when the corresponding
transfer limit has been reached. x is a sequence number in the set of objects that are created to implement a VBS object
with multiple limits.
5.5.5. Nesting and hierarchies

The object types used for traffic identification are possible to nest inside other objects of the same type, to create a hierarchy.
This allows for great flexibility in adjusting rulesets while keeping manual actions minimal and enables rulesets that are easy to
overview.
FIGURE 5.10 Nested NetObjects
For this reason, object nesting of traffic identification objects is highly recommended for any non-trivial ruleset. Nesting allows
for a fine-grained separation of traffic identification criteria while still being able to easily include large categories of traffic without
126
selecting many small categories. Also, nesting allows exclusion of objects, which is useful to, for example, impose limits on an
entire network except certain individual hosts.
5.5.6. Object - item relationships (OR, AND)

The objects and items are compared in the rule evaluation with either OR or AND operator depending on what kind of object
it is. General rule of thumb is that all objects and items are evaluated using the OR operator, however there is two exceptions.
FlagObjects and ContentLogicObject compare the items using AND operators. See Section 6.6.2.1.7, “Object types and
their characteristics” in PacketLogic Real-Time Enforcement product guide.
5.6. Subscriber identity integrity

Subscriber identifying values are obfuscated by default when statistics are written to the statistics file system, exported to Insights
Data Storage, or exported as IPFIX records or in .csv format. String values appear as a hashed string and IP addresses as a
randomized IP address.
A license is needed in order to change the default behaviour. If the license module exists, you can change the
default behaviour with the system configuration values PLS_OBFUSCATE_SUBSCRIBERS in the Statistics folder and
INSIGHTS_OBFUSCATE_SUBSCRIBERS in the Insights folder.
5.6.1. Obfuscated values in the statistics file system

The following values, or parts of values, are obfuscated by default in the statistics file system:
• localhost
• NetObjects that have the attribute Statistics - Count as subscriber set
• The Session Context column that is configured with PLS_SCHEMA_COLUMN_SUBSCRIBER
• Values derived from Session Context columns that are part of the schema key
5.6.2. Obfuscated IPFIX elements

The following IPFIX elements are obfuscated by default when IPFIX records are exported:
• proceraImsi
• proceraDeviceId
• proceraMsisdn
• proceraSubscriberIdentifier
• proceraLocalIPV4Host
• proceraLocalIPv6Host
• sourceIPv4Address (For IP addresses on the internal network.)
• destinationIPv4Address (For IP addresses on the internal network.)
• sourceIPv6Address (For IP addresses on the internal network.)
• destinationIPv6Address (For IP addresses on the internal network.)
127
5.6.3. Obfuscated data in Insights Data Storage

The data in the following columns is obfuscated by default in Insights Data Storage:
• subscriber (In the Insights traffic and score schemas.)
• ip_address (In the Insights traffic schema.)
• Columns that contain data from Session Context columns that are part of the schema key.
• Columns that contain data from NetObjects that have the attribute Statistics - Count as subscriber set.
128
6. PIC components and deployment
6.1. Statistics data flow
6.2. Software architecture
6.3. Deployment scenarios
6.4. Statistics user
6.5. Performance considerations
6.6. Bandwidth considerations
6.7. Centralized management
6.8. Monitoring PacketLogic
6.9. Backup and restore
6.10. PacketLogic update
This chapter describes the components of a PIC system and examples of statistics deployments. It also describes how to
operate and monitor PacketLogic.
129
6.1. Statistics data flow

The figure illustrates the statistics data flow in PacketLogic.
FIGURE 6.1 Statistics data flow
1. The engine sends updates with information about connections to the PacketLogic Daemon (PLD):
• When a connection is removed.
• Every 5 seconds. You can change the interval with the system configuration value CONNECTION_UPDATE_INTERVAL
in the Connection Handling folder.
For every connection, information about the transferred data and which statistics rules that the connection matches is
kept both in the engine and in the PacketLogic Daemon.
The engine marks updates to send to the PacketLogic Statistics Daemon every 5 minutes. You can change the interval
with the system configuration value STATISTICS_CONNECTION_UPDATE_INTERVAL in the Connection Handling folder.
2. When the PacketLogic Daemon receives a marked update, it forwards it to the PacketLogic Statistics Daemon (PLSD).
3. The PacketLogic Statistics Daemon builds datasets in memory from the information received from the PacketLogic
Daemon every 5 minutes. You can change the interval with the system configuration value PLS_GRAPH_FREQUENCY
value in the Statistics folder.
You can configure the PacketLogic Statistics Daemon to write temporary dataset files locally. These datasets ensure that
data loss is minimized in case of a system failure, as the temporary files are stored persistently.
Note
• Unless there is a system failure, temporary datasets will only be written if the system
configuration value PLS_DISK_CACHE_INTERVAL is smaller than the system configuration value
PLS_DUMP_INTERVAL. Otherwise, the datasets for the interval will be sent directly to the
PacketLogic Database Daemon.
• To avoid running out of disk space for other data, the temporary files are removed when a set limit
of disk space is exceeded. The limit is 50 GB by default, but you can change it in the CLI.
4. The PacketLogic Statistics daemon sends the temporary datasets to the PacketLogic Database Daemon (PLDBD):
130
• When a statistics write is forced.
• Every hour. You can change the interval with the system configuration value PLS_DUMP_INTERVAL in the Statistics
folder.
5. The PacketLogic Database Daemon first writes the data to temporary files. It then waits to let all statistics daemons
finish sending data before it writes the data to permanent storage. After 60 seconds the database daemon
starts the PacketLogic Statistics Writer Backend process (PLSWB), which reads the temporary files and writes
the data to the statistics file system (StatsFS). You can change the interval with the system configuration value
PLDB_STATWRITER_GRACE_PERIOD value in the Statistics folder.
Note
• The system configuration value PLS_GRAPH_FREQUENCY must be a multiple of or equal to

STATISTICS_CONNECTION_UPDATE_INTERVAL.
• The system configuration value PLS_DISK_CACHE_INTERVAL must be a multiple of

PLS_GRAPH_FREQUENCY.
• You can avoid bursts in the traffic between the statistics daemon and the database daemon—which may
consume a large part of the available bandwidth—by limiting the dataset transfer rate. Configure the
maximum bandwidth in Kbps with the system configuration value PLS_DATASET_BANDWIDTH_LIMIT in
the Statistics folder. Monitor the transfer rate in the System Diagnostics view with the value Bandwidth
used (Dataset Transfer) in the Statistics zone.
See also
• Section 6.2, “Software architecture”
• Section 6.3, “Deployment scenarios”
6.2. Software architecture

PacketLogic systems store statistic based on the traffic passing through PRE. The following sections describe the software
components involved in the process.
See also
• Section 6.2.1, “Engine”
• Section 6.2.2, “PacketLogic Ruleset Compiler Daemon (PLRCD)”
• Section 6.2.3, “PacketLogic Daemon (PLD)”
• Section 6.2.4, “PacketLogic Database Daemon (PLDBD)”
• Section 6.2.5, “PacketLogic Statistics Daemon (PLSD)”
• Section 6.2.6, “Internal communication”
• Section 6.2.7, “Statistics daemon and statistics writer of different firmware version”
• Section 6.1, “Statistics data flow”
131
6.2.1. Engine
The Engine is the packet processing core of PacketLogic. Each PLOS instance (engine) receives each individual packet,
determines which connection it belongs to, sends it to DRDL to determine the service of the connection, sets the flow behavior
flags of the connection, and applies the ruleset to the connection. Applying the ruleset can mean enqueueing, dropping, rejecting,
forwarding, rewriting, and combinations of the above. The engine reports connection information to the control application
PacketLogic Daemon (PLD).
The engine is typically a processor. In some systems, the engine runs along with control applications in a single processor. In
other systems, there are several processors running only the engine.
6.2.1.1. Processor
The engine is typically a processor. In some systems, the engine runs along with control applications in a single processor. In
other systems, there are several processors running only the engine.
PL15000/PL20000 chassis products support an extended (bladed) hardware platform. In this modular architecture, each Flow
Processor (FP) module is dedicated to packet processing. The specification of each module varies between each of the
supported chassis platforms:
• PL15000— each module has one physical processor. This processor has 12 cores, each capable of running two individual
processing threads. One core is reserved for controlling the processor, which leaves 11 cores of two threads each. In
all, that means that there are 22 available threads running on the processor. See also Section 6.7.1, “PL15000 chassis
architecture” in PacketLogic Real-Time Enforcement product guide.
• PL20000— each module has two physical processors. These processors have eight cores, each capable of running four
individual processing threads. One core is reserved for controlling the processor, which leaves seven cores of four threads
each. In all, that means that there are 28 available threads running on each processor. See also Section 6.7.1, “PL15000
chassis architecture” in PacketLogic Real-Time Enforcement product guide.
6.2.1.2. Reaper
In a PL15000/PL20000 chassis platforms, each FP has what is called a Reaper. The reaper collects and processes information
from the engine, which it then communicates to the PLD. This functionality is apparent in the system diagnostic zones, where the
values are shown per engine (such as the Packet Processing zone) and engine threads are sorted under an associated reaper.
6.2.2. PacketLogic Ruleset Compiler Daemon (PLRCD)

The PacketLogic Ruleset Compiler Daemon (PLRCD) retrieves rules and objects stored in the PacketLogic Database Daemon.
It compiles the rules and objects and sends them to the PacketLogic Engine.
The ruleset compiler daemon handles the following tasks:
• Loading the Application Recognition Module (ARM) with the compiled set of signatures to apply for DRDL to use.
• Retrieval of configuration elements from the database daemon.
• Ruleset compilation using LIBRC.
• Counters in ShapingObjects.
• Dynamic items management.
• Queue synchronization.
132
6.2.3. PacketLogic Daemon (PLD)

The PacketLogic Daemon (PLD) is the software component that communicates with the PacketLogic Engine. PLD receives
information about traffic from the engine and provides real-time traffic information to requesting interfaces, such as LiveView in
the PacketLogic Client, the realtime part of the PythonAPI, or the PacketLogic Statistics Daemon.
The PacketLogic Daemon handles the following tasks:
• Communication with all engines in the PacketLogic. Messages are exchanged using TCP.
• Communication with the clients, such as management client, the PacketLogic Statistics Daemon, and the PythonAPI.
• Firewall log storage.
• Firewall log queries.
• BGP Table management. PLD provides PLRCD with AS paths for the prefixes in the table for ruleset use.
6.2.3.1. Hosts
The PacketLogic Daemon (PLD) holds a data structure for hosts. Hosts are IP addresses on the internal side of a channel,
according to the PacketLogic view of hosts. The host data structure contains information on which NetObjects the host belongs
to and what connections that host has.
An entry in the hosts data structure is created the first time the host has an established connection, that is, a connection that has
had packets in both directions. As soon as a host no longer has any connections, it is removed from the hosts data structure.
The size of the data structure is defined by the system configuration value HOST_NUM_HOSTS. Set the value to the number
of expected concurrent hosts on the internal side of PacketLogic.
If the hosts data structure is exhausted, subsequent hosts cannot be added. This means that the mapping to NetObjects and
connections cannot be created for those subsequent hosts. This affects the reporting that relates to NetObjects in LiveView
and statistics. Hosts that cannot be allocated in the hosts data structure will not be shown in the correct NetObject(s) in Local
Hosts view in LiveView, nor will their traffic be added to the total for the NetObject(s). Likewise for statistics, the traffic for the
host will not be accounted on the correct NetObject. Traffic management relates to connections without any dependency on
the hosts data structure in PLD, so traffic management is not affected. Nor is LiveView and statistics reporting based on other
criteria than NetObjects, for example, services.
6.2.4. PacketLogic Database Daemon (PLDBD)

The PacketLogic Database Daemon (PLDBD) stores configuration data persistently in a database and provides an interface to
the data.
The database daemon handles the following tasks:
• Communication with the different clients.
• Communication with and management of the local database holding the ruleset and configuration.
• Communication with remote database servers via proxy.
• Transaction-based session and resource management.
• Data queries, such as retrieval and modification.
• System Diagnostics.
133
6.2.4.1. Database daemon in a statistics system

In PIC, the PacketLogic Database Daemon has additional tasks. It receives datasets from the PacketLogic Statistics Daemon
(PLSD) and is responsible for reading statistical data upon request. The database daemon stores temporary files with the
datasets and starts the PacketLogic Statistics Writer Backend (PLSWB) process, which loads temporary datasets and writes
them sequentially to the statistics file system. One database daemon is capable of receiving datasets from multiple statistics
daemons.
6.2.4.2. Resources
Resources are kept in the resource table of the PacketLogic Database Daemon, and the current list can be seen in the Resource
Manager in the PacketLogic Client. Each resource defines a subset of the PacketLogic system configuration. Each resource
defines a set of data—database tables or filesystem data—and a set of commands to retrieve or manipulate this data.
When a resource is database bound, a session attached to a resource will always be in a database transaction. There is also
an implicit lock on each resource that is taken when the session sends the first manipulative command for the resource.
Resource commands are divided into read-only commands and write commands. Each user has a read and write privilege for
each separate resource.
• Aggregation governs writing aggregated statistics to a statistics system.
• Backups governs creating and restoring database backups.
• Channel Management governs handling the channel interfaces.
• CommitLog governs the CommitLog, which keeps track of changes made to the configuration.
• Connection Log governs connection logging.
• Dynamic Ruleset governs the handling of dynamic items (subscribers).
• File Server governs the content found in the File Manager.
• Host Triggers governs the management of host triggers.
• Logs governs the management of log files.
• PLSCD governs access permissions.
• PSM governs the permissions for access to the PSM web user interface.
• Resource governs the configuration of resources.
• Rules & Object Configuration governs the management of objects and rules, that is, the ruleset.
• StatReader governs the function reading statistical data from disk.
• StatWriter governs the function writing statistical data to disk.
• StatWriter Backup governs the function writing statistical data to disk on a secondary statistics system.
• System Configuration governs the system configuration database.
• System Diagnostics governs the handling of counters and alert levels in System Diagnostics.
• System Overview governs the function to show system information in the System Overview. For more information, see
Section 5.3, “System Overview” in PacketLogic Real-Time Enforcement product guide.
• User Management governs the user database. For more information, see Section 3.18, “User Editor window”.
134
See also
• Section 5.3, “System Overview” in PacketLogic Real-Time Enforcement product guide
6.2.4.2.1. Proxied resource
You can proxy a resource to a remote database daemon on another PacketLogic system. The local database daemon will
keep a handle connected to the remote database daemon server, and translate/rewrite commands bound to a local session
to a remote session. When you create a session on the local database daemon and attach it to a proxied sresource, the local
database daemon will create a corresponding session to the remote database daemon. All of this is transparent to the user.
Important
• If the network communication fails between the local PacketLogic and the central PacketLogic, the local
PacketLogic will not be able to re-read the proxied resource. In this case, a backup to restore to the local
PacketLogic is essential to ensure operation.
• If you move the database where the proxied resource is stored, the connection to the proxied resource
is lost. To restore the connection to a proxied resource, repoint the database in the PacketLogic Client
System Manager.
This functionality is used to keep the same ruleset (or other resource) on several PacketLogic systems. For more information,
see Section 6.7, “Centralized management”.
6.2.4.2.2. Locking resource
Any number of sessions can be attached to the same resource without interfering, as long as they are only sending read
commands. When you issue a write command to a resource, the resource will be locked for writing until you send a "Commit"
message. This triggers the database transaction to commit, and unlock the resource for writing again.
A session cannot write to a resource that is locked by a different session.
6.2.4.3. External authentication sources

By default, PacketLogic authenticates users using the PacketLogic Database Daemon and the user database defined in the
PacketLogic Client. It is also possible to make an external authentication query towards a RADIUS or TACACS+ server. You
can configure several authentication servers. When there are multiple authentication servers, they will be tried in sequence
until a response is received. That response will then determine the success of the authentication. If no authentication servers
respond—or if the authentication results in access denied—PacketLogic falls back by default to authenticate with the internal
user database. The fallback to local authentication can be disabled in the configuration.
Note
For SSH login, local fallback on external authentication failure is always used. Disabling local fallback in
configuration does not disable local fallback for SSH login.
For client and API logon, permissions for the authenticated users can be defined by configuring a local user and then configuring
the authentication server to provide the applicable local user name in the authentication response. The authenticated user will
then get permissions equivalent to the local user given in the authentication response.
Configuring the authentication server is not included in the PacketLogic external authentication. It is the responsibility of the
administrator of the authentication server.
135
For configuration examples, see:
• A Freeradius server providing a local user using RADIUS in Appendix I, Freeradius configuration example in PacketLogic
Real-Time Enforcement product guide.
• A Cisco TAC PLUS server providing a local user using TACACS+ in Appendix J, Cisco TAC PLUS configuration example
6.2.5. PacketLogic Statistics Daemon (PLSD)

The PacketLogic Statistics Daemon (PLSD) receives connection information from the PacketLogic Daemon (PLD) for all traffic
defined in statistics rules. The statistics daemon creates data sets of values, based on StatisticsObjects used by statistics rules.
The data sets are sent to the PacketLogic Database Daemon (PLDBD) on PIC.
For more information on the statistics data flow, see Section 6.1, “Statistics data flow”.
6.2.5.1. PacketLogic Statistics Daemon system configuration

To keep the PacketLogic Daemon (PLD) and the PacketLogic Statistics Daemon (PLSD) processes synchronized, a number of
system configuration values are retrieved from the system that has PLD configured. In deployments where the statistics daemon
is running on PIC, these values are configured in PRE. You must restart the statistics daemon to apply changes in these values.
• CONNECTION_UPDATE_INTERVAL
• DYNAMIC_NETOBJECT_PREFIXES_MAX
• HOST_NUM_HOSTS
• HOST_NUM_NETOBJECTS
• HOST_STATS_VOLUME_THRESHOLD
• INSIGHTS_DATA_COLLECTION_SCORE_SERVICE
• INSIGHTS_SESSION_CONTEXT_SCHEMAS
• INSIGHTS_USE_SESSION_CONTEXT
• MAX_CONNECTIONS
• MAX_VISIBLE_NETOBJECTS
• STATISTICS_CONNECTION_UPDATE_INTERVAL
• STATISTICS_MAX_RULES_PER_CONNECTION
See also
• Section 6.1, “Statistics data flow”
6.2.6. Internal communication
136
Communication uses PacketLogic Messages, a simple binary protocol that can be used for both request/response and data
message streaming.
Between user-land applications, communications use the proprietary Fast Lightweight Crypto and Key-exchange Abstraction
(FLICKA) library. FLICKA negotiates a PKI encrypted TCP session. It uses RSA for the symmetric key exchange and RC4 for
session data.
6.2.7. Statistics daemon and statistics writer of different

firmware version
The PacketLogic Statistics Daemon (PLSD) and the statistics writer (StatWriter) resource can communicate across major firmware
versions. This is useful when you upgrade a deployment where multiple PRE systems write statistics to the same PIC system,
with the statistics daemon running on PRE and the statistics writer process running on PIC.
In a scenario where the statistics daemon runs on a PRE with higher version than PIC, you need to configure the statistics
daemon to send statistics to an older statistics writer resource.
• Set the system configuration value PLS_STATWRITER_WRITE_VERSION (for the StatWriter resource) or
PLS_STATBACKUP_WRITE_VERSION (for the StatWriter Backup resource) to the major firmware version of PIC. For
example, if the statistics daemon runs on version X.1.1 and the statistics writer on version X.0.9, set the configuration
value to X.0
If the statistics daemon runs on a PRE with lower version than PIC, no configuration is required. The statistics daemon will send
its version to the statistics writer resource, which is backwards compatible when processing datasets.
See also
• Section 6.2, “Software architecture”
6.3. Deployment scenarios

PIC firmware is installed on a separate PacketLogic hardware platform. PIC systems can receive statistics from several PRE
systems, which are performing traffic monitoring and traffic management. Typically, PRE and PIC are connected through the
auxiliary ports (AUX). The network does not need to be publicly addressable. For more information about the network bandwidth,
see Section 6.6, “Bandwidth considerations”.
Depending on the amount of data to be stored, statistics collection and storage can be deployed in different ways. The following
scenarios are described in this product guide.
Local statistics
One PRE collects statistics and writes it to storage on PRE itself.
One PRE and one PIC

One PIC collects and writes statistics from one PRE.
Multiple PREs and one PIC

One PIC writes statistics from multiple PREs, with statistics daemons located on each PRE.
Multiple PREs, one PIC collector and one PIC writer

One PIC collects statistics from multiple PREs, and another PIC writes the statistics.
Statistics reader peering

Data is shared among multiple PICs. Statistics reader peering is used to connect to one PIC and view data from the peers.
137
See also
• Section 6.6, “Bandwidth considerations”
• Section 6.3.1, “Local statistics deployment”
• Section 6.3.2, “One PRE and one PIC deployment”
• Section 6.3.3, “Multiple PREs and one PIC deployment”
• Section 6.3.4, “PIC collector and PIC writer deployment”
• Section 8.3, “Statistics reader peering”
6.3.1. Local statistics deployment

Typically, a PIC system is dedicated to storing statistics. However, when the expected amount of data to store is low, it can be
stored on PRE itself. All the processes are run on PRE and data is stored in the statistics file system on PRE.
Prerequisites:
• PRE must have a Statistics license.
• PRE must have local statistics enabled. Note that with chassi-based hardware installations of PRE, you need to run the
PacketLogic Statistics Daemon (PLSD) on a separate PIC.
See also
• Section 6.3.6, “Enabling/disabling local statistics”
• Section 6.3.5, “Downloading license”
138
6.3.2. One PRE and one PIC deployment

In a typical small deployment, there is one PRE system and one PIC system only. The statistics daemon is located on PIC and
data is stored in the statistics file system on the same PIC.
Prerequisites:
• PIC must have a remote system connection to PRE.
• PRE must proxy the statics reader resource in order to view the statistics stored in PIC.
See also
• Section 6.3.2.1, “One PRE and one PIC configuration workflow”
6.3.2.1. One PRE and one PIC configuration workflow

You follow this workflow to configure a statistics deployment where the statistics process and the statistics storage are located
on the same PIC system.
1. Create a statistics user on PRE and on PIC
You create a statistics user to connect between PRE and PIC systems.
Section 6.4.1, “Creating a statistics user”
2. Disable local statistics on PRE
You enable/disable local statistics to run/not run the PacketLogic Statistics Daemon (PLSD) locally on PRE.
Section 6.3.6, “Enabling/disabling local statistics”
3. Add PRE as a remote system on PIC
You add PRE as a remote system on PIC to collect statistical data from traffic passing through PRE.
139
Section 6.3.7, “Adding a remote system for statistics collection”
4. Proxy the statistics reader (StatReader) resource on PRE to PIC
You proxy a database resource to locally view and manage a resource that is located on another PacketLogic component.
The statistics reader resource on PRE reads statistics stored on PIC. You can view the statistics in the PacketLogic
Client of PRE.
Section 6.3.9, “Proxying a database resource”
See also
• Section 6.3.2, “One PRE and one PIC deployment”
• Section 6.4.1, “Creating a statistics user”
• Section 6.3.7, “Adding a remote system for statistics collection”
• Section 6.3.9, “Proxying a database resource”
6.3.3. Multiple PREs and one PIC deployment

One scenario in a large deployment is to have multiple PRE systems connecting to one PIC system. Since there is not enough
memory on PIC to run a separate statistics process for each PRE, the statistics daemons are run locally on the PRE systems.
Data is then stored in the statistics file system on PIC.
Prerequisites:
• Each PRE must have a Statistics license.
• Each PRE must have local statistics enabled. Note that with chassi-based hardware installations of PRE, you need to run
the PacketLogic Statistics Daemon (PLSD) on a separate PIC.
• The PRE systems must proxy the statistics writer resource to make the the statistics daemons send data to PIC.
140
See also
• Section 6.3.3.1, “Multiple PREs and one PIC configuration workflow”
6.3.3.1. Multiple PREs and one PIC configuration workflow

You follow this workflow to configure a statistics deployment where statistics processes run on multiple PRE systems, and the
statistics storage is located on one PIC system.
1. Create a statistics user on PIC and on all PRE systems
2. Proxy the statistics writer (StatWriter) resource on each PRE to PIC
The statistics writer resource on PRE writes statistics collected on PRE in the statistics file system on PIC.
3. Proxy the statistics reader (StatReader) resource on one or more PRE systems to PIC
The statistics reader resource on PRE reads statistics stored on PIC. You can view the statistics in the PacketLogic
Client of PRE.
4. Enable local statistics on each PRE
See also
• Section 6.3.3, “Multiple PREs and one PIC deployment”
6.3.4. PIC collector and PIC writer deployment

The most common scenario in a large deployment is to have one PIC system dedicated to run the statistics daemon, called a
collector, and one PIC system dedicated to store statistics, called a writer. The collector collects data from multiple PRE systems.
Data is stored in the statistics file system on the writer and, optionally, on additional PIC systems acting as storage nodes.
141
This requires fewer statistics licenses and less memory usage on PRE systems, than in the scenario where each PRE runs a
statistics daemon locally.
Prerequisites:
• The PIC collector must have a remote system connection to PRE.
• The PIC collector must proxy the statistics writer resource to make the the statistics daemon send data to the PIC writer.
• PRE must proxy the statics reader resource in order to view statistics stored on the PIC writer.
See also
• Section 6.3.4.1, “PIC collector and PIC writer configuration workflow”
6.3.4.1. PIC collector and PIC writer configuration workflow

You follow this workflow to configure a statistics deployment where the statistics process runs on a dedicated PIC collector, and
the statistics storage is located on a dedicated PIC writer. The collector receives data from multiple PRE systems.
1. Create a statistics user on the two PIC systems and on all PRE systems
2. Add each PRE as a remote system on the PIC collector
3. Disable local statistics on each PRE
142
4. Proxy the statistics writer (StatWriter) resource on the PIC collector to the PIC writer
The statistics writer resource on the PIC collector writes statistics in the statistics file system on the PIC writer.
5. Proxy the statistics reader (StatReader) resource on PRE to the PIC writer
The statistics reader resource on PRE reads statistics stored on the PIC writer. You can view the statistics in the
PacketLogic Client of PRE.
See also
• Section 6.3.4, “PIC collector and PIC writer deployment”
6.3.5. Downloading license

You need licenses to enable certain modules and functionality in PacketLogic.
You can download a license directly from a Sandvine download server via HTTP. You can also manually download the license
from http://IP_address_of_upgrade_server/pldownload/licenses/machine_ID.lic and then upload it to the Upgrade files folder in
the File Manager in the PacketLogic Client.
To download a license
1. Log on to the CLI of the PacketLogic system.
2. Type system license download {fileserv | master}, to download a license from the File Manager or from the the
Sandvine server.
3. Type yes to install the license.
See also
6.3.6. Enabling/disabling local statistics

143
Prerequisites:
• PRE must have a Statistics license.
• Local statistics can't be enabled on chassi-based hardware installations of PRE, as there isn't enough memory and disk
space. In these cases, you need to run PLSD on a separate PIC.
To enable/diable local statistics
1. Log on to the CLI of PRE.
2. Type configure to enter configure mode.
3. Type set service statistics local {true | false} to enable/disable local statistics.
4. Type commit.
See also
• Section 6.3.5, “Downloading license”
• Section 6.3.1, “Local statistics deployment”
6.3.7. Adding a remote system for statistics collection

Prerequisites: There must be a user user with the relevant permissions on PRE. For more information about user permissions,
see Section 6.4, “Statistics user”.
To add a remote system
1. Log on to the CLI of PIC.
3. To add a PRE, type set service statistics retrieve-statistics-from {host_ip_address |host_name} username
user_name password password.
The IP address can be the address of the administration interface or the auxiliary interface. The user name is the name
of a statistics user on PRE.
4. Type commit.
See also
• Section 6.4, “Statistics user”
• Section 6.3.8, “Verifying statistics”
144
6.3.8. Verifying statistics

You verify that statistics are running to ensure that the statistics configuration is correct.
To verify that statistics are running
1. Log on to the PacketLogic Client of PRE.
2. In System Diagnostics view, ensure that the Statistics and Statistics writer zones are available.
When these two zones are available, statistics are running.
See also
6.3.9. Proxying a database resource

Prerequisites: There must be a user with the required permissions on the remote system.
For more information about user permissions, see Section 6.4, “Statistics user”.
To proxy a database resource
1. Log on to the PacketLogic Client of the local system.
2. On the Tools menu, click Resource Manager.
3. In the Resource Manager window, double-click the resource you want to proxy.
4. In the Mode list, click Proxy.
5. In the Proxy address box, type the IP address of the remote system.
The IP address can be the address of the administration interface or the auxiliary interface.
6. In the Proxy user box, type the name of a user on the remote system.
7. In the Proxy password box, type the password of the user.
8. Click OK.
Verify that the mode of the resource changes to Proxy and that the status of the resource is Proxy ready.
See also
• Section 8.1, “Statistics reading overview”
145
6.4. Statistics user

Users are needed in statistics for the following purposes:
• Proxying the statistics reader (StatReader) resource from PRE to PIC. This makes it possible to view statistics stored on
PIC in the PacketLogic Client of PRE.
• Proxying the statistics writer (StatWriter and StatWriter Backup) resources from PRE to PIC, or from PIC collector to PIC
writer. This makes it possible to to store statistics on PIC when the statistics daemon is located on PRE.
• Creating a remote connection to PRE from PIC. This makes it possible for PIC to collect statistics from PRE when the
statistics daemon is located on PIC.
You may use different users for the different purposes, but we recommend that you have only one dedicated statistics user.
Configure the statistics user in the same way on both PRE and PIC with all the permissions listed in the table.
TABLE 6.1 Permissions for a statistics user

Database permissions LiveView permissions
StatReader: Read & Write Channel stats view
StatWriter: Read & Write Connection detail properties
StatWriter Backup: Read & Write Generic surveillance
System Configuration: Read Only
See also
6.4.1. Creating a statistics user

Note
We recommended that you create a user that is dedicated to statistics retrieval, on both PRE and PIC. For
more information about recommended user permissions, see Section 6.4, “Statistics user”.
To create a statistics user
1. Log on to the PacketLogic Client.
2. On the Edit menu, click User. The User Editor window is opened.
3. On the User menu, click New User.
4. In the Username box, type a user name.
146
5. In the Password box, type a password.
6. In the Confirm password box, type the password again.
7. Click Create.
8. On the Database Permissions tab, configure the permissions to different database resources.
9. On the LiveView Permissions tab, configure the LiveView permissions.
10. On User menu, click Save.
See also
6.5. Performance considerations

Number of values
A value in statistics is a NetObject, host, service, shaping rule, and most of the logical combinations of these. If you add more
statistics rules, more values are produced. One single statistics rule that uses a very detailed StatisticsObject will also be able
to produce a large number of values.
The number of values affects storage space. It also affects performance, since it will take longer time to write all the values to
disk. Graph point values consume more resources than total values.
Connection logging
When connection logging is enabled, storage space and performance are affected considerably, especially if the traffic has a
lot of new connections per second.
You can configure the connection logging storage with the system configuration values
PLS_CONNLOG_REINDEXING_ENABLED and PLS_CONNLOG_SEARCHABLE_CRITERIAS.
• PLS_CONNLOGT_REINDEXING_ENABLED enables reindexing of connection logging data. The default value is True.
• PLS_CONNLOG_SEARCHABLE_CRITERIAS holds a comma separated list of searchable criteria for connection logging.
Disable PLS_CONNLOG_REINDEXING_ENABLED to decrease disk usage for connection logging data by up to 30%.
Additionally, the more searchable criteria that are listed with PLS_CONNLOG_SEARCHABLE_CRITERIAS, the more storage
space will be used. Select only a few of the criteria to save an additional 20% of the storage space and to further increase
the performance.
Distribution by property
Using properties in a distribution level of a StatisticsObject can consume considerable resources. If you enable a statistics
rule connected to such a StatisticsObject, we recommend that you monitor resource consumption to ensure the system is
not overloaded. Monitor memory usage in the PacketLogic Engine and the PacketLogic Daemon (PLD) and bandwidth usage
between the engine, PLD, and the PacketLogic Statistics Daemon (PLSD).
147
See also
• Section 6.5, “Performance considerations”
6.6. Bandwidth considerations

The statistics system will communicate with the traffic management system via Transmission Control Protocol (TCP). The required
bandwidth depends on the size of the network and the amount of traffic, such as flows, hosts and rules. The requirement varies
from small networks where a few megabits per second is enough, to larger networks where a few hundred megabits per second
may be required.
6.7. Centralized management

In a PacketLogic system, you can configure access to resources located on a remote component, such as a PacketLogic Real-
Time Enforcement (PRE) or a PacketLogic Intelligence Center (PIC). This means that a resource, available to all components or
subsystems in a PacketLogic system, can be stored in one central location.
PacketLogic components in a system can take on two different roles for centralized management:
• Proxy stores resources (statistics, a ruleset, or any other resource) and and exposes them to one or more local PacketLogic
components to read when needed.
• Local PacketLogic components, in this context, read the resources stored on a remote PacketLogic.
You configure proxy from the Resource Manager on the local PacketLogic component. For more information, see Section 3.25,
“Resource Manager window”.
On the remote PacketLogic component, you must verify that the user account used to set up the Proxy on the local PacketLogic
component has the required permissions to the resource.
For recommendations on how to use the centralized management features in PacketLogic, see Section 6.7.4, “Recommended
use”.
6.7.1. Proxy
Caution
Proxying resources should only be done between systems of the same major version. Trying to proxy a
resource to a system with a different major version installed may cause the system to fail.
Proxying resources means that a local PacketLogic component completely defers the task of storing a resource (such as the
ruleset) to another PacketLogic component. A client connecting to the PacketLogic that has a resource proxy will not see that
the resource is stored remotely. There is no copy of the resource stored on the local PacketLogic. The deferred transactions
are transparent to both sides:
Note
• Set up scheduled backups of the proxied resource in the central PacketLogic. If, for any reason, the
network communication fails between the local PacketLogic and the central PacketLogic, the local
148
PacketLogic will not be able to re-read the proxied resource. In this case, a backup to restore to the local
PacketLogic is essential to ensure operation.
• If you move the database where the proxied resource is located, the connection to the proxied resource
is lost.
• For backups to work on the local PacketLogic, the Backup resource must also be set to proxy. Otherwise,
the backup will be of the local database content, which is not the running configuration.
6.7.1.1. Proxying a database resource

Prerequisites: There must be a user with the required permissions on the remote system.
For more information about user permissions, see Section 6.4, “Statistics user”.
To proxy a database resource
1. Log on to the PacketLogic Client of the local system.
3. In the Resource Manager window, double-click the resource you want to proxy.
5. In the Proxy address box, type the IP address of the remote system.
6. In the Proxy user box, type the name of a user on the remote system.
8. Click OK.
Verify that the mode of the resource changes to Proxy and that the status of the resource is Proxy ready.
See also
6.7.1.2. System Overview

By setting the System Overview resource to Proxy, you can use the PacketLogic Client System Overview to view general system
information about several components in a system. All PacketLogic components proxying the System Overview resource to the
same remote PacketLogic will see each other's System Overview information. If a separate PacketLogic is used for statistics
storage, it is recommended that you use the statistics system as a central point for System Overview proxying.
149
For information on how to configure System Overview values, see Section 5.3, “System Overview” in PacketLogic Real-Time
6.7.2. System Diagnostics

You can proxy System Diagnostics. When System Diagnostics are proxied, the proxying components and the components to
which they proxy are all shown in the System Diagnostics view. You can separate the components by expanding the values.
The top level shows aggregated values.
FIGURE 6.2 Proxied System Diagnostics
You configuring System Diagnostics to proxy values in the Resource Manager by setting the System Diagnostics resource
to proxy, with IP address and user information for the intended proxy master.
FIGURE 6.3 Proxying System Diagnostics in Resource Manager
6.7.3. Resource copying
150
Resource copying is another option when you want to synchronize configurations. Resource copying creates a backup of a
remote resource (Users and Rules & Objects are supported) and restores it locally. When you use resource copying, the
remote resource receives notifications when the remote resource is changed. When the remote resource is changed, a new
backup of the remote resource is created and then restored locally.
Resource copying means that configuration data is available locally even if the connection to the remote system is lost.
Note
If the connection to the remote system is lost, changes on the remote system are not applied to the local
system.
Using resource copying for Objects & Rules means that, when the resource is changed on the remote system, the ruleset is
recompiled on the local system.
You configure resource copying in the CLI (PacketLogic CLI Reference Guide).
6.7.4. Recommended use

Even though any resource is available to configure as a Proxy resource, there are a few well-defined recommended scenarios:
• Proxied ruleset. This is useful to define central rules and objects to apply in an entire network with several deployed local
PacketLogic units. When using proxy, it is recommended to clear out the local ruleset to avoid confusion
• System Overview. This is useful to get a quick overview of selected system diagnostics values from several PacketLogic
systems. See Section 6.7.1.2, “System Overview” for instructions on configuring System Overview.
• System Diagnostics. This is useful to view diagnostics for several PacketLogic systems.
To use centralized management for other resources, it is recommended to consult with the local PacketLogic technical contact
before proceeding, to avoid unwanted side-effects. For centralizing user management and authorization, it is recommended to
use the external authentication mechanisms (see Section 6.2.4.3, “External authentication sources”).
6.8. Monitoring PacketLogic

This section describes the various mechanisms available for monitoring the status of PacketLogic. PacketLogic keeps track of
a set of values, described in Appendix C, System Diagnostics Values. These values can be monitored in the following ways:
• Viewing them in the System Diagnostics view in the Surveillance part of the PacketLogic client interface (Section 5.5,
“System Diagnostics view” in PacketLogic Real-Time Enforcement product guide).
• Retrieving them with an SNMP management station, after setting up SNMP on the PacketLogic (see the PacketLogic CLI
Reference Guide).
• Retrieving them with a Python script using the PacketLogic Python API for custom handling.
Additionally, PacketLogic can actively inform an administrator of values exceeding their thresholds. For each value in System
Diagnostics, alert limits can be configured by right-clicking the value and selecting the option Alert limits option. In the Alert
Limits editor, values can be defined for when the value shall generate an alert. Also, a comment can be added that will be
included in the messages sent when the alert is generated. Once the alert limits are defined, the alerts can be provided in
several different ways:
• When connecting to the LiveView part using the PacketLogic client, any alerts generated are shown as popup messages.
This also acknowledges the alert.
• An email can be sent informing the recipient that the alert has been generated. This must be configured in the CLI (see
the PacketLogic CLI Reference Guide).
151
• SNMP traps can be sent to a management station configured to receive traps, after setting up SNMP on the PacketLogic
(see the PacketLogic CLI Reference Guide).
Once an alert limit is exceeded, an alert is generated and sent out to the configured alert destinations. Once the alert is sent, it
is not sent again until a client has logged on to the PacketLogic and has seen and acknowledged the alert.
6.8.1. PIC KPIs
6.8.1.1. KPI specification

Note: In the case where statistics is handled entirely (local statistics) on PRE, these KPIs are available on PRE. In the case
where statistics is handled partially (local statistics with proxied StatWriter resource), the Statistics KPIs are available on PRE,
and the Statistics Writer KPIs are available on PIC.
6.8.1.1.1. Statistics
6.8.1.1.1.1. Bandwidth used
Calculated use of bandwidth for connection updates from PLD to PLSD.
OID: 1.3.6.1.4.1.15397.2.1.136.31
Alarm when
Value approaches the link capacity between PLD and PLSD (in the case where PLSD runs on the PIC system and relies
on network connectivity to PLD on PRE).
Impact
Minor
Action
Review the amount of data sent (number of values stored due to StatisticsObject complexity or amount of subscribers/
hosts), or review link capacity between PRE and PIC (in the case where PLSD runs on PIC).
6.8.1.1.1.2. Connects
The number of connects from PLD.
OID: 1.3.6.1.4.1.15397.2.1.136.33
Alarm when
Value increases in conjunction with high ringbuffer usage (see Section 6.8.1.1.1.3, “Recv Ringbuf usage (Collector)”).
Impact
Minor
Action
Review ringbuffer usage (see Section 6.8.1.1.1.3, “Recv Ringbuf usage (Collector)”) and size (PLS_RINGBUF_MEGS)
This shows the number of times PLD has connected to PLSD. This in itself does not cause problems, but if it rises in conjuction
with high ringbuffer usage, it can be an indication that PLD is disconnecting because the ringbuffer is full and PLD can not put
more connection updates in the ringbuffer. There is a ringbuffer both in PLD and PLSD, and PLD disconnects when the sending
ringbuffer is full. This can happen if the PLSD receiving ringbuffer (see Section 6.8.1.1.1.3, “Recv Ringbuf usage (Collector)”)
becomes full and can no longer drain the sending ringbuffer on the PLD side, but if the sending ringbuffer becomes full due to,
for example, a connectivity issue between PLD and PLSD (such as a network problem when PLSD runs on the PIC system),
PLD will also disconnect despite the receiving ringbuffer not showing signs of running full.
152
6.8.1.1.1.3. Recv Ringbuf usage (Collector)
The usage (in bytes) of the receive ringbuffer in PLSD.
OID: 1.3.6.1.4.1.15397.2.1.136.28
Alarm when
Value increases, approaching the maximum (defined by PLS_RINGBUF_MEGS), especially in conjunction with increasing
Connects (see Section 6.8.1.1.1.2, “Connects”).
Impact
Minor
Action
Review ringbuffer usage and size (PLS_RINGBUF_MEGS)
This shows the usage (in bytes) of the PLSD receiving ringbuffer, which is used to receive connection updates from the PLD
sendind ringbuffer. If this runs full, the PLD sending ringbuffer will fill up, eventually leading to PLD disconnecting from PLSD
(increasing the number of connects, see Section 6.8.1.1.1.2, “Connects”). The receiving ringbuffer size can be adjusted with
the system configuration value PLS_RINGBUF_MEGS.
6.8.1.1.1.4. Values not created, Cache exhausted
The number of statistics values not saved due to lack of resources.
OID: 1.3.6.1.4.1.15397.2.1.136.6
Alarm when
rate > 0/s
Impact
Major, statistics values are discarded.
Action
If possible, increase PLS_MAX_VALUES to allow more values. If the resources (mainly memory) on PIC does not allow
this, upgrading the capacity is recommended. Short term, or if the amount of values is due to an unnecessary complexity
in what statistics are stored, reduce amount of statistics or statistics distribution complexity.
6.8.1.1.1.5. Values not created, Priority Threshold
The number of statistics values not saved due to lack of resources. This represents values that are not set with Priority High in the
distribution of the StatisticsObject. Those values are not created if the value usage is higher than PLS_PRIORITY_THRESHOLD.
OID: 1.3.6.1.4.1.15397.2.1.136.7
Alarm when
rate > 0/s
Impact
Major, statistics values are discarded.
Action
In addition to the measures described in Section 6.8.1.1.1.4, “Values not created, Cache exhausted”, the system
configuration value PLS_PRIORITY_THRESHOLD can be adjusted. Setting it higher will allow a higher usage before normal
priority values are discarded, but will also exhaust the value cache quicker. Setting it lower will discard more normal priority
153
values but preserve the cache space longer for high priority values. To monitor the trend of cache usage before any
values are discarded, see Section 6.8.1.1.1.6, “Value Cache Usage”.
6.8.1.1.1.6. Value Cache Usage
The number of values currently in the value cache. When this exceeds PLS_PRIORITY_THRESHOLD, values stored with normal
priority in the StatisticsObject distribution are discarded (see Section 6.8.1.1.1.5, “Values not created, Priority Threshold”).
OID: 1.3.6.1.4.1.15397.2.1.136.48
Alarm when
value exceeds 80% of PLS_MAX_VALUES (based on default PLS_PRIORITY_THRESHOLD which is 90. If the threshold
is adjusted, it is advised to review this alarm threshold as well.)
Impact
Minor, monitor for trends of usage.
Action
Increase PLS_MAX_VALUES or reduce amount of statistics collected.
6.8.1.1.2. Statistics Writer
6.8.1.1.2.1. Dataset Values Dropped (cache exhausted)
The number of values dropped by the statistics writer because the value cache in the writer was exhausted.
OID: 1.3.6.1.4.1.15397.2.1.137.5
Alarm when
Value > 0
Impact
Impact: Major, statistics data affected.
Action
Increase PLDB_STATISTICSFS_MAX_VALUES_DATASET
6.8.1.1.2.2. Dataset Values Dropped (Global Index exhausted)
The number of values dropped by the statistics writer because the Global Index in the writer was exhausted.
OID: 1.3.6.1.4.1.15397.2.1.137.7
Alarm when
Value > 0
Impact
Impact: Major, statistics data affected.
Action
Increase PLDB_STATISTICSFS_MAX_VALUES
6.8.1.1.2.3. Statisticsfs, Disk Usage Per Day (Statistics)
The size of the statistics on disk, per day.
154
OID: 1.3.6.1.4.1.15397.2.1.137.33
Alarm when
value significantly exceeds baseline
Impact
Minor. Affects statistics retention time.
Action
Reduce amount of statistics collected to achieve desired retention time.
Statistics retention time (in days) can be estimated as 90% of "Statistics Writer / Statisticsfs, Disk Size" divided by "Statistics
Writer / Statisticsfs, Disk Usage Per Day (Statistics)". Actual retention time is lower if connection logging ("connlog") is in use.
6.8.1.1.2.4. Dataset, Total Write time
Total time to write dataset to disk.
OID: 1.3.6.1.4.1.15397.2.1.137.14
Alarm when
value exceeds 90% of the dump interval (default one hour).
Impact
Major. Affects statistics.
Action
Reduce amount of statistics collected to reduce dataset size.
By default, the interval at which statistics are written to disk is one hour. To ensure smooth operation, the statistics from the
previous interval should be completely written prior to the next write beginning.
6.8.2. Configuring an SNMP management station

This section describes the configuration needed to use SNMP with PacketLogic on a management station using the net-snmp
tool package on Linux. For information on net-snmp, see http://net-snmp.sourceforge.net/. This section does not cover
installation of net-snmp.
6.8.2.1. Installing the PacketLogic MIB

PacketLogic supports the standard SNMPv2-MIB and a proprietary MIB named PACKETLOGIC-MIB. The SNMPv2-MIB
is included in the installation of net-snmp. The PACKETLOGIC-MIB must be installed onto the management station. The
PACKETLOGIC-MIB is available for download from the PacketLogic using the File Manager in the client (see Figure 6.4).
FIGURE 6.4 Downloading the PACKETLOGIC-MIB
155
Download the file to a location in the file system where net-snmp stores MIB files (for example /usr/local/share/snmp/
mibs/). This will enable the use of the text strings for the OIDs available in the PACKETLOGIC-MIB.
6.8.2.2. Example: polling a value using snmpget

To retrieve the value for channelActive.1 (whether channel 1 is active), using SNMP v2c, from a PacketLogic with IP address
10.1.2.3 and a configured community string of "community" run the following command on the management station:
user@management_station:~$ snmpget -v 2c -c community 10.1.2.3 PACKETLOGIC-

MIB::channelActive.1
This shows the following output:
PACKETLOGIC-MIB::channelActive.1 = INTEGER: active(1)
This shows that the channel is active.
For v3, assuming that a user with name "user" and authentication key "authkey" is configured in the PacketLogic SNMP
configuration, use the following command:
user@management_station:~$ snmpget -v 3 -u user -A authkey -l authNoPriv

10.1.2.3 PACKETLOGIC-MIB::channelActive.1
PACKETLOGIC-MIB::channelActive.1 = INTEGER: active(1)
6.8.2.3. Example: polling a set of values using snmpwalk

To retrieve all values under connectionCreateAttemptsInbound, using SNMP v2c, from a PacketLogic with IP address 10.1.2.3
and a configured community string of "community" run the following command on the management station:
user@management_station:~$ snmpwalk -v 2c -c community 10.1.2.3

PACKETLOGIC-MIB::connectionCreateAttemptsInbound
PACKETLOGIC-MIB::connectionCreateAttemptsInboundVal.0 = Counter64: 0
PACKETLOGIC-MIB::connectionCreateAttemptsInboundMom.0 = Gauge32: 0
PACKETLOGIC-MIB::connectionCreateAttemptsInboundMax.0 = Gauge32: 0
156
For v3, assuming that a user with name "user" and authentication key "authkey" is configured in the PacketLogic SNMP
configuration, use the following command:
user@management_station:~$ snmpwalk -v 3 -u user -A authkey -l authNoPriv

10.1.2.3 PACKETLOGIC-MIB::connectionCreateAttemptsInbound
PACKETLOGIC-MIB::connectionCreateAttemptsInboundVal.0 = Counter64: 0
PACKETLOGIC-MIB::connectionCreateAttemptsInboundMom.0 = Gauge32: 0
PACKETLOGIC-MIB::connectionCreateAttemptsInboundMax.0 = Gauge32: 0
6.8.2.4. Setting up a trap server

Ensure that the management station is configured as a trap server in the PacketLogic SNMP configuration. For SNMP v2c,
no further configuration is necessary, and a trap server displaying traps received on standard error can be started using the
following command (note that running the trap server snmptrapd in default mode normally requires root privileges on the
management station):
management_station:/home/user# snmptrapd -f -C -Le -m SNMPv2-MIB:PACKETLOGIC-MIB

2008-09-03 10:10:58 NET-SNMP version 5.2.5 Started.
To receive traps using SNMP v3, a user must be created matching a user in the PacketLogic SNMP configuration. If a user with
user name "user" and authentication key "authkey" is configured on PacketLogic, create a file with the following contents:
createUser user MD5 authkey
To start the trap server using the configuration above (assuming the file was named snmptrapd.conf and placed in the /
tmp directory), use the following command:
management_station:/home/user# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le

-m SNMPv2-MIB:PACKETLOGIC-MIB
2008-09-03 10:10:58 NET-SNMP version 5.2.5 Started.
157
When a trap received, the following is displayed:
2008-09-03 10:23:07 pl.your.net [UDP: [10.1.2.4]->[10.1.2.3]:43006]:

SNMPv2-MIB::sysUpTime.0 = Timeticks: (1220429500) 141 days, 6:04:55.00
SNMPv2-MIB::snmpTrapOID.0 = OID: PACKETLOGIC-MIB::pl2TrapSystemStatsAlert
PACKETLOGIC-MIB::pl2TrapThreshold = Gauge32: 5
PACKETLOGIC-MIB::pl2TrapValue = Gauge32: 7
PACKETLOGIC-MIB::pl2TrapOid = OID: PACKETLOGIC-MIB::generalClientsVal.0
The example above shows a trap generated because the value generalClientsVal (the number of currently connected clients)
had the value 7 and an alert limit configured to 5.
For further processing of SNMP traps, refer to the documentation for the SNMP management station software used.
6.8.3. Built-in SNMP traps

There is a set of SNMP traps that the PacketLogic system will issue without having an alert limit set. These are:
Disk usage
When the system disk (pl2) reaches 80% usage or any of the data or statistics partitions reach 90% usage, an
mteTriggerFired from the DISMAN-EVENT-MIB is sent.
ContentLogic Updates
PacketLogic sends SNMP traps (defined in the PACKETLOGIC-TRAP-MIB) for the following ContentLogic update events:
• Categories loading started (pl2ContentLogicCategoriesLoadingStarted), completed

(pl2ContentLogicCategoriesLoadingCompleted), and failed (pl2ContentLogicCategoriesLoadingFailed).
• Database loading started (pl2ContentLogicDatabaseLoadingStarted), completed

(pl2ContentLogicDatabaseLoadingCompleted), and failed (pl2ContentLogicDatabaseLoadingFailed).
• Database update started (pl2ContentLogicDatabaseUpdateStarted), completed

(pl2ContentLogicDatabaseUpdateCompleted), and failed (pl2ContentLogicDatabaseUpdateFailed).
• Hourly download of database update started (pl2ContentLogicHourlyUpdateStarted), completed

(pl2ContentLogicHourlyUpdateCompleted), and failed (pl2ContentLogicHourlyUpdateFailed).
Wherever applicable, a text string is sent with the trap detailing the cause of the event.
6.9. Backup and restore

There are two different ways to make a backup of a PacketLogic system:
Client backup
Copies the PLDB Resources (see Section 6.2.4.2, “Resources”) to an XML file that contains only the configuration
settings of resources that are actively chosen during the backup process.
The file syntax for Client backups include a date and timestamp followed by .plb suffix, for example,
20180214-11.45.plb.
158
CLI backup
Copies the entire running configuration to a backup file. Restoring CLI backups can potentially reinstate everything in the
system to the state it was when the backup was made. The various CLI backup types are distinguished by their given
syntax and file extensions, where:
Configuration backups include the system hostname and distribution together with a date and timestamp, for example,
pl2-colt1-19.0.0.0-1802051611-180214-1738.tar.gz.gpg
Conlog backups include the system hostname together with a date and timestamp, for example, pl2connlog-
colt1-2018-02-20-1.tar.gz
Log backups include the system hostname together with a date and timestamp, for example, pl2logs-
colt1-2018-02-16.tar.gz
Statistics backups include the system hostname together with a date and timestamp, for example, pl2stats-
colt1-2018-02-16-1-1513036800.tar.gz
6.9.1. Client backup

Backups made using the Client Backup Manager (see Section 3.24, “Backup Manager window”) comprise the ruleset and
system configuration (resources) only.
Note
• Client backups cannot be restored to any other major release from that they were made, that is, backups
taken from 18.x can not be restored to a later 19.x release.
• Backups only archive resources that are stored locally, that is, resources set to Proxy are not included.
This means that In a proxy setup, where resources are delegated to another remote PacketLogic system,
Backups must be set to the same proxy as the other resources. If not, only the contents of the local
database are included in the backup.
6.9.1.1. Backup procedure

Use the following procedure to create a limited backup of the ruleset and system configuration (resources) only:
1. Start a terminal session, and type plclient & to run the PacketLogic client application from its local directory—and
open the the PacketLogic Manager dialog.
Note: Be sure to use the same PacketLogic Client version as the firmware running on the system to which you connect.
For example, run only PacketLogic Client v19.0 to connect with a PacketLogic system running v19.0 software.
2. In the System Manager dialog, select System Overview as the Default view, enter the IP Address and Username of the
system to which you want to connect. Click Connect to start the client session.
3.
Click the Backup Manager icon to open the Backup Manager.
159
4.
Click the New Backup button to create the system backup file. The archived file is subsequently shown with an
appropriate timestamp and .plb file extension in the Backup list, for example, 20180214-15.00.plb.
5.
To archive the backup remotely, select the new backup file in the Backup list and click the Download button . This
copies the backup file from PacketLogic file system to the chosen folder location on the client host.
6.9.1.2. Restore procedure

Use the following procedure to restore the ruleset and system configuration (resources) previously archived in a client (.tar.gz
or .tar.gz.gpg) backup file.
1. Start a terminal session, and type plclient & to run the PacketLogic client application from its local directory—and
open the the PacketLogic Manager dialog.
160
Note: Be sure to use the same PacketLogic Client version as the firmware running on the system to which you connect.
For example, run only PacketLogic Client v19.0 to connect with a PacketLogic system running v19.0 software.
2. In the System Manager dialog, select System Overview as the Default view, enter the IP Address and Username of the
system to which you want to connect. Click Connect to start the client session.
3.
Click the Backup Manager icon to open the manager.
4.
Click the Upload button if the backup file you want to restore is not included in the Backup list, but is instead
archived on your workstation—or another remote system. Navigate to the (.plb) file you want, and click Open to start the
upload. Click OK in the subsequent Backup uploaded dialog to complete the operation.
5. In the Backup Restore dialog, select the resource or resources you want to restore—or right-click and Select All and
restore the entire configuration. Click OK.
161
162
6.9.2. CLI backup

Create a backup file using the CLI to make a comprehensive archive of the entire PacketLogic system configuration.
Dependent on the choice of command, backups taken in the CLI configuration mode can potentially include system
configurations, connlogs, logs, and statistics. With any remote ftp/ssh host optionally configured (see Section 6.9.2.1,
“Configuring the remote host”), any of these backup types can then be saved to either the local system or the previously
defined remote host—or both. See also PacketLogic CLI Reference Guide.
6.9.2.1. Configuring the remote host

Prerequisites
• In preparation for configuring a remote host, it is necessary to copy/paste the public ssh-rsa key of the PacketLogic system
to the authorized_keys folder (or similar) on the remote (ftp/ssh) host. Enter ssh-key in the CLI operation mode
to display the PacketLogic public key. This operation is prerequisite for the remote host to recognize and subsequently
authenticate the user. Failure to do this causes the upload to fail with the following (or similar) error message:
Permission denied (publickey,password,keyboard-interactive).... Upload failed.
• Although it is only necessary for the remote server to be preinstalled with ssh server software in order to download all CLI
backup types, the remote server must additionally be preinstalled with either ftp and/or http server software in order to
restore both connlog and statistic files. As configuration backups can be restored using both ssh or ftp, preinstalled ssh
server software is sufficient if statistics and connlog uploads are not anticipated.
Use the following procedure to configure a remote host:
1. In Terminal, enter the following command to login to the PacketLogic system using SSH on port 42002.
ssh pladmin@<IP address> -p 42002
2. At the user prompt enter the pladmin password.
3. In the initial CLI operational mode, enter the command configure to enter CLI configuration mode. All subsequent
commands in this procedure are given in this mode.
4. With the following command define the server name, host IP address, protocol, port and (folder) path and username
of the remote server:
set system remotehosts server <server name> host <server IP address> protocol <ftp
or ssh> port <port number> path <folder structure> <username>
set system remotehosts server myserver host 192.168.0.1 protocol ssh port 42002
path /home/backups username jsmith
Save the configuration with the command: commit
5. To enable the option for saving all subsequent configuration backups to a remote host (as defined in the previous step),
enter the command: set system backups configuration backup-host <server name>.
Example: set system backups configuration backup-host myserver
6. Use similarly modified commands to set the remote host for any required statistics, logs or connlog backups, for example,
set system backups {statistics | logs | connlog } backup-host myserver
163
7. If daily backups are required, additionally enter the command:
set system backups configuration daily-backup true.
If any previously configured daily backups are no longer required, enter the command:
set system backups configuration daily-backup false.
8. At any time, check the assignment of the backup-host for the statistics, connlog, log, and configuration backups using
the show configuration command.
The following example shows a configuration defined for daily backup and common host for all backup types.
Example
pladmin@colt1> show configuration system

system {
authentication {
users {
cli pladmin {
password ;
role admin;
}
}
}
backups {
statistics {
backup-host myserver;
}
connlog {
}
log {
}
configuration {
daily-backup true;
}
}
}
6.9.2.2. Backup procedure

Dependent on the choice of command, backups taken in the CLI configuration mode can potentially include system
configurations, connlogs, logs, and statistics. With a remote host optionally configured (as described in Section 6.9.2.1,
“Configuring the remote host”) system configuration backups can be saved temporarily to the local system, or more
permanently, to the previously defined remote host—or both. The large file size of connlogs, logs, and statistics prohibits local
storage on the PacketLogic system, and means that these backups can only be archived remotely.
Prerequisites
• Section 6.9.2.1, “Configuring the remote host”—if backups are to be archived to a remote host (recommended).
• To generate connlogs and statistics, it is first necessary to turn on the PLSD and set up the Statistics filesystem with the
command set service statistics local true, and set the Statistics parameter PLS_CONNLOG_ENABLED
164
parameter to True using the System Configuration Editor. The Enable connection log checkbox must also be set when
creating the related Statistics rule.
Use the following procedures to initiate the backup:
Note
The various combinations of all given CLI examples in these procedures are further described in PacketLogic
CLI Reference Guide.
3. To make the configuration backup, enter the following command in CLI configuration mode:
system backup configuration create.
Choose the target(s) for the backup at the respective prompts:
Upload backup file to remote host? (y/N):
Use local storage (backup file available in fileserv)? (y/N):
Example: The following transcription shows the result of actively responding to both prompts to create backup archives
to both a temporary local file location (tmp/fileserv on the PacketLogic system, and the predefined remote backup server.
pladmin@colt1> configure
pladmin@colt1%> system backup configuration create
Upload backup file to remote host? (y/N): y
Use local storage (backup file available in fileserv)? (y/N): y
Creating backup pl2-colt1-19.0.0.0-1802051611-180214-1738.tar.gz.gpg
Uploading backup pl2-colt1-19.0.0.0-1802051611-180214-1738.tar.gz.gpg
File uploaded OK
The file is now available in the CLI provided backups fileserv area.
[ok][2018-02-14 17:38:23]
pladmin@colt1>
Important
As all local backups archived in both the CLI provided backups and Upgrade files folders of the
PacketLogic Client are stored in temporary memory tmp/fileserv, these files are deleted when the
PacketLogic system is rebooted. Consequently, all CLI backups must be archived to a remote file
location if they are to be later available for recovery purposes.
In the above instance,
4. Enter similar commands in CLI operational mode to initiate separate log/connlog/statistics backup files:
service statistics backup connlog create
system backup logs create
service statistics backup create
Example transactions for each of these backup types are shown below.
EXAMPLE 6.1 Statistics backup
pladmin@colt1> service statistics backup create
165
colin
S) Specify date(s) to backup

L) List available dates
A) Abort
> s
Use the format yyyy-mm-dd to construct one or more patterns. Separate
patterns with spaces.
Example patterns:
Year 2011
Month 2011-04
Date 2011-04-29
Combined 2011-04 2011-05
Specify date pattern(s), separate with space (a to abort): 2011-04 2011-05
The statistics backup job will be performed in the background.
Time needed for the backup job to complete is dependant on the size of
the network, number of rules in place and the number of days included.
[ok][2018-02-16 12:20:27]
pladmin@colt1> service statistics backup show-progress
Backing up date 1 of 1, overall progress 100%.

[ok][2018-02-21 15:26:44]
pladmin@colt1>
EXAMPLE 6.2 Connlog backup
pladmin@colt1> service statistics backup connlog create
S) Specify date(s) to backup

L) List available dates
Y) Backup yesterday (2018-02-15)
> y
Creating connlog backup(s).
This might take some time depending on the size of

the network and number of shaping statistic rules.
Please wait.
[ok][2018-02-16 16:00:19]
EXAMPLE 6.3 Logs backup
pladmin@colt1> system backup logs create
Creating log backup for 2018-02-16

Uploading backup pl2logs-colt1-2018-02-16.tar.gz
File uploaded OK
[ok][2018-02-16 16:43:35]
166
pladmin@colt1>
6.9.2.3. Restore procedure
3. To restore previously archived configuration backup files from the local PacketLogic host, enter the following command
In the CLI configure mode:
system backup configuration restore file /<file path name>
Example
system backup configuration restore file /data/config/pl2-

colt1-19.0.0.0-1802051611-180216-0102.tar.gz.gpg
Note: To initially list all existing backup backup files, enter system backup configuration restore file /
4. Alternatively, restore previously archived backups from a defined remote (ssh) server using the following command in
CLI configure mode:
system backup configuration restore url ssh://<username>@<remote server IP>:<file

path name>
Example
system backup configuration restore url ssh://plbackup@172.20.57.21:/home/plbackup/

pl2-colt1-19.0.0.0-1802051611-180214-1738.tar.gz.gpg
Note: If the remote server has previously been defined with the (anonymous) ftp protocol in Section
6.9.2.1, “Configuring the remote host”, restore the backup file using the command: system backup
configuration restore url ftp://ftp.plbackup@172.20.57.21:/home/plbackup/pl2-
colt1-19.0.0.0-1802051611-180214-1738.tar.gz.gpg
5. Use the following command options in CLI operational mode to restore previously archived statistics and connlog backups
over ftp or http:
service statistics backup restore and service statistics backup connlog restore
At the prompt, specify the location of the backup file. Note that restoring any statistics backup downloads an additional
values file.
pladmin@colt1> service statistics backup restore

Please specify the location of the backup file.
The URL can be http or ftp and include username and password
Example 1: http://www.mydomain.com/dir/pl2stats-hostname-2011-04-29-x-
<timestamp>.tar.gz
Example 2: ftp://ftp.mydomain.com/dir/pl2stats-hostname-2011-04-29-x-
<timestamp>.tar.gz
Example 3: ftp://user:pw@domain.com/dir/pl2stats-hostname-2011-04-29-x-
<timestamp>.tar.gz
IMPORTANT: A file named values01-hostname-<timestamp>-x.tar.gz will also be

downloaded
167
from this directory!
Type URL to backup file: ftp://plbackup:pldemo01@172.20.57.21/pl2stats-

colt1-2018-02-20-1-1513036800.tar.gz
6.10. PacketLogic update

Update PacketLogic firmware by downloading the latest distributions published in the the Sandvine software library.
'See also
• Section 6.10.1, “PacketLogic update workflow”
• Chapter 6, PIC components and deployment
6.10.1. PacketLogic update workflow

You update PacketLogic to get the latest available firmware distribution.
Prerequisites: The PacketLogic system must have a valid license for the firmware version that you want to update to.
1. Back up the configuration
Caution
Local backups are stored in temporary memory and are deleted when the PacketLogic is rebooted.
Download the backup to a remote server to make sure that they are available for later recovery
purposes.
Section 6.9.1, “Client backup”
2. Download the firmware
Download the latest PacketLogic firmware to your workstation from the Sandvine software library.
3. Upload the firmware to PacketLogic Client
You upload a file to make it available in PacketLogic Client.
Section 4.1.3, “Uploading a file to PacketLogic Client”
4. Update the firmware
Section 6.10.2, “Updating firmware”
168
See also
• Section 6.10, “PacketLogic update”
• Section 6.9.1, “Client backup”
• Section 4.1.3, “Uploading a file to PacketLogic Client”
• Section 6.10.2, “Updating firmware”
6.10.2. Updating firmware

To update firmware
1. In the CLI of PacketLogic, type system update firmware file. A list of available PacketLogic firmware versions for
the platform is shown.
2. To install a version, type system update firmware file version.
3. Type restart system reboot.
4. Type yes at the prompt Reboot system? [yes,NO]. The connection to PacketLogic is closed during the reboot.
See also
• Section 6.10.1, “PacketLogic update workflow”
169
170
7. PacketLogic statistics file system
7.1. StatisticsObject
7.2. Distribution tree structure
7.3. Depth in NetObjects and ServiceObjects
7.4. Depth in AS path
7.5. Value paths
7.6. Links
7.7. Session Context in statistics
7.8. Subscriber NetObjects
7.9. NAT statistics
7.10. Averages based on usage analysis
7.11. Aggregation
7.12. Statistics ruleset templates
This chapter describes how statistics are stored in the PacketLogic statistics file system (StatsFS).
171
7.1. StatisticsObject
Statistics rules set conditions for which traffic to select for statistics storage, and apply StatisticsObjects to that traffic. The
StatisticsObjects determine what information to store and how to organize all statistical data to which the StatisticsObjects are
applied. Examples of possible information to store include statistics for local visited websites, remote visited websites, users
(defined by IPs, NetObjects, MAC-addresses and Switch Ports (using DHCP snooper and option 82), RADIUS usernames, and
so on), and applications or protocols. The combinations are endless. Any subset of traffic that can be matched with a statistics
rule can create statistics. You can configure statistics rules and StatisticsObjects to generate, for example, the following statistics:
• Application usage and user usage per AS-Path.
• ContentLogic category usage per user, group of users, or departments.
• Visited websites by user, department, device, and device category.
The configuration of a StatisticsObject has fields to determine which metrics from the traffic to store and a distribution to determine
how the information is organized. You can set limits for the volume of incoming or outgoing traffic that must be sent to the
StatisticsObject for it to start storing statistics. You can also aggregate statistics to an aggregation server.
See also
• Section 7.2, “Distribution tree structure”
• Section 7.3, “Depth in NetObjects and ServiceObjects”
• Section 7.6, “Links”
7.1.1. Creating a StatisticsObject

You create a StatisticsObjects to determine how to store statistics.
To create a StatisticsObject
2. On the Edit menu, point to Objects & Rules, and then click Open Without Stealing Resource.
3. In the navigation pane, and then expand the Objects folder.
4. Select the StatisticsObjects folder.
5. On the File menu, point to New, and then click Object.
6. In the Object name box, type a name.
7. On the Fields tab, select the check boxes for the values that will generate statistics.
8. On the Distribution tab, click Add, and then click a value type.
Repeat this step to create a distribution tree structure.
172
9. If required, add any information in the Link/Root/Property box.
10. Optionally, on the Limits tab, enter volume limits for then to start storing statistics.
11. Optionally, on the Aggregation tab, enable aggregation of the StatisticsObject.
12. On the File menu, click Save.
See also
7.2. Distribution tree structure

The distribution of statistics is organized in a tree structure. Each level organizes the statistics according to the selected value
type. At the next level, another value type can be selected. For each member in the first distribution level, statistics are then
distributed in the next level below.
The figure illustrates how statistics can be distributed per NetObject and service. NetObjects are at the top level and services
underneath the NetObjects. A value is built for each of the NetObjects A, B, and C. Then, under each NetObject, a value is
built for each service.
FIGURE 7.1 Simple distribution example
This simple distribution example can be fine-tuned by using a multi-level NetObject structure, changing the depth of the NetObject
distribution, or changing the NetObject root. The next figure expands the distribution above, by adding a top-level distribution
for local hosts with a distribution of remote hosts on the level below.
FIGURE 7.2 Expanded distribution example
173
For an example that illustrates a distribution configuration and the resulting statistics, see Section 8.7, “Distribution example”.
See also
7.3. Depth in NetObjects and ServiceObjects

NetObjects and ServiceObjects that are defined in the ruleset can be added in the distribution configuration of a
StatisticsObject. The NetObjects and ServiceObjects are tree structures in themselves and become part of the distribution
tree of the StatisticsObject. The following examples illustrate the NetObject tree. However, the same configuration applies to
ServiceObjects.
FIGURE 7.3 Example of a NetObject tree
With the NetObject tree shown in Figure 7.3 and the simple distribution in Figure 7.1, the distribution tree would look as in
Figure 7.4.
174
FIGURE 7.4 Example of a distribution with a NetObject tree
The entire object trees are included by default. If you only want to include part of the tree, you need to include the root of
that subtree in the StatisticsObject distribution. Select the NetObject root that you want in the Link/Root/Property list in the
distribution configuration.
Figure 7.5 illustrates a distribution with the NetObject root set to All NetObjects/Network/Customers with the NetObject tree
in Figure 7.3 configured.
175
FIGURE 7.5 Distribution with NetObject root defined
You can also limit how far into an object tree to go before using the next distribution type underneath. This is done by specifying
the depth of a NetObject or ServiceObject. Returning to the example, if it is only desired to show statistics for the Staff, Guests,
and Customers NetObjects before distributing by Service, the depth can be limited. This is done by setting the depth parameter
to something other than All on the distribution level with NetObjects or ServiceObjects.
For example, setting depth to 2 for the NetObject distribution in the example would give the distribution shown in Figure 7.6. In
this illustration, the NetObject root has been set back to the default of All NetObjects.
FIGURE 7.6 Distribution with Depth configured on NetObject
176
See also
• Section 8.7, “Distribution example”
7.4. Depth in AS path

The depth of an AS Path is applied on the AS path itself, not on an object tree. For connections with AS path 1,2,3,4, depth
All would give values for AS 1, below that AS 2, below that AS 3, and below that AS 4. For example, if you set the depth to 2,
you would build statistics valued for AS 1 and below that for AS 2.
7.5. Value paths

Statistics data in PacketLogic is composed of values, or value paths. A value path is a set of counters with an associated search
path and optional graph data. The value paths are stored per day. Any graph data associated with a value path is a set of
data points for the value path. You can configure the frequency of the data point collection with the system configuration value
PLS_GRAPH_FREQUENCY in the Statistics folder.
Examples of value paths:
• Collecting all HTTP traffic constitutes one value path.
• Collecting all HTTP traffic and, under that, all HTTP traffic for each host in a set of 5000 hosts constitutes 5001 value paths.
Value paths can be represented in two forms:
• A value path is a path without the value type.
For example:
/Topology 2/CMTS 1/subscriber 1
• An embedded value path is a path that includes the value type. You can find the embedded value path in the address bar
in the Statistics view in the PacketLogic Client. The value type is referred to as splittype in the address bar.
For example:
/Topology 1?StatisticsObject/CMTS 1?StatisticsObject/subscriber 1?NetObject
See also
7.5.1. Fields
177
A value path can consist of several fields. A field is a metric of the traffic for which to keep statistics. Fields are available as
total fields and graph fields. Total fields collect accumulated metrics, that is, how much has been accumulated until now. Graph
fields collect samples, which show how the metric has varied over time. In the Field configuration of the StatisticsObject the
name of the total field is used.
You can use the following total fields and graph fields to store data. Some of the fields can also be used to display the data
by in Statistics view.
Total field name Graph field name
Incoming Bytes Incoming bps
Outgoing Bytes Outgoing bps
Incoming Shaping Dropped Bytes Incoming Shaping Dropped Bytes
Outgoing Shaping Dropped Bytes Outgoing Shaping Dropped Bytes
Connections CPS
Unestablished Connections Unestablished CPS
Incoming Connections Incoming CPS
Outgoing Connections Outgoing CPS
Incoming Unestablished Connections Unestablished Incoming CPS
Outgoing Unestablished Connections Unestablished Outgoing CPS
Total Bytes (calculated from Incoming Bytes and Outgoing Tota bps (calculated from Incoming Bytes and Outgoing Bytes)
Bytes)
Incoming concurrent connections Incoming concurrent connections
Outgoing concurrent connections Outgoing concurrent connections
Incoming Shaping Dropped Packets Incoming Shaping Dropped Packets
Outgoing Shaping Dropped Packets Outgoing Shaping Dropped Packets
Incoming Packets Incoming Packets
Outgoing Packets Outgoing Packets
Incoming Avg Latency Incoming Avg Latency
Outgoing Avg Latency Outgoing Avg Latency
Sub-Item Count Sub-Item Count
Incoming Quality (Internal) Incoming Quality (Internal)
Outgoing Quality (Internal) Outgoing Quality (Internal)
Incoming Quality (External) Incoming Quality (External)
Outgoing Quality (External) Outgoing Quality (External)

a a
Internal Avg Handshake RTT Internal Avg Handshake RTT
a a
External Avg Handshake RTT External Avg Handshake RTT
a
The Handshake RTT metric also contains RTT based on Timestamp option.
178
See also
• Appendix A, Statistics fields
7.5.2. Value types

A value type specifies the type of a statistics value in a value path.
TABLE 7.1 Value types in the StatisticsObject configuration

Name Description
Base Service The name of the service that generated the connection. Services are identified by DRDL
signatures and can be an application or a protocol (e.g., Netflix or Facebook). For more
information, see Section 5.5.3.2, “ServiceObjects”.
If Base Service differs from Service, a virtual service definition is providing the Service.
Categories The ContentLogic categories that match the connection. A connection can belong to
several different categories. For more information, see Section 7.4, “Intelligence Feeds” in
Device ID The device ID used to detect line sharing. For more information, see Section 7.15, “Line
Sharing - estimation and enforcement” in PacketLogic Real-Time Enforcement product
guide.
When Device ID is used in the distribution, the first statistics distribution level will consist of
device types, with the device IDs on the level below.
Since the device ID is unique per PRE, the value types System and Local Host must be
included in statistics distributions related to line sharing.
External ASpath The Border Gateway Protocol (BGP) AS path, from PacketLogic to the host on the external side
of PacketLogic. For more information, see Section 7.5, “Border Gateway Protocol (BGP)”
The depth parameter in the configuration specifies the length of the AS path. E.g., a connection
with AS path 1,2,3,4 and depth set to All would give values for AS 1, below that AS 2, below
that AS 3, and below that AS 4. Setting the depth to 2 would give values for AS 1 and below
that for AS 2.
External BGP Community The Border Gateway Protocol (BGP) Community on the external side of the PacketLogic. For
more information, see Section 7.5, “Border Gateway Protocol (BGP)” in PacketLogic Real-
Time Enforcement product guide.
with AS path 1,2,3,4 and depth set to All would give BGP Community values for AS 1, below
that AS 2, below that AS 3, and below that AS 4. Setting the depth to 2 would give values
for AS 1 and below that for AS 2.
In Channel The ID of the channel on which the inbound packets in the connection arrive.
In DSCP The value of the Differentiated services Code Point (DSCP) field found on inbound packets in
the connection. For more information, see Section 6.5.1, “Packet analysis” in PacketLogic
179
Name Description
In MPLS The Multiprotocol Label Switching (MPLS) label found on inbound packets in the connection.
For more information, see Section 6.5.1, “Packet analysis” in PacketLogic Real-Time
In Vlan ID The ID of the VLAN header on the inbound packets in the connection. For more information,
see Section 6.5.1, “Packet analysis” in PacketLogic Real-Time Enforcement product guide.
The depth parameter in the configuration specifies the number of VLAN levels used to build
statistics values. Values can be built for a maximum number of four levels. E.g., a depth of
4 would give values for level 1, 2, 3 and 4. Setting the depth to 1 would give values for the
outermost level only.
In Vlan Priority The priority code point (PCP) of the VLAN header on the inbound packets in the connection.
Internal ASpath The Border Gateway Protocol (BGP) AS path, from PacketLogic to the host on the internal side
of PacketLogic. For more information, see Section 7.5, “Border Gateway Protocol (BGP)”
The depth parameter in the configuration of the distribution specifies the length of the AS path.
E.g., a connection with AS path 1,2,3,4 and depth set to All would give values for AS 1, below
Internal BGP Community The Border Gateway Protocol (BGP) Community on the internal side of the PacketLogic. For
more information, see Section 7.5, “Border Gateway Protocol (BGP)” in PacketLogic Real-
with AS path 1,2,3,4 and depth set to All would give BGP Community values for AS 1, below
IP Protocol The IP protocol used for the connection (e.g., 6 for TCP or 17 for UDP).
Link A link to another distribution. By using a link, the value paths built by the linked distribution can
be reused to save storage space. For more information, see Section 7.6, “Links”.
Local Host The IP address of the local host in the connection.
Local Vhost The virtual host name of the local host in the connection.
The depth parameter in the configuration specifies the number of sections in the local host
name used to build values. The top-level domain is accounted for as depth 1, even if it consists
of multiple sections (e.g., "google.co.uk", where "co.uk" is the top-level domain). To determine
which sections that form the top-level domain, the Public Suffix List (https://publicsuffix.org/
list/public_suffix_list.dat) is used. If the top-level domain cannot be found in the list, the first
entry will be considered the top level.
NetObject A NetObject that groups hosts into different categories. For more information, see Section
5.5.3.1, “NetObjects”.
180
Name Description
The root and depth parameters in the configuration specify for which levels in the NetObject
tree that values should be built. The root specifies the level in the NetObject tree where the
path should start. The depth specifies how deep the path should go from that point. E.g., a
depth of 2 includes the next two levels below the root. For more information, see Section 7.3,
“Depth in NetObjects and ServiceObjects”.
Origin AS The Border Gateway Protocol (BGP) AS number of the autonomous system (AS) furthest away
on the external side of the PacketLogic. For more information, see Section 7.5, “Border
Gateway Protocol (BGP)” in PacketLogic Real-Time Enforcement product guide.
Out Channel The ID of the channel on which the outbound packets in the connection are sent.
Out DSCP The value of the Differentiated services Code Point (DSCP) field found on outbound packets in
the connection. For more information, see Section 6.5.1, “Packet analysis” in PacketLogic
Out MPLS The Multiprotocol Label Switching (MPLS) label found on outbound packets in the connection.
Out Vlan ID The ID of the VLAN header on the outbound packets in the connection. For more information,
see Section 6.5.1, “Packet analysis” in PacketLogic Real-Time Enforcement product guide.
Out Vlan Priority The priority code point (PCP) of the VLAN header on the outbound packets in the connection.
Outgoing TTL The last seen Time To Live (TTL)/Hop Limit in the header on an outbound packet in the
connection. For more information, see Section 6.5.1, “Packet analysis” in PacketLogic Real-
Property The DRDL properties of the connection. Which properties that are available (e.g., file size,
server version, and user name) depends on the application and can be selected in the
configuration.
Remote Host The IP address of the remote host in the connection.
Remote GeoIP The value of the specified GeoLogic database column.
Remote Vhost The virtual host name of the remote host in the connection.
The depth parameter in the configuration specifies the number of sections in the remote host
name used to build values. The top-level domain is accounted for as depth 1, even if it consists
of multiple sections (e.g., "google.co.uk", where "co.uk" is the top-level domain). To determine
which sections that form the top-level domain, the Public Suffix List (https://publicsuffix.org/
list/public_suffix_list.dat) is used. If the top-level domain cannot be found in the list, the first
entry will be considered the top level.
181
Name Description
Service The name of the service that generated the connection. Services are identified by DRDL
signatures and can be an application or a protocol (e.g., Netflix or Facebook). For more
information, see Section 5.5.3.2, “ServiceObjects”.
If Base Service differs from Service, a virtual service definition is providing the Service.
ServiceObject A ServiceObject that groups services into different categories. For more information, see
Section 5.5.3.2, “ServiceObjects”.
The root and depth parameters in the configuration specify for which levels in the ServiceObject
tree that values should be built. The root specifies the level in the ServiceObject tree where
the path should start. The depth specifies how deep the path should go from that point. E.g.,
a depth of 2 includes the next two levels below the root. For more information, see Section
7.3, “Depth in NetObjects and ServiceObjects”.
Session Context Column Session Context data about a connection provisioned from PSM.
The schema and column parameters in the configuration specify how to distribute statistics
by Session Context data. For more information, see Section 7.7, “Session Context in
statistics”.
System An identifier for the PRE system that processed the traffic. The machine ID will be used, unless a
system name has been configured. (The system name can be set by the system configuration
value SYSTEM_NAME found in the General directory.)
XFB Flags The eXtended File Broker (XFB) flags. The flags describe the transfer behaviour of the traffic
(e.g., timing, packet size and distribution). One connection can have several XFB flags.
For more information, see Section 6.6.1.3.14, “FlagObjects” in PacketLogic Real-Time
The following tables list the name and ID of value types. The IDs can be used in queries in the SQL Interface and in the PythonAPI.
TABLE 7.2 Traffic and Channel statistics value types

Name ID
StatisticsObject / Root 0
NetObject 513
Local Host 514
Local Vhost 515
Remote Vhost 516
ServiceObject 517
Service 518
Internal ASpath 519
External ASpath 520
In VLAN 521
XFB Flag 522
IP Protocol 523
182
Name ID
Remote Host 524
Out VLAN 526
In DSCP 527
Out DSCP 528
In Channel 529
Out Channel 530
In MPLS 531
Out MPLS 532
ChannelStats Root 533
ChannelStats Channel 534
Base Service 535
Origin AS 536
Property 537
Internal BGP Community 538
External BGP Community 539
Outgoing TTL 540
Categories 541
Session Context Column 542
In Vlan Priority 543
Out Vlan Priority 544
System 545
Device ID 546
Remote GeoIP 547
TABLE 7.3 NAT statistics value types

Name ID
NAT Statistics 1281
NAT Host 1282
NAT Pool 1283
TABLE 7.4 ShapingObject statistics value types

Name ID
ShapingObject Statistics 2049
ShapingObject System 2050
183
See also
• Section 5.5.3.2, “ServiceObjects”
• Section 5.5.3.1, “NetObjects”
• Section 7.4, “Intelligence Feeds” in PacketLogic Real-Time Enforcement product guide
• Section 7.15, “Line Sharing - estimation and enforcement” in PacketLogic Real-Time Enforcement product guide
• Section 7.5, “Border Gateway Protocol (BGP)” in PacketLogic Real-Time Enforcement product guide
• Section 6.5.1, “Packet analysis” in PacketLogic Real-Time Enforcement product guide
• Section 6.6.1.3.14, “FlagObjects” in PacketLogic Real-Time Enforcement product guide
7.6. Links
Linking in statistics is a way of reducing the number of stored value paths by reusing value paths created by other statistics
distributions. Linking between StatisticsObjects reduces duplicate value paths and is an effective way of saving storage space,
without removing complexity from the distribution. When you add a link in the distribution configuration of a StatisticsObject, the
value paths built by the distribution below the link will be retrieved from statistics stored by another distribution.
See also
• Section 7.6.1, “Configuring a link”
• Section 7.6.3, “Requirements for linking”
• Section 7.6.4, “Single or double NetObjects in a link”
• Section 7.6.5, “Depth and root in links”
• Section 7.6.6, “Link back to the same StatisticsObject”
184
7.6.1. Configuring a link

You configure a link to a StatisticsObject to reuse a value path.
Prerequisites: There must be another StatisticsObject configured, that you link to.
To configure a link
1. Create a StatisticsObject.
2. On the Distribution tab, click Add, and then click Link.
3. In the Link/Root/Property list, select a StatisticsObject.
See also
• Section 7.6.2, “Link configuration example”
7.6.2. Link configuration example

A StatisticsObject called Topology 1 is distributed by Cable Modem Termination System (CMTS). On the distribution level below
is a link to the StatisticsObject Subscribers 1. The link target distribution is specified on the Distribution tab in the Link/Root/
Property. A NetObject is added below the link in the configuration as a placeholder for the linked values. The NetObject root
of the link is set to the starting point of the link target distribution, and the depth is configured to the amount of NetObjects that
the value path will contain for the resulting values.
The distribution that Topology 1 links to is configured to store values for all subscribers in the NetObject PSM/All Subscribers.
FIGURE 7.7 StatisticsObject configuration for Topology 1
185
FIGURE 7.8 StatisticsObject configuration for Subscribers 1
The StatisticsObject Topology 1 builds value paths in the form /Topology 1/<CMTS>/<subscriber>, such as:
/Topology 1/
/Topology 1/CMTS 1
/Topology 1/CMTS 2
See also
• Section 7.6.5, “Depth and root in links”
7.6.3. Requirements for linking

The link should be added at a place in the distribution where all NetObjects of interest contain a unique set of subscribers. Do
not link from a distribution where, for example, the same subscriber can be a member of several NetObjects, since the values
that are linked will be misleading or incorrect. In Section 7.6.1, “Configuring a link”, where Topology 1 is distributed by CMTS,
this requirement is fulfilled, since a subscriber can be a member of one CMTS only.
EXAMPLE 7.1 Non-unique distribution with link
A StatisticsObject called Topology 1 is distributed by cell tower. Since a subscriber can move between cell towers and thereby
be located in different NetObjects, the resulting values should also be accumulated per cell tower. A subscriber that has used
more than one cell tower will have value paths stored for all those cell towers.
In this example, the problem is that the values linked from the StatisticsObject Subscribers 1 are values that the subscribers have
accumulated daily, regardless of how many cell towers that have been used. The value paths that are built from this distribution
show values for each cell tower that could be accumulated for several cell towers.
StatisticsObject, Topology 1
|- NetObject, By Celltower
|- Link, Subscribers 1
|- NetObject, PSM/All Subscribers
StatisticsObject, Subscribers 1
186
Another requirement for a link to work properly is that the distribution that the link is pointing to must contain all possible NetObjects
of interest. This is usually all subscribers or local hosts.
See also
7.6.4. Single or double NetObjects in a link

In some cases, double NetObjects have to be added to the distribution below the link in the StatisticsObject configuration for the
link to work properly. This has to do with the way the configuration of the NetObject root functions in the statistics distribution,
and how the resulting value paths are built.
When there is only one NetObject distribution at a certain distribution level, the value paths that are stored do not use the
NetObject root name. For example, if the NetObject root is configured to PSM/All Subscribers in a distribution with only one
NetObject on the relevant level, the value paths will not contain All Subscribers, which is the root name. Instead the NetObject
below All Subscribers—in this case each subscriber—will be added in the path directly. On the other hand, when there are more
than one NetObject at a linked distribution level, the NetObject root name is included in the stored value paths. When a link is
configured in a StatisticsObject, the path to link to has to be exactly specified.
Double NetObjects in a link are required when there are two or more NetObjects at the link target distribution level. When the
values are built for a StatisticsObject that contains two or more NetObjects at a distribution level, the value path will contain the
NetObject root name. This will not be the case for StatisticsObjects containing one NetObject at the relevant level.
Below are examples of single and double NetObjects in a link.
EXAMPLE 7.2 Single NetObject in a link
A StatisticsObject called Topology 1 links to the StatisticsObject Subscribers 1 which is distributed by one NetObject. Thereby
only one NetObject is added in the link with the root starting at PSM/All Subscribers, which means that the NetObjects in PSM/
All Subscribers will be added directly in the value path, and all NetObjects in PSM/All will have values if they use traffic. The value
paths will be built in the form /Topology 1/<CMTS>/<subscriber>. For example:

The StatisticsObject distribution structures:
|- NetObject, PSM/By CMTS
|- Link, Subscribers 1
|- NetObject, root=PSM/All
Examples of value paths resulting from the Subscribers 1 distribution:
/Subscribers 1
/Subscribers 1/subscriber 1
/Subscribers 1/subscriber 2
187
The NetObject structure:
PSM
|- All Subscribers
|- By Tier
|- By CMTS
EXAMPLE 7.3 Double NetObjects in a link
A StatisticsObject called Topology 2 links to the StatisticsObject Subscribers 2 which has a distribution with two NetObjects
on the same level. Thus, two NetObjects with the root starting at PSM/All Subscribers are added in the link. The value path
the link is pointing to has to be exactly specified. The value path names resulting from the StatisticsObject PSM/All Subscribers
will contain the NetObject root, so double NetObjects in the link are required. However, as a result of the internal process of
retrieving the resulting value paths—including the linked values—when querying the statistics system, the values of Topology
2 will have the same form as for Topology 1 in the example above. When the statistics file system is queried, the value paths
will have the form /Topology 2/<CMTS>/<subscriber>.
The StatisticsObject distribution structures:
|- NetObject, PSM/By CMTS
|- Link, Subscriber 2
|- NetObject, PSM/By Tier
Examples of value paths resulting from the Subscribers 2 distribution, where the root name is included:
/Subscribers 2
/Subscribers 2/All Subscribers/subscriber 1
/Subscribers 2/All Subscribers/subscriber 2
/Subscribers 2/By Tier/Tier A
/Subscribers 2/By Tier/Tier A/subscriber 1
/Subscribers 2/By Tier/Tier B/subscriber 2
The NetObject structure:
PSM
|- All Subscribers
|- By Tier
|- By CMTS
See also
7.6.5. Depth and root in links

The NetObject root in a StatisticsObject specifies the NetObject from where to start building statistics values. Another NetObject
is required below the root, that contains for example the subscriber. The NetObject below the root level is the starting point
when building the value paths. When you configure the depth of the NetObject root in the link in a StatisticsObject, the resulting
value paths need to be considered. The depth of a NetObject should correspond to the number of occurrences of NetObjects
188
in the value path of the link target distribution. The value paths will look different depending on if there is one or more NetObjects
on the link target distribution level.
In the examples in Section 7.6.4, “Single or double NetObjects in a link”, the StatisticsObject Topology 1 contains a link
to the StatisticsObject Subscribers 1. The embedded value paths of Subscribers 1 will have the form /Subscribers 1?
StatisticsObject/<subscriber>?NetObject. Every value path will contain one NetObject, and the depth should be
set to 1 for the NetObject root PSM/All Subscribers in Topology 1.
The StatisticsObject Topology 2 in the example, contains a link to the StatisticsObject Subscribers 2, which is distributed by
two NetObjects. The embedded value paths for the PSM/All Subscribers NetObject of Subscribers 2 will have the form /
Subscribers 2?StatisticsObject/All Subscribers?NetObject/<subscriber>?NetObject. Every value
path will contain two NetObjects, and the depth should be configured to 2 for the NetObject root PSM/All Subscribers in
Topology 2.
See also
• Section 7.6.4, “Single or double NetObjects in a link”
7.6.6. Link back to the same StatisticsObject

A StatisticsObject can contain a link that points back to itself, to a sub-distribution of the StatisticsObject. In the distribution
configuration of a StatisticsObject with a link to a distribution within the same object, you cannot select the link target
StatisticsObject in the Link/Root/Property box. Instead, you must type the name of the link target in the box.
EXAMPLE 7.4 Link to a distribution within the same StatisticsObject
A StatisticsObject called Subscribers contains a link back to itself.
Subscribers, StatisticsObject
| |- Service
|- NetObject, PSM/By Tier
|- Link, Subscribers
189
See also
7.7. Session Context in statistics

Session Context schemas are used by PSM to provision PRE with subscriber and session information. The Session Context data
can be used in statistics. For more information about Session Context, see the PacketLogic Subscriber Manager Product
Guide and the PacketLogic Real-Time Enforcement Product Guide.
You need to specify which column in the Session Context schema that identifies a subscriber to be used in statistics and for
subscriber count purposes. When a subscriber count is performed in the PacketLogic Client, the SQL interface, or the PythonAPI,
all levels in the StatisticsObject tree structure are searched recursively to find all unique subscribers. A subscriber count differs
from a sub-item count, which, if configured, is collected and stored for the sub-level of every level in the distribution.
The value paths created by distributions using SessionContextObjects will be shown with the value type NetObject in the
Statistics view in the PacketLogic Client.
FIGURE 7.9 Session Context value path with value type NetObject
A StatisticsObject with a distributions that contains Session Context data, will build statistics values for both the column name
level and item level. There is an option to exclude the column name from the statistics value structure, so that the resulting
distribution levels are compatible with data collected using NetObject distributions in previous versions of PacketLogic.
See also
• Section 7.7.1, “Session Context in statistics workflow”
• Sub-Item Count
7.7.1. Session Context in statistics workflow

You follow this workflow to configure how Session Context data is stored in statistics.
1. Configure the subscriber column
You specify which column in the Session Context schema that identifies a subscriber to be used in statistics and for
subscriber count purposes.
190
Set the system configuration value PLS_SCHEMA_COLUMN_SUBSCRIBER in the Statistics folder to schema_name/
column_name.
2. Configure a StatisticsObject
You configure a StatisticsObject to use Session Context data provisioned from PSM in statistics.
Section 7.7.2, “Configuring a StatisticsObject for Session Context data”
3. Configure a SessionContextObject
You configure a SessionContextObject to define specific values in fields of a Session Context Schema in PSM.
Section 6.6.1.3.19, “SessionContextObjects” in PacketLogic Real-Time Enforcement product guide
4. Configure a statistics rule
You configure a statistics rule with a SessionContextObject to match traffic with a StatisticsObject.
Section 7.7.3, “Configuring a statistics rule for Session Context data”
See also
• Section 7.7.2, “Configuring a StatisticsObject for Session Context data”
• Section 6.6.1.3.19, “SessionContextObjects” in PacketLogic Real-Time Enforcement product guide
• Section 7.7.3, “Configuring a statistics rule for Session Context data”
7.7.2. Configuring a StatisticsObject for Session Context data

You configure a StatisticsObject to use Session Context data provisioned from PSM in statistics.
To configure a StatisticsObject for Session Context data
3. In the navigation pane, and then expand the Objects folder.
4. Select the StatisticsObjects folder.
7. On the Fields tab, select the check boxes for the values that will generate statistics.
8. On the Distribution tab, click Add, and then click Session Context Column.
9. In the Link/Root/Property box, type schema_name/column_name to use a column in the Session Context data to
distribute statistics.
191
10. To exclude the Session Context column name from the distribution, in the Column Name list, click Exclude.
See also
7.7.3. Configuring a statistics rule for Session Context data

You configure a statistics rule with a SessionContextObject to match traffic with a StatisticsObject.
Prerequisites: There must be a SessionContextObject configured.
To configure a statistics rule for Session Context data
3. In the navigation pane, select the Statistics rules folder.
4. On the File menu, point to New, and then click Rule.
5. In the Rule name box, type a name.
6. In the workspace, click the plus icon, point to Add Condition, and then click New Condition.
For more information about how to configure conditions, see Section 6.6.2.1, “Use conditions to create rules” in
7. Click the plus icon, and then click Add Object.
8. In the Type column, click the arrow on the condition and select SessionContextObject.
9. In the Name/Object column, click the the arrow and select a SessionContextObject.
10. In the navigation pane, expand the new rule and click StatisticsObjects.
11. In the Available list, click a StatisticsObject, and then click the right-pointing arrow to add the object to the rule.
Repeat this step if you want to add more objects.
See also
192
7.8. Subscriber NetObjects

To identify the NetObjects that should be considered unique subscribers in statistics, and for subscriber count purposes, a
NetObject attribute is used.
When a subscriber count is performed to be presented in the PacketLogic Client, or by using subscriber count queries in the
SQL interface or the PythonAPI, all levels in the StatisticsObject tree are searched recursively to find all unique subscribers. A
subscriber count differs from a sub-item count, which, if configured, is collected and stored for the sub-level of every level in
the distribution. (Sub-Item Count).
See also
• Sub-Item Count
7.8.1. Configuring a subscriber Netobject

You configure a subscriber NetObjects to identify unique subscribers in statistics.
To configure a subscriber Netobject
3. In the navigation pane, expand the Objects folder, and then expand the NetObjects folder.
4. Right-click a NetObject, and then click Attribute Editor.
5. Click Add Attribute, and then click Statistics - Count as subscriber.
6. Select the Statistics - Count as subscriber check box.
7. Click OK.
See also
• Section 7.8, “Subscriber NetObjects”
7.9. NAT statistics

Statistics for NAT pools are stored in a predefined distribution, available in the NAT Statistics Statistics path at the root. You
enable NAT statistics with the system configuration value PLS_NATSTATS_ENABLED in the Statistics folder.
193
FIGURE 7.10 NAT statistics distribution
7.10. Averages based on usage analysis

Graph data points are average values that are calculated from the traffic volume seen during five minute graph point intervals.
If peak values of the traffic are of interest, this calculation may be misleading since a connection may be active only during a
short period of the five minute interval.
Consider the following example. A connection sees 3000 bytes of traffic during 10 seconds of a five-minute (300 seconds)
graph interval. The average value for that connection will be calculated as follows:
3000 bytes / 300 seconds = 10 bytes per second
Using only the 10 seconds that the connection was active would result in a more accurate view of the peak value of that time
interval:
3000 bytes / 10 seconds = 300 bytes per second
Averages based on usage analysis is a feature that stores an activity bitmask along with the graph data based on the graph
interval of five minutes. This means that additional graph data points based on the five second intervals that the connection has
been active can be calculated. The traffic volume that a connection sees during the five minute graph point interval will then be
divided by the active five second intervals of the connection to get the average value based on the usage analysis.
The bitmask that is linked to the connection is used to determine which five second intervals are active for the connection.
Each bit in the bitmask corresponds to a connection update interval, which is five seconds by default. If the connection is active
during the connection update interval, the corresponding bit is set. The time interval to use for the calculation of the average
is then based on how many bits are set in the bitmask. If a connection is active during two connection update intervals, two
bits in the bitmask will be set, and the calculation of the average for the five minute graph point interval will be based on the
10 seconds that the connection was active.
If two or more connections are related to the same value, they are linked to form one bitmask. The resulting bitmask is then
stored along with the value of the connection.
194
Note
The graph point interval is five minutes by default and the connection update interval is five seconds by default. You
can configure the intervals with the system configuration values PLS_GRAPH_FREQUENCY in the Statistics
folder and CONNECTION_UPDATE_INTERVAL in the Connection Handling folder. For averages based on
usage analysis to work properly, the following condition should be met:
PLS_GRAPH_FREQUENCY / CONNECTION_UPDATE_INTERVAL ≤ 64
The graph point interval divided by the connection update interval must be less than or equal to 64, since that
is the length of the bitmask when the values are built. The following example uses the default values:
300 (PLS_GRAPH_FREQUENCY) / 5 (CONNECTION_UPDATE_INTERVAL) = 60
In this case the first 60 bits in the bitmask will be used for setting the activity of a connection.
See also
• Section 7.10.1, “Enabling averages based on usage analysis”
• Section 7.10.2, “Viewing usage analysis data”
7.10.1. Enabling averages based on usage analysis

You enable usage analysis per distribution level. It is always enabled on the root level of a StatisticsObject.
To enable averages based on usage analysis
3. In the navigation pane, expand the Objects folder, and then expand the StatisticsObjects folder.
4. Select a StatisticsObjects.
5. On the Distribution tab, in the Graph Points list, click Add, and then click Usage analysis.
See also
7.10.2. Viewing usage analysis data

To view usage analysis data
2. In Statistics view, on the Graphs tab, select the Use usage analysis data checkbox.
195
See also
7.11. Aggregation
Aggregation is suitable for deployments where a high level view of statistics stored by multiple PIC systems is required.
Aggregation can be done for a variety of reasons:
• A single statistics system cannot handle all statistics generated by a multi-system deployment, but you still want some data
from all systems to be combined to show total network statistics.
• You need an aggregated high-level view for central network management staff, but detailed data is necessary for local
engineers.
• You want to have separate access to central and local statistics.
Statistics can be aggregated for each StatisticsObject to a dedicated aggregation server. The aggregation server is a PIC, which
receives values from other PIC systems, instead of directly from PRE. Statistics reader peering can be used to share statistics
between multiple PIC systems. For more information, see Section 8.3, “Statistics reader peering”.
EXAMPLE 7.5 Aggregation example
Two PIC systems are placed at different locations. One PIC manages the staff network, and the other PIC manages the customer
network. The total network is defined by the NetObject tree shown in the figure, which is shared among the PIC systems by
means of a resource proxy.
The StatisticsObjects to store statistics data are defined locally on both PIC systems. The local PIC builds data sets and sends
them to the aggregation system where they will be stored. The aggregation system is configured on the local PIC systems as
the aggregation resource. Statistics that are sent to the aggregation server cannot be retrieved from the local PIC, but only be
viewed on the aggregation system.
Note
If the StatisticsObject that is configured to send statistics to the aggregation resource contains links to other
StatisticsObjects, the link target objects also need to be configured to aggregate statistics.
196
See also
• Section 7.11.1, “Configuring aggregation for a StatisticsObject”
• Section 7.11.2, “Configuring an aggregation resource”
7.11.1. Configuring aggregation for a StatisticsObject

For each statistics system that will aggregate data to another statistics system (the aggregation server), the Aggregation resource
should be configured to hold the aggregation server. For information on configuring resources, see Section 3.25, “Resource
Manager window”.
To configure aggregation for a StatisticsObject
4. Select a StatisticsObjects.
6. On the Aggregation tab, select the Aggregate this object to the aggregation server check box.
See also
7.11.2. Configuring an aggregation resource

You perform this procedure on each PIC that will aggregate data to the PIC system that is acting as aggregation server.
To configure an aggregation resource
3. In the Name column, select Aggregation, and then click Edit.
4. On the Aggregation tab, select the Aggregate this object to the aggregation server check box.
197
6. In the Proxy address box, type the IP address of the aggregation server.
7. In the Proxy user box, type the name of a user on the aggregation server.
9. Click OK.
The status of the resource should say Ready after a short while.
See also
7.12. Statistics ruleset templates

Statistics ruleset templates are standard ruleset configurations available for installation. They provide an easy way of setting up
rules and objects to store statistics according to the type of template that is selected.
7.12.1. Installing a statistics ruleset template

You install a template to set up rules and objects to store statistics.
To install a statistics ruleset template
3. On the File menu, point to Import Template, and then click Stock.
4. Select a stock template and click Ok.
The objects and rules in the template are built automatically.
See also
7.12.2. Objects and rules in statistics ruleset templates

The following objects and rules are used in the statistics ruleset templates.
198
StatisticsObjects
Services
This StatisticsObject is configured so that information about services, service categories and the local hosts using them
is gathered. The information can be used to find out which applications are the most popular, or which subscribers use
the most downstream volume for a particular service.
Subscribers
This StatisticsObject is configured so that information about traffic behaviour and habits of the subscribers is collected.
The information can for example be used to list the applications that the subscribers who use the most downstream
volume are using, or the most popular services among the subscribers of a certain tier or subnet.
Web
This StatisticsObject is configured so that information about service categories, remote virtual hosts and the local hosts
connecting to them is collected. Information about the devices used to access the services is also stored. If applicable,
information about ContentLogic categories is also collected.
Devices
This StatisticsObject is configured so that information about the devices used in the network is collected. The most
popular devices and applications used by particular devices are examples of the type of information collected.
BGP
The BGP StatisticsObject is distributed to gather Origin AS and External AS information for service catetgories and
services.
Statistics rules
All Hosts
This rule applies to templates that do not require PSM provisioning. It links the hosts in the All Hosts NetObject to the
Services, Subscribers and Devices StatisticsObjects, so that information can be collected according to the configurations
of these objects for all subscribers in the network.
Web
This rule links the service categories Web Browsing and Streaming Media to the Web StatisticsObject. The rule ensures
that only connections with the property Server Hostname set is accounted for.
In PSM
This rule applies to templates that require PSM provisioning. It links the subscribers in the PSM NetObject to the Services,
Subscribers and Devices StatisticsObjects, so that information can be collected according to the configurations of these
objects for all subscribers in the network.
PropertyObject
Empty Hostname
This PropertyObject is used by the Web rule on connections that have the Server Hostname property.
7.12.3. NetObject tree

For a statistics ruleset template to function properly, the compatible NetObject structure must be in place on PRE. For T1, this
structure may be installed using the PacketLogic Client. The file t1-netobjects.xml is located in the same folder as the ruleset
templates. The T1 NetObject structure can also be configured manually (see Section 7.12.4.1, “T1 NetObject structure”). All
other templates require PSM provisioning, which means that the compatible NetObject trees should be provisioned by PSM.
See the PSM Product Guide for instructions on how to configure PSM to provision NetObjects.
Note
If the compatible NetObject tree is not in place on PRE, the distribution of the StatisticsObject will point to the
top level NetObject (instead of the PSM provisioned NetObject), and the template will not work.
199
7.12.4. T1 — No PSM
When the t1-no-psm.xml file is installed on PRE, the most basic statistics ruleset template is created. It does not demand PSM
provisioning, and only needs traffic passing through PRE to function. The information that is collected once T1 is installed, is
general and valuable statistics about services, hosts and devices. The following rules and objects are built when installing the
template:
StatisticsObjects Statistics rules PropertyObjects
• Services • All Hosts • Empty Hostname
• Subscribers • Web
• Web
• Devices
See Section 7.12.2, “Objects and rules in statistics ruleset templates” for information about the objects and rules.
7.12.4.1. T1 NetObject structure

Since the T1 template is used in cases where the NetObject tree is not provisioned by a PSM, a NetObject structure that is
compatible with the installed ruleset needs to be configured. The NetObject template file t1-netobjects.xml can be installed prior
to the ruleset template to ensure that the NetObject tree and the ruleset will function properly together. The NetObject structure
that is built when installing the file is a good example of how a NetObject tree that functions well with the T1 template could look.
Other NetObject structures could also be used, as long as the distribution below is included in the structure.
NetObjects
|- NetObject, All Hosts
|- NetObject, By Subnet
|- NetObject, <Subnet ID>
The All Hosts NetObject holds all local hosts in a flat list. The By Subnet NetObject contains a NetObject for each subnet, which
holds the local hosts of that subnet. The Subnet NetObjects that are created when installing the file can be adjusted to fit the
network. These NetObjects do not necessarily have to be used in the installation, but they need to be available in the NetObject
structure for T1 to work properly.
7.12.5. T2 — Subscriber awareness

The t2-subscriber-awareness.xml file is dependent on PSM integration with a specific configuration. The information that is
collected, once the template is installed and the proper NetObject structure is in place, is general statistics about subscribers
and the services and devices used by them. The following objects and rules are installed when importing the template:
• Services • In PSM • Empty Hostname
• Web
• Devices
200
7.12.5.1. T2 NetObject structure

A NetObject tree that is compatible with the T2 template ruleset should be provisioned by PSM. Below is an example of a tree
that needs to be included in the NetObject structure and that the PSM should provision.
NetObject, PSM
|- NetObject, All Subscribers
| |- NetObject, <SubscriberID>
|- NetObject, By Tier
|- NetObject, <TierID>
|- NetObject, <SubscriberID>
The following NetObject tree syntax can be used in the PSM to provision the NetObject structure on PRE. The syntax should
be adjusted to suit the current configuration. See the PSM Product Guide for information configuration of the NetObject tree.
/All Subscribers !
/By Tier/<subscriber.tier> !
7.12.6. T7 — BGP
The T7 template is a superset of T2 — Subscriber Awareness, which means that this template is dependent on PSM intergration
with a specific configuration. T7 requires the same NetObject structure as T2, see Section 7.12.5.1, “T2 NetObject structure”.
The information that is collected when this template is installed and the relevant NetObject tree is in place is the same as for T2,
but with additional BGP information included. The following objects and rules are installed when importing the template:
• Devices
• Web
• BGP
7.12.7. T12 — ContentLogic

The T12 template is a superset of T7 — BGP, and thereby also of T2 — Subscriber Awareness. The template is dependent
on PSM intergration with a specific configuration and requires the same NetObject tree as T2 and T7 (Section 7.12.5.1, “T2
NetObject structure”). The information that is collected is the same as for T7, with additional statistics about ContentLogic
categories. The same objects and rules as for T7 are installed when importing the template, but the Web StatisticsObject is
distributed to capture the ContentLogic categorization of websites when collecting statistics.
201

• Devices
• Web
• BGP
202
8. PacketLogic statistics reading
8.1. Statistics reading overview
8.2. Statistics reader proxy workflow
8.3. Statistics reader peering
8.4. Statistics view navigation
8.5. Peak analysis
8.6. Duration for limits
8.7. Distribution example
This chapter describes how to read statistics stored in the PacketLogic statistics file system in PacketLogic Client.
203
8.1. Statistics reading overview

You can view statistics stored in the statistics file system (StatsFS) in PacketLogic Client of a PIC or PRE.
• You can use Statistics view in PacketLogic Client to create reports and view statistics.
For more information, see Section 3.3, “Statistics view”.
• When there are multiple PICs storing statistics, you can use peering to view aggregated statistics from more than one PIC
in the same client.
For more information, see Section 8.3, “Statistics reader peering”.
• When data is stored on a PIC, you can view the statistics in the client of PRE, if you proxy the statistics reader (StatReader)
resource on PRE to PIC.
For more information, see Section 8.2, “Statistics reader proxy workflow”.
See also
• Section 8.2, “Statistics reader proxy workflow”
8.2. Statistics reader proxy workflow

You configure the statistics reader resource to proxy to view statistics stored on PIC in PacketLogic Client of PRE
1. Create a statistics user on PIC and on PRE
2. Proxy the statistics reader (StatReader) resource on one PRE to PIC
The statistics reader resource on PRE reads statistics stored on PIC. You can view the statistics in PacketLogic Client
of PRE.
3. View statistics in PacketLogic Client of PRE
Section 3.3, “Statistics view”
204
See also
8.3. Statistics reader peering

Statistics reader peering lets a statistics reader on a PIC—in addition to reading its own data for a query—forward the query
to all its peers. The statistics reader aggregates the data received from all peers with its own data in the response to present
a unified view.
In large deployments—where a single PIC is not capable of holding all the data for the configured statistics objects and rules
(for example due to load)—the data can be shared among multiple PIC systems. You can use peering to connect to a single
system and still see all the data. One PIC can be designated as the one to use for statistics reading, and have all other PIC
systems with relevant data as peers.
Note
• Statistics reader peering has only limited handling of query loops. If two systems both are peering with
each other, this is handled. If three or more systems are peering with each other, queries will result in
loops and cause statistics reading to fail.
• If network or system issues or misconfiguration prevent a PIC using peering from receiving replies from
all its peers, no data will be shown for the query.
See also
• Section 8.3.2, “Adding a statistics reader peer”
• Section 8.3.1, “Multi-release peering”
8.3.1. Multi-release peering

Statistics reader peering is supported for PIC systems of multiple releases. This enables the peering node to continuously read
data from all PICs, for example during a major release upgrade. Multi-release peering is supported between PICs of major release
and major release-1. For example, a PIC of release 17.1 can peer with 16.2 but not with 15.1.
Note
For releases earlier than 17.1, all peering PICs must be of the same major release version.
See also
205
8.3.2. Adding a statistics reader peer

You use statistics reader peering to view statistics stored on multiple PIC systems in a unified view. One PIC is designated for
statistics reading and the other PICs are added as peers.
Prerequisites: There must be a user with the relevant permissions on each peering PIC. For more information about user
permissions, see Section 6.4, “Statistics user”.
To add a statistics reader peer
1. Log on to the CLI of PIC.
3. To add a peering PIC system, type set service statistics statistics-reader-peers {host_ip_address | host_name}
password password username user_name.
You can type either the IP address or name of the host to be added as a peer. The user name is the name of a
statistics user on the peer.
4. Type commit.
See also
8.4. Statistics view navigation

8.4.1. Statistics view address bar
The address bar shows a link location to help you navigate in the distribution. You can edit the current location or type a new
address. The format of the link location is {bar|pie|percentbar|line|stacked}:path_element?/path_element?distribution_type/?
datatype={Traffic|Connections}. For example, bar:/Host and service?/10.1.2.3?Local Host/?
datatype=Connections shows a bar chart of the number of connections for the services for the local host 10.1.2.3, for
the selected time interval. Clicking the blue arrow next to the address bar to shows a list of previously visited views.
8.4.2. Statistics view workspace

• Show a chart in full-screen mode by clicking the chart area, and then pressing Ctrl+Shift+F. Press Esc to leave full-screen
mode.
• Right-click an item to copy the chart or the link location for the item to the clipboard.
• Click an item show a chart for the item in the current tab. Right-click the item to open the chart in a new tab with Open
Link in New Tab.
• Point to an item in a chart to display a tooltip with information about the item.
206
• In line charts and stacked area charts, zoom by holding down Shift while moving the pointer over to interval.
• In line charts and stacked area charts, display peak data by holding down Ctrl while clicking a graph point.
8.4.3. Bookmarks
Bookmarks are used save a specific view when you explore statistics in StatsFS. Use the Export Bookmarks option on the
context menu of a folder in Statistics view to export bookmarks. Bookmarks can be imported to a bookmarks folder with the
Import Bookmarks option on the same menu. For more information, see Section 3.3.2.1, “Bookmarks tab context menu”.
Bookmarks are exported in PacketLogic Bookmarks (.pbx) format. This is an example of the content of a PBX file, where the
folder is called 'My bookmarks' and contains the two bookmarks 'Local hosts' and 'URLs'.
<!DOCTYPE plclient-bookmarks-1>
<bookmarks>
<item type="folder" name="My bookmarks">
<item type="bookmark" date="2019-11-05T00:00:00" interval="day" name="Local hosts"
datemode="fixed" numberofvalues="0"
address="bar:/Local hosts?Statistics Object/?splittype=Local
Host&datatype=Traffic"/>
<item type="bookmark" date="2019-11-05T00:00:00" interval="day" name="URLs"
datemode="fixed" numberofvalues="0"
address="bar:/URLs?Statistics Object/?splittype=Property&datatype=Traffic"/>
</item>
</bookmarks>
See also
• Section 8.4, “Statistics view navigation”
• Section 3.29, “Command-line mode”
8.5. Peak analysis

Peak analysis shows the ten sub-items that have contributed most to any point on a graph. You can view peak data for any
distribution level in a StatisticsObject, where the sub-items of that distribution level have graph points enabled.
See also
• Section 8.5.1, “Viewing peak data”
• Section 8.5.2, “Enabling graph points”
8.5.1. Viewing peak data

To view peak data
1. Log on to PacketLogic Client.
207
2. In Statistics view, navigate to the graph you want to see peak data for.
3. Hold down the Ctrl key and click the graph.
See also
8.5.2. Enabling graph points

To enable graph points
4. Select a StatisticsObject.
5. On the Fields tab, select the Graph Points check box to collect graph data for a field.
6. On the Distribution tab, in the Graph Points list, click Normal to collect graph data for sub-item.
See also
8.6. Duration for limits

You can view the duration when values have been within a defined set of limits. For example, how long a certain host has
exceeded 10 Mbps during the last 24 hours.
8.6.1. Viewing the duration for limits

To view the duration for limits
2. In Statistics view, navigate to a chart you want to see durations for.
3. On the View menu, click Bar Chart.
4. On the Navigation tab, select the Show duration for matches check box.
5. Click Apply.
208
See also
8.7. Distribution example

This example shows the resulting statistics of a distribution configuration in Statistics view. Statistics about devices and services
are distributed in a tree structure where there are two top-level distributions for device categories and services. Below the device
categories, statistics are distributed by device. For each device, statistics can be viewed per ServiceObject, service, or local
host. In the other top-level distribution—service—the statistics are first distributed by device category, then by device name,
and last by local host.
Distribution
|
+ -- Device category
| |
| + -- Device name
| |
| + -- ServiceObject
| |
| + -- Service
| |
| + -- Local Host
|
+ -- Service
|
+ -- Device category
|
+ -- Device name
|
+ -- Local Host
The configuration of the StatisticsObject in the Objects & Rules Editor in PacketLogic Client has a value type for each distribution
level.
• Device category and Device name are properties and use the Property value type. For more information, see Section
7.5.2, “Value types”.
• Depth and root are specified for the ServiceObject. Here, depth is set to 1 and root is set to Procera Networks Categorization/
Categories. For more information, see Section 7.3, “Depth in NetObjects and ServiceObjects”.
209
The resulting statistics can be viewed in the Statistics viewer in PacketLogic Client. On the top level of the StatisticsObject there
are two distributions to choose between—Service and Property.
In this example, Property is selected. Since the property value type is set to Device category on the first level of the StatisticsObject
configuration, the bar chart shows a list of device categories.
The value path is /Devices?Statistics Object/Device category?Property/?splittype=Property. For

more information, see Section 7.5, “Value paths”.
210
On the level below device categories, statistics are distributed by device name. The bar chart shows a list of the devices in
the device category. The value path is /Devices?Statistics Object/Device category?Property/Computer?
Property/Device name?Property/?splittype=Property.
On the level below devices, there are three different distributions to choose between—ServiceObject, Service, and Local Host.
All these three distributions are on the lowest level. Since the depth is set to 1 for the ServiceObject, this is the lowest level
also for that distribution.
• Selecting ServiceObject shows all the ServiceObjects for the device. The value path is /Devices?
Statistics Object/Device category?Property/Computer?Property/Device name?Property/
Mac?Property/?splittype=ServiceObject.
211
• Selecting Service shows all the services for the device. The value path is /Devices?Statistics Object/
Device category?Property/Computer?Property/Device name?Property/Mac?Property/?
splittype=Service.
212
• Selecting Local Host shows all the Local Hosts for the device. The value path is /Devices?
Statistics Object/Device category?Property/Computer?Property/Device name?Property/
Mac?Property/?splittype=Local Host.
See also
• Chapter 8, PacketLogic statistics reading
213
214
9. Insights Data Storage
9.1. About Insights Data Storage
9.2. Data export to Insights Data Storage
This chapter describes values and procedures for configuring data export from PacketLogic systems to Insights Data Storage.
215
9.1. About Insights Data Storage

Statistical data can be pushed to Insights Data Storage from PRE or PIC. Insights Data Storage consists of one single node or of
a multi-node cluster holding a distributed database. You can view the data in the web interface of Deep Insights or Engineering
Insights, or access it from external systems.
Insights data is organized in two database schemas for traffic and score data. The table columns contain either a metric of an
accumulated value or a dimension used for categorizing the data.
• Traffic data is located in the traffic.stats table. It stores subscriber application and diagnostics data. Each row in the table
holds the accumulation of metrics during 5-minute periods for each unique combination of the dimensions.
• Score data is located in the in the score.stats_hourly table. It stores quality measurements with higher resolution than the
traffic data. Each row in table holds the accumulation of metrics during 1-hour periods for each unique combination of
the dimensions.
9.2. Data export to Insights Data Storage

Traffic and score data can be exported from PacketLogic to Insights Data Storage and stored in a database.
9.2.1. Data export configuration workflow

You configure PacketLogic systems to export traffic and score data to Insights Data Storage, where it is stored in the database.
The PacketLogic system can be a PRE or a PIC that runs the PacketLogic Statistics Daemon (PLSD). In order to run the statistics
daemon on PRE, PRE must have a Statistics license and local statistics enabled. For more information, see Section 6.3.6,
“Enabling/disabling local statistics”.
1. Enable Insights data export from PacketLogic
You enable Insights data export to send data from PacketLogic to Insights Data Storage.
The procedure should be performed on all PacketLogic systems that run the PacketLogic Statistics Daemon (PLSD) and
provide Insights Data Storage with data.
Section 9.2.2, “Enabling Insights data export”
2. Add Insights nodes as data collectors
You add Insights Data Storage nodes as data collectors to store data from PacketLogic.
The procedure should be performed on all PacketLogic systems that run the PacketLogic Statistics Daemon (PLSD)
and provide Insights Data Storage with data. To achieve load balance in the cluster, all Insights Data Storage nodes
must be added.
Section 9.2.3, “Adding Insights data collectors”
3. Select the dimensions for data export to Insights Data Storage
You follow this procedure to specify which dimensions that will be used for data export to Insights Data Storage.
216
Section 9.2.4, “Selecting dimensions for data export to Insights Data Storage”
4. Select the traffic used for traffic data export to Insights Data Storage
You configure a statistics rule to specify which network traffic that will be used for traffic data export to Insights Data
Storage.
Section 9.2.5, “Selecting traffic for traffic data export”
See also
• Section 9.2.2, “Enabling Insights data export”
• Section 9.2.3, “Adding Insights data collectors”
• Section 9.2.4, “Selecting dimensions for data export to Insights Data Storage”
• Section 9.2.5, “Selecting traffic for traffic data export”
• Section 9.2.6, “Values for data export”
9.2.2. Enabling Insights data export

To enable Insights data export
1. Log on to PacketLogic Client of the system that runs the PacketLogic Statistics Daemon (PLSD)—this can be PRE
or PIC.
2. On the Edit menu, click System Configuration.
3. In the navigation pane, expand the Insights folder and select the system configuration value
INSIGHTS_TRAFFIC_ENABLED.
4. In the Value list, click True to enable traffic data export to Insights Data Storage.
Note
The Insights Data Storage traffic update interval is 5 minutes. When INSIGHTS_TRAFFIC_ENABLED
is set to True, the system configuration value STATISTICS_CONNECTION_UPDATE_INTERVAL in
the Connection Handling folder must be set to either 5 minutes (default) or 1 minute for the data
export to work properly.
5. In the navigation pane, expand the Host Stats folder and select the system configuration value
HOST_STATS_ENABLED.
6. In the Value list, click True to enable score data export to Insights Data Storage.
7. If the PacketLogic Statistics Daemon runs on PIC, log on to PacketLogic Client of PRE
217
8. Set the value for HOST_STATS_ENABLED to True here as well.
See also
• Section 9.2.1, “Data export configuration workflow”
9.2.3. Adding Insights data collectors

To add Insights data collectors
1. Log on to the CLI of the system that runs the PacketLogic Statistics Daemon (PLSD)—this can be PRE or PIC.
3. To add an Insights Data Storage node, type set service statistics insights-remote hosts host_ip_address.
You do not need to specify the password, unless the default password has been changed on the Insights Data Storage
node.
Repeat this step for every node in the Insights Data Storage cluster.
4. Type commit.
See also
9.2.4. Selecting dimensions for data export to Insights Data

Storage
Note
In PacketLogic systems that use NetObjects, set the system configuration values to point to the NetObjects
that contain the relevant data.
To select dimensions for data export to Insights Data Storage
1. In PacketLogic Client of PRE, open the Edit menu and click System Configuration.
2. In the navigation pane, expand the Insights folder.
3. Select the system configuration value INSIGHTS_USE_SESSION_CONTEXT.
4. In the Value list, click True.
5. Select the system configuration value INSIGHTS_SESSION_CONTEXT_SCHEMAS.
218
6. In the Description box, type the name of the Session Context schema from which data will be retrieved.
To type multiple schema names, separate them by comma without spaces between the comma and the schema
name.
7. If the PacketLogic Statistics Daemon (PLSD) runs on PIC, log on to PacketLogic Client of PIC for the following steps.
Otherwise, perform the steps on PRE.
Note
If PLSD runs on PIC, the values for INSIGHTS_USE_SESSION_CONTEXT and
INSIGHTS_SESSION_CONTEXT_SCHEMAS will be retrieved automatically from PRE.
8. In the Insights folder, select the system configuration value for the dimensions you want to export.
Some of the dimensions are mandatory for the data export to work, and some are optional. For more information, see
Section 9.2.6, “Values for data export”.
9. For each system configuration value, in the Description box, type the name of the Session Context column that
contains the relevant data.
If multiple schemas are used, the columns in each schema must have the same column names.
See also
9.2.5. Selecting traffic for traffic data export

You configure a statistics rule to specify which network traffic that will be used for traffic data export to Insights Data Storage.
Prerequisites: There must be a statistics rule on PRE, which matches traffic that is to be exported to Insights Data Storage. The
statistics rule does not have to be linked to a StatisticsObject.
To select traffic for traffic data export
1. In PacketLogic Client of PRE, open the Edit menu, then point to Objects & Rules and click Open Without Stealing
Resource.
2. In the navigation pane, expand the Statistics rules folder.
3. Select the statistics rule that will be used for export to Insights Data Storage.
4. Select the Enable Insights Traffic Perspective storage checkbox.
See also
219
9.2.6. Values for data export

PacketLogic systems can be configured to provide Insights Data Storage with traffic and score data. The workflow to enable data
export to Insights Data Storage is described in Section 9.2.1, “Data export configuration workflow”. The workflow includes
selecting which network traffic that will be used and which values—dimensions—from the traffic to export. Some dimensions
are mandatory and others can be added optionally.
Subscriber identifying values are obfuscated by default when statistics are exported to Insights Data Storage. For more
information, see Section 5.6, “Subscriber identity integrity”.
See also
• Section 9.2.6.1, “Mandatory dimensions for data export”
• Section 9.2.6.2, “Additional values for data export”
9.2.6.1. Mandatory dimensions for data export

Add data for export to Insights Data Storage with the following system configuration values, located in the Insights folder. Configure
the values on the PacketLogic system that runs the PacketLogic Statistics Daemon (PLSD).
INSIGHTS_DIMENSIONS_SUBSCRIBER
Set this value to the subscriber identifiers.
Important
You must always specify the Session Context column that contains the subscribers. If
INSIGHTS_DIMENSIONS_SUBSCRIBER is not configured correctly, no data is exported to Insights
Data Storage.
INSIGHTS_DIMENSIONS_SERVICE_PLAN
Set this value to the names of the service plans.
INSIGHTS_DIMENSIONS_ACCESS_NODE
Set this value to the names of the access nodes.
INSIGHTS_DIMENSIONS_LOCATION
Set this value to the location identifiers (for example cell IDs in a mobile network, or names of locations in a fixed network).
INSIGHTS_DIMENSIONS_DEVICE
Set this value to the device identifiers (for example TACs or MAC addresses).
See also
9.2.6.2. Additional values for data export

Add data for export to Insights Data Storage with the following system configuration values, located in the Insights folder. Configure
the values on the PacketLogic system that runs the PacketLogic Statistics Daemon (PLSD), unless otherwise stated.
220
• System configuration values that begin with INSIGHTS_DATA_COLLECTION_SCORE_* or

INSIGHTS_DATA_COLLECTION_TRAFFIC_* enable or disable data export to the Insights Data Storage traffic and score
schemas, respectively.
• System configuration values that begin with INSIGHTS_DIMENSIONS_* configure the dimensions to export. Most of these
values require you to specify a Session Context column that contains the relevant data. Some of the values require other
specifications, which are described below. If these values are left empty, the dimension will not be exported.
INSIGHTS_DATA_COLLECTION_SCORE_SERVICE
Set this value to True to export the service name and service category to the raw data tables for the score schema. This
value is set on PRE and will be retrieved automatically from PRE if PLSD runs on PIC. The default value is False.
The service category is configured by INSIGHTS_DIMENSIONS_SIGNATURE_SERVICE_CATEGORY.
INSIGHTS_DATA_COLLECTION_TRAFFIC_BGP
Set this value to True to enable export of the BGP dimensions origin AS and next N hop AS to the traffic schema. The
default value is False. The value of N is set by INSIGHTS_DIMENSIONS_BGP_EXT_N_HOP.
INSIGHTS_DATA_COLLECTION_TRAFFIC_CONNECTION
Set this value to True to enable export of connection metrics to the traffic schema. The default value is True.
INSIGHTS_DATA_COLLECTION_TRAFFIC_CONTENTLOGIC
Set this value to True to export ContentLogic categories to the traffic schema. The default value is False.
INSIGHTS_DATA_COLLECTION_TRAFFIC_LS_DEVICE_COUNT
Set this value to True to export the line sharing data device count based on timestamp detection and port block detection.
The default value is False.
INSIGHTS_DATA_COLLECTION_TRAFFIC_LS_DEVICE_ID
Set this value to True to export the line sharing data device ID and device detection type to the traffic schema. The default
value is False.
Note
Enabling INSIGHTS_DATA_COLLECTION_TRAFFIC_LS_DEVICE_ID will cause significant row
explosion in the traffic.stats table in Insights Data Storage.
INSIGHTS_DATA_COLLECTION_TRAFFIC_POLICY
Set this value to True to export metrics about policy (packet drops, latency) to the traffic schema. The default value is True.
INSIGHTS_DATA_COLLECTION_TRAFFIC_QUALITY
Set this value to True to export metrics about quality (RTT, packets, lost packets) to the traffic schema. The default value
is True.
INSIGHTS_DIMENSIONS_ACCESS_TECHNOLOGY
Configure this value to export the names of the access technologies in use, for example RAT in a mobile network or wifi
technology in a wifi network, to the traffic and score schemas.
INSIGHTS_DIMENSIONS_APN
Configure this value to export the access point names in a mobile network to the traffic and score schemas.
INSIGHTS_DIMENSIONS_BGP_EXT_N_HOP
Configure the value of N to export next N hop AS, i.e., the AS that is N hops away from the PacketLogic
towards the origin AS. The default value is 1 (the next hop). Export of BGP data must first be enabled by
INSIGHTS_DATA_COLLECTION_TRAFFIC_BGP.
INSIGHTS_DIMENSIONS_CHANNELS_DS
Configure this value to export the channels used for downstream traffic to the traffic and score schemas.
INSIGHTS_DIMENSIONS_CHANNELS_US
Configure this value to export the channels used for upstream traffic to the traffic and score schemas.
221
INSIGHTS_DIMENSIONS_CUSTOM_1 ...INSIGHTS_DIMENSIONS_CUSTOM_10
Configure the custom values 1 - 10 to export the contents of any Session Context column in the ruleset to the traffic
and score schemas.
INSIGHTS_DIMENSIONS_GATEWAY
Configure this value to export the names of the gateways hosting the subscribers to the traffic and score schemas.
INSIGHTS_DIMENSIONS_GEOLOGIC_CITY
1
Specify the GeoLogic database column to export to the city column in the traffic schema.
INSIGHTS_DIMENSIONS_GEOLOGIC_COUNTRY
1
Specify the GeoLogic database column to export to the country column in the traffic schema.
INSIGHTS_DIMENSIONS_GEOLOGIC_REGION
1
Specify the GeoLogic database column to export to the region column in the traffic schema.
INSIGHTS_DIMENSIONS_INTERFACE
Configure this value to export the names of the interfaces subscribers are connected to to the traffic and score schemas.
INSIGHTS_DIMENSIONS_NETWORK
Configure this value to export the networks when the same network is used by multiple logical entities, for example a
mobile network and a fixed network sharing the same system, to the traffic and score schemas.
INSIGHTS_DIMENSIONS_SIGNATURE_DEVICE_CATEGORY
Configure this value to export the device categories used, such as "laptop", "phone", to the traffic and score schemas.
This value uses a Property name to populate the dimension. If INSIGHTS_DIMENSIONS_USE_PINNED_DEVICES is set
to True, a Session Context column can also be used. The default value is Device category.
INSIGHTS_DIMENSIONS_SIGNATURE_DEVICE_NAME
Configure this value to export the names of devices used, such as "Xbox 360", "Windows Phone",
to the traffic and score schemas. The value uses a Property name to populate the dimension. If
INSIGHTS_DIMENSIONS_USE_PINNED_DEVICES is set to True, a Session Context column can also be used. The
default value is Device name.
INSIGHTS_DIMENSIONS_SIGNATURE_SERVICE_CATEGORY
Configure this value to export the service categories used, such as "Streaming Media", "Networking", to the traffic and
score schemas. This value requires a path to a ServiceObject category. Depth can be specified to use a level below the
path. The default value is /Procera Networks Categorization/Categories.
INSIGHTS_DIMENSIONS_SITE
Configure this value to export the names of geographical sites hosting the connections, such as data centers, to the
traffic and score schemas.
INSIGHTS_DIMENSIONS_USE_PINNED_DEVICES
Set this value to True to enable the use of Session Context data in INSIGHTS_DIMENSIONS_SIGNATURE_DEVICE_NAME
and INSIGHTS_DIMENSIONS_SIGNATURE_DEVICE_CATEGORY. The default value is False.
See also
9.2.7. Data loss prevention

To prevent loss of data, the PacketLogic Statistics Daemon (PLSD) writes batches to a local disk if the connection to Insights
Data Storage is down. This ensures that data is preserved on the PLSD side until the connection is restored.
1
Check that the Insights release supports the GeoIP related columns in the traffic.stats table.
222
To monitor local batches in PacketLogic Client
2. In System Diagnostics view, expand Zones and select Insights.
3. Check if the system diagnostics values Traffic: Current batch spilled to disk and Score: Current batch spilled to
disk have the value 1. This means that the current batch was written to local disk. An alert will also be displayed.
4. Check the system diagnostics values Traffic: Spilled batches on disk and Score: Spilled batches on disk to see
the number of batches currently stored on local disk.
For a description of System Diagnostics values, see Appendix C, System Diagnostics Values.
See also
9.2.8. Moving of statistics process workflow

You move the PacketLogic Statistics Daemon (PLSD) from PRE to PIC, when this is necessary for Insights data export to work
properly.
1. Add PRE as a remote system on PIC
2. Disable local statistics on PRE
3. Disable Insights data export on PRE
Follow the procedure, but set the system configuration value INSIGHTS_TRAFFIC_ENABLED to False. Keep the system
configuration value HOST_STATS_ENABLED as True.
4. Enable Insights data export on PIC
5. Select the dimensions for data export to Insights Data Storage on PIC
Configure the dimensions that were previously configured on PRE in the same way on PIC. Except for the system
configuration values that are retrieved automatically from PRE, see Section 6.2.5, “PacketLogic Statistics Daemon
(PLSD)”.
Section 9.2.4, “Selecting dimensions for data export to Insights Data Storage”
223
6. Configure other system configuration values on PIC
Configure any other non-default system configuration values that were previously configured on PRE in the same way
on PIC. Except for the system configuration values that are retrieved automatically from PRE, see Section 6.2.5,
“PacketLogic Statistics Daemon (PLSD)”.
7. Remove Insights nodes as data collectors on PRE
Follow the procedure, but replace the set command with delete to delete a storage node.
8. Add Insights nodes as data collectors on PIC
See also
• Section 9.2.2, “Enabling Insights data export”
• Section 6.2.5, “PacketLogic Statistics Daemon (PLSD)”
• Section 9.2.4, “Selecting dimensions for data export to Insights Data Storage”
• Section 9.2.3, “Adding Insights data collectors”
224
10. IPFIX
10.1. IPFIX export
10.2. IPFIXObject
10.3. IPFIX export workflow
10.4. IPFIX elements
10.5. Transport protocols
10.6. Flow
10.7. Sampling
This chapter describes IPFIX elements and procedures for configuring export of IPFIX records from PacketLogic systems.
225
10. IPFIX
10.1. IPFIX export

Internet Protocol Flow Information Export (IPFIX) is a protocol for exporting IP flow information to a collector. You can use
PacketLogic to build and export IPFIX records according to the definitions in RFC7011. The PacketLogic system where IPFIX is
enabled receives connection data and builds IPFIX records, which are exported to configured collector systems.
Note
The PacketLogic must have a license for IPFIX export. This is shown in the CLI as IPFix: yes. For more
information, see PacketLogic CLI Reference Guide.
When the IPFIX export is running, you can monitor the operational status in a system diagnostics zone in PacketLogic Client.
For more information, see Section C.26, “Ipfix Exporter”.
See also
• Section C.26, “Ipfix Exporter”
• Section 10.3, “IPFIX export workflow”
• Section 10.4, “IPFIX elements”
• Section 10.5, “Transport protocols”
• Section 10.6, “Flow”
• Section 10.7, “Sampling”
10.2. IPFIXObject
IPFIX records are built according to a template. The template is configured in an IPFIXObject, which also has a list of IPFIX
collectors. The interval with which the templates are sent to the collector is determined by the system configuration value
STATISTICS_CONNECTION_UPDATE_INTERVAL in the Connection Handling folder (5 minutes by default). Statistics rules are
used to match traffic to the IPFIXObjects. Rules that are already in use by a StatisticsObject can be used for IPFIXObjects.
See also
• Section 10.2.2, “Collector”
• Section 10.3.1, “Configuring an IPFIXObject”
10.2.1. Template
IPFIX records are built according to a template. The template is configured in an IPFIXObject, which also has a list of IPFIX
collectors. The interval with which the templates are sent to the collector is determined by the system configuration value
STATISTICS_CONNECTION_UPDATE_INTERVAL in the Connection Handling folder (5 minutes by default). Statistics rules are
used to match traffic to the IPFIXObjects. Rules that are already in use by a StatisticsObject can be used for IPFIXObjects.
226
10. IPFIX
The templates specify the format in which the data will be built and which values that will be exported in the IPFIX records. You
can export standard IPFIX elements and enterprise-specific elements. For a list of all available elements, see Section 10.4,
“IPFIX elements”.
Some of the enterprise-specific elements require additional specifications to point out the relevant values to be exported.
• Specify the name of a property of the flow for proceraProperty in the Value box. To separate different types of properties,
the data will be exported in the format property_type=property_value. For example, the property Device name with the value
computer will be exported as Device name=computer.
• Specify a GeoLogic database column for proceraRemoteGeoIP in the Value box. To separate different GeoIP columns,
the data will be exported in the format column_name=column_value. For example, the column country with the value USA
will be exported as country=USA.
• Specify Session Context data provisioned by PSM on the format schema_name/column_name in the Value box. For
example, session/subscriberOid.
• Specify the path to a ServiceObject by entering the root, which is the level of the ServiceObject tree where the path should
start, in the Value box, and the depth, which is how deep the path should go from that point, in the Depth list. See the
examples below.
EXAMPLE 10.1 Root and depth configuration of proceraServiceObject element
Assume that the IPFIX exporter is exporting an HTTP connection that matches the ServiceObject path Procera Networks
Categorization/Categories/Web Browsing/HTTP.
• If you set the root to Procera Networks Categorization/Categories and the depth to 1, the string "Web Browsing" is exported.
• If you set the root to Procera Networks Categorization/Categories and the depth to 2, the string "Web Browsing/HTTP"
is exported.
EXAMPLE 10.2 Multiple matches for proceraServiceObject element
Assume that the IPFIX exporter is exporting an HTTP connection. The HTTP connection matches both of the following
ServiceObject paths:
Procera Networks Categorization/Categories/Web Browsing/HTTP

Procera Networks Categorization/Protocols/HTTP
If you set the root to either Procera Networks Categorization/Categories or to Procera Networks Categorization/Protocols, you
specify which part of the ServiceObject tree to include in the IPFIX export.
See also
• Section 10.1, “IPFIX export”
• Section 10.3.3, “Changing IPFIX system configuration values”
10.2.2. Collector
You can export records build by an IPFIXObject to one or more IPFIX collectors. This allows flexible collector configurations that
can be set up to be redundant, load balancing, or both. At least one collector must be added in the IPFIXObject, otherwise no
IPFIX records will be exported for the object.
227
10. IPFIX
Redundant IPFIX export configuration

Each IPFIXObject exports the IPFIX records to multiple collector systems, by having two or more collectors configured.
Load balanced IPFIX export configuration

Each IPFIXObject exports IPFIX records for a subset of the traffic. Two or more statistics rules that match different subsets
of the traffic are linked to separate IPFIXObjects that each has different collectors configured.
Redundant and load balanced IPFIX export configuration

Multiple collectors are added per IPFIXObject in a load balanced IPFIX export configuration.
See also
10.3. IPFIX export workflow

1. Configure an IPFIXObject
You configure IPFIXObjects to build IPFIX records for export to an IPFIX collector.
Section 10.3.1, “Configuring an IPFIXObject”
2. Configure a statistics rule
You configure a statistics rule to select which traffic that will be used to build IPFIX records.
Section 10.3.2, “Configuring a statistics rule for IPFIX”
3. Enable IPFIX export
Set the system configuration value IPFIX_ENABLED to True.
You change IPFIX system configuration values to enable or configure IPFIX export.
Section 10.3.3, “Changing IPFIX system configuration values”
4. Configure IPFIX flow definition
Specify the flow definition with the system configuration value IPFIX_FLOW_DEFINITION. For more information, see
Section 10.6, “Flow”.
5. Configure IPFIX sampling percentage
Specify the sampling percentage with the system configuration value IPFIX_SAMPLING_PERCENT. For more information,
see Section 10.7, “Sampling”.
228
10. IPFIX
See also
• Section 10.3.1, “Configuring an IPFIXObject”
• Section 10.3.2, “Configuring a statistics rule for IPFIX”
10.3.1. Configuring an IPFIXObject

You configure IPFIXObjects to build IPFIX records for export to an IPFIX collector.
To configure an IPFIXObject
3. In the navigation pane, expand the Objects folder.
4. Select the IPFXObjects folder.
7. On the Template tab, in the Available Fields list, click a field, and then click the right-pointing arrow to add the field
to the template.
Repeat this step to add all the fields that you want to export.
8. If the field requires additional specification, enter any data in the Value box and/or Depth list. For more information,
see Section 10.2.1, “Template”.
9. On the Collectors tab, click the plus icon.
10. In the Dialog, type the IPv4 address and port of a collector, and then click OK.
Repeat this step if you want to add another collector.
See also
10.3.2. Configuring a statistics rule for IPFIX

You configure a statistics rule to select which traffic that will be used to build IPFIX records.
229
10. IPFIX
To configure a statistics rule
3. In the navigation pane, select the Statistics rules folder.
4. On the File menu, point to New, and then click Rule.
5. In the Rule name box, type a name.
6. In the workspace, click the plus icon, point to Add Condition, and then click New Condition.
For more information about how to configure conditions, see Section 6.6.2.1, “Use conditions to create rules” in
7. In the navigation pane, expand the new rule and click IPFIXObjects.
8. In the Available list, click an IPFIXObject, and then click the right-pointing arrow to add the object to the rule.
Repeat this step if you want to add more objects.
See also
10.3.3. Changing IPFIX system configuration values

To change IPFIX system configuration values
2. On the Edit menu, click System Configuration.
3. In the navigation pane, expand the IPFIX folder.
4. Select a system configuration value.
5. In the Value list, type the new value.
See also
10.4. IPFIX elements

You can export standard IPFIX elements and enterprise-specific elements.
230
10. IPFIX
Subscriber identifying values are obfuscated by default when statistics are exported as IPFIX records. For more information, see
Section 5.6, “Subscriber identity integrity”.
See also
• Section 10.4.1, “Standard IPFIX elements”
• Section 10.4.2, “Enterprise-specific IPFIX elements”
• Section 5.6, “Subscriber identity integrity”
10.4.1. Standard IPFIX elements

You can export the following standard IPFIX elements, which are described in RFC7011.
Name IPFIX element ID
bgpDestinationAsNumber 17
bgpSourceAsNumber 16
destinationIPv4Address 12
destinationIPv6Address 28
destinationTransportPort 11
egressInterface 14
flowEndMilliseconds 153
flowStartMilliseconds 152
flowEndSeconds 151
flowStartSeconds 150
ingressInterface 10
observationPointId 138
octetTotalCount 85
packetTotalCount 86
postNAPTDestinationTransportPort 228
postNAPTSourceTransportPort 227
postNATDestinationIPv4Address 226
postNATSourceIPv4Address 225
protocolIdentifier 4
sourceIPv4Address 8
sourceIPv6Address 27
sourceTransportPort 7
231
10. IPFIX
See also
10.4.2. Enterprise-specific IPFIX elements

The table lists enterprise-specific IPFIX elements. The enterprise-specific ID of an element is composed by adding the enterprise
base ID, which is 32768, to the element ID in the table. For example, for proceraApn with element ID = 35, it is 32768 + 35
= 32803.
Name Procera Data type Description

Element ID
proceraApn 35 string Exports the APN of the flow. Requires a NetObject

or Session Context data provisioned by PSM.
The NetObject or Session Context column that
contains the APN information is specified in the
proceraApn field in the IPFIXObject in the Objects
& Rules Editor.
proceraBaseService 2 string Exports the base service of the flow.
proceraChargingId 48 unsigned32 Exports the charging id of the flow. Requires a

NetObject or Session Context data provisioned
by PSM. The NetObject or Session Context
column that contains the charging id information
is specified in the proceraChargingId field in the
IPFIXObject in the Objects & Rules Editor.
proceraContentCategories 16 string Exports a comma separated list containing the

ContentLogic categories of the flow.
proceraDeviceId 32 unsigned64 Exports the id (IMEI) of the device. Requires a

NetObject or Session Context data provisioned by
PSM. The NetObject or Session Context column
that contains the IMEI information is specified in
the proceraDeviceId field in the IPFIXObject in the
Objects & Rules Editor.
proceraExternalJitter 68 signed32 The jitter value is the variance of the external RTT
samples. The value -1 represents 'no data'.
proceraExternalRtt 12 signed32 Exports the external RTT of the flow. If no

external RTT measurement is available for the
flow, proceraExternalRtt will export the value -1. If
the external RTT is measured and rounded to 0,
proceraExternalRtt will export the value 0.
proceraFlowBehavior 15 string Exports a comma separated list containing the XFB

flags of the flow.
proceraGenericSessionContext 71 string Exports the value of a Session Context column

provisioned by PSM. The SessionContext column
is specified in the proceraGenericSessionContext
field in the IPFIXObject in the Objects
& Rules Editor. You can add multiple
proceraGenericSessionContext fields.
232
10. IPFIX

Element ID
The value is exported in the format
session_context_column=value. For more
proceraGgsn 37 string Exports information about the GGSN that the

flow belongs to. Requires a NetObject or Session
Context data provisioned by PSM. The NetObject
or Session Context column that contains the
GGSN information is specified in the proceraGgsn
field in the IPFIXObject in the Objects & Rules
Editor.
proceraHttpContentType 21 string Exports the HTTP content type of the flow.
proceraHttpFileLength 25 unsigned32 Exports the HTTP file size of the flow.
proceraHttpLanguage 27 string Exports the HTTP language of the flow.
proceraHttpLocation 26 string Exports the HTTP location of the flow.
proceraHttpReferer 23 string Exports the HTTP referer of the flow.
proceraHttpRequestMethod 19 string Exports the HTTP request method of the flow.
proceraHttpRequestVersion 46 string Exports the HTTP request version of the flow.
proceraHttpResponseStatus 24 unsigned16 Exports the HTTP response status of the flow.
proceraHttpUrl 22 string Exports the URL of the flow.
proceraHttpUserAgent 20 string Exports the HTTP user agent of the flow.
proceraImsi 30 unsigned64 Exports the IMSI of the flow. Requires a NetObject

or Session Context data provisioned by PSM.
The NetObject or Session Context column that
contains the IMSI information is specified in the
proceraImsi field in the IPFIXObject in the Objects
& Rules Editor.
proceraIncomingDot1qPriorityLevel1 59 signed8 Exports the PCP (priority code point) of the

outermost VLAN header for incoming traffic. A
value of -1 means that no VLAN priority data is
available for this level.
proceraIncomingDot1qPriorityLevel2 60 signed8 Exports the PCP (priority code point) of the VLAN
header on level 2 for incoming traffic. A value of
-1 means that no VLAN priority data is available for
this level.
this level.
this level.
233
10. IPFIX

Element ID
proceraIncomingDot1qVlanIdLevel1 51 usigned16 Exports the ID of the outermost VLAN header for

incoming traffic.
proceraIncomingDot1qVlanIdLevel2 52 usigned16 Exports the ID of the VLAN header on level 2 for

incoming traffic.

incoming traffic.

incoming traffic.
proceraIncomingDscp 49 unsigned8 Exports the DSCP value for the incoming traffic of
the flow.
proceraIncomingOctets 3 unsigned64 Exports the number of incoming bytes of the flow.
proceraIncomingPackets 5 unsigned64 Exports the number of incoming packets of the

flow.
proceraIncomingShapingDrops 9 unsigned32 Exports the number of incoming packets that have

been dropped from the flow due to shaping of the
traffic.
proceraIncomingShapingLatency 7 unsigned16 Exports the latency introduced by shaping of

incoming packets of a flow in milliseconds.
proceraInternalJitter 67 signed32 The jitter value is the variance of the internal RTT
samples. The value -1 represents 'no data'.
proceraInternalRtt 11 signed32 Exports the internal RTT of the flow. If no

internal RTT measurement is available for the
flow, proceraInternalRtt will export the value -1. If
the internal RTT is measured and rounded to 0,
proceraInternalRtt will export the value 0.
proceraLocalIPv4Host 42 ipv4Address Exports the IPv4 address of the localhost of the

flow.
proceraLocalIPv6Host 43 ipv6Address Exports the IPv6 address of the localhost of the

flow.
proceraMsisdn 29 unsigned64 Exports the MSISDN of the flow. Requires a

that contains the MSISDN information is specified
in the proceraMsisdn field in the IPFIXObject in the
proceraOutgoingDot1qPriorityLevel1 63 signed8 Exports the PCP (priority code point) of the

outermost VLAN header for outgoing traffic. A
value of -1 means that no VLAN priority data is
available for this level.
proceraOutgoingDot1qPriorityLevel2 64 signed8 Exports the PCP (priority code point) of the VLAN
this level.
234
10. IPFIX

Element ID
this level.
this level.
proceraOutgoingDot1qVlanIdLevel1 55 unsigned16 Exports the ID of the outermost VLAN header for

outgoing traffic.
proceraOutgoingDot1qVlanIdLevel2 56 unsigned16 Exports the ID of the VLAN header on level 2 for

outgoing traffic.

outgoing traffic.

outgoing traffic.
proceraOutgoingDscp 50 unsigned8 Exports the DSCP value for the outgoing traffic of
the flow.
proceraOutgoingOctets 4 unsigned64 Exports the number of outgoing bytes of the flow.
proceraOutgoingPackets 6 unsigned64 Exports the number of outgoing packets of the

flow.
proceraOutgoingShapingDrops 10 unsigned32 Exports the number of outgoing packets that have

been dropped from the flow due to shaping of the
traffic.
proceraOutgoingShapingLatency 8 unsigned16 Exports the latency introduced by shaping of

outgoing packets of a flow in milliseconds.
proceraProperty 17 string Exports the specified property of the flow in the

format property_type=property_value. For more
proceraQoeIncomingExternal 39 float32 Exports the quality of experience for incoming

traffic on the external interface, in form of a
value between 0 and 100 %. If there are
no metrics to use in the QoE calculation, the
proceraQoeIncomingExternal will export the value
-1.
proceraQoeIncomingInternal 38 float32 Exports the quality of experience for incoming

traffic on the internal interface, in form of a
-1.
proceraQoeOutgoingExternal 41 float32 Exports the quality of experience for outgoing

traffic on the external interface, in form of a
235
10. IPFIX

Element ID
-1.
proceraQoeOutgoingInternal 40 float32 Exports the quality of experience for outgoing traffic

on the internal interface, in form of a value between
0 and 100 %. If there are no metrics to use in the
QoE calculation, the proceraQoeIncomingExternal
will export the value -1.
proceraRat 31 string Exports the 3GPP RAT of the flow. Requires a

that contains the RAT information is specified in the
proceraRat field in the IPFIXObject in the Objects
& Rules Editor.
proceraRemoteIPv4Host 44 ipv4Address Exports the IPv4 address of the remote host of the
flow.
proceraRemoteIPv6Host 45 ipv6Address Exports the IPv6 address of the remote host of the
flow.
proceraRemoteGeoIP 70 string Exports the value of the specified

GeoLogic database column in the
format column_name=column_value. For more
proceraRnc 34 unsigned16 Exports the local RNC id of the flow. Requires a

that contains the RNC information is specified
in the proceraRnc field in the IPFIXObject in the
proceraServerHostname 18 string Exports the server hostname of the flow.
proceraService 1 string Exports the application protocol of the flow.
proceraServiceObject 69 string Exports a path from the ServiceObject tree. You

need to specify a ServiceObject in the IPFIXObject
in the Objects & Rules Editor. You can configure
the parameters root and depth for the element.
The root specifies the level of the ServiceObject
tree where the path should start. The depth
specifies how deep the path should go from that
point. For more information, see Section 10.2.1,
“Template”.
proceraSgsn 33 string Exports the SGSN of the flow. Requires a

that contains the SGSN information is specified
in the proceraSgsn field in the IPFIXObject in the
236
10. IPFIX

Element ID
proceraSubscriberIdentifier 28 string Exports the subscriber identity of the flow.

Requires a NetObject or Session Context data
provisioned by PSM. The NetObject or Session
Context column that contains the subscribers is
specified in the proceraSubscriberIdentifier field in
the IPFIXObject in the Objects & Rules Editor.
proceraTemplateName 47 string Exports the name of the IPFIXObject that specifies

the template.
proceraUserLocationInformation 36 string Exports the user location information of the

flow. Requires a NetObject or Session Context
data provisioned by PSM. The NetObject
or Session Context column that contains
the user location information is specified in
the proceraUserLocationInformation field in the
IPFIXObject in the Objects & Rules Editor.
See also
10.5. Transport protocols

The transport protocol used to export IPFIX records is by default User Datagram Protocol (UDP), but you can also
use Stream Control Transmission Protocol (SCTP). You change the protocol with the system configuration value
IPFIX_TRANSPORT_PROTOCOL.
The maximum length of the IPFIX message is 1472 bytes by default. If you use UDP to export IPFIX records, the maximum
message length cannot be larger than the maximum transmission unit (MTU) according to RFC7011. You change the protocol
with the system configuration value IPFIX_MESSAGE_MAX_LENGTH.
See also
10.6. Flow
The IPFIX flow definition specifies how often records are exported. With intermediate flow configured, you can export records
for parts of connections (flows) and increase the time resolution of the collected data. The IPFIX_FLOW_DEFINITION system
configuration value can have the value 0 = intermediate flow (default value), or 1 = full flow.
Intermediate flow
Intermediate flow means that one IPFIX record is exported per PacketLogic connection and statistics connection update
interval. The STATISTICS_CONNECTION_UPDATE_INTERVAL system configuration value in the Connection Handling
folder defines this interval.
237
10. IPFIX
If a connection was created and terminated within the same interval, the start time and end time of the IPFIX record are
the same as for the connection. That is, the start time is when the connection was first seen in Engine. The end time is
the time when the connection was terminated and the final connection update was sent from Engine to the PacketLogic
Statistics Daemon (PLSD).
However, if the connection lasts for more than one statistics connection update interval, it is split over multiple IPFIX
records. The first record has the same start time as the connection. The end time corresponds to the time when the last
connection update for the current statistics connection update interval was sent from Engine.
Note
The end time of the statistics connection update interval is the time when the connection update for
the interval was sent from Engine to PLSD. This time can be anytime within the last connection update
interval of the statistics connection update interval. The CONNECTION_UPDATE_INTERVAL system
configuration value in the Connection Handling folder defines the connection update interval.
The next one or more IPFIX records have the start time set to the same value as the end time of the previous record. The
end time of the last record is when the connection was terminated and the final connection update was sent to PLSD.
EXAMPLE 10.3 Start time and end time of IPFIX records
The figure illustrates the start time and end time of two connections, (1) and (2). The first connection (1) starts and ends
within the same statistics connection update interval (3) and corresponds to one IPFIX record. The start time of the record
is t0 and the end time is t1.
The second connection (2) spans over three statistics connection update intervals and corresponds to three IPFIX records.
The first record has start time t2 and end time t3, the next record has start time t3 and end time t4, and the last record has
start time t4 and end time t5. The end time of the first and second records is anytime within the last connection update
interval (4) of the statistics connection update interval.
The start time for records with intermediate flow is handled differently in cases where PLSD connects (or reconnects) to
the PacketLogic Daemon (PLD). All IPFIX records, which correspond to a connection in the connection table in Engine at
the time when PLSD connects, get the start time set to the start of the current statistics connection update interval.
Full flow
In full flow, one connection in PacketLogic corresponds to one IPFIX record. The start time of the record is the start time
of the connection, which is when the connection was first seen in Engine. The end time is the time when the connection
was terminated and the final connection update was sent from Engine to PLSD.
See also
238
10. IPFIX
10.7. Sampling
You can reduce the number of exported IPFIX records by configuring IPFIX sampling. The sampling is performed on connections,
not on statistics update intervals or IPFIX records. This means that when a connection is selected by the sampling process, all
IPFIX records relating to that connection will be exported.
• In full flow configurations, each connection that is selected by the sampling process will result in one flow and one IPFIX
record.
• In intermediate flow configurations, a connection may result in one or more flows. If the connection is selected by the
sampling process, each flow in that connection will result in an IPFIX record.
You specify the percentage of connections that will be used in the IPFIX record sample with the system configuration value
IPFIX_SAMPLING_PERCENT.
See also
• Section 10.6, “Flow”
239
240
11. Connection logging
11.1. About connection logging
11.2. Configuring a statistics rule to log connections
11.3. Connection search
This chapter describes how to log and search connection statistics.
241
11.1. About connection logging

For each statistics rule where connection logging is enabled, PacketLogic will store information about each and every accepted
connection matched by the rule in a very optimized way. You can use the Connection Search tool in PacketLogic Client to
search for connections with specific properties. With the connection search, connections to and from an IP address, at a specific
point in time, using a specific application or port, and so on, can easily be identified. This makes network forensics considerably
easier and is a powerful tool for abuse management and network control. It is resource expensive to store all connections in a
database like this, but the information can be invaluable.
Note
You need a license to use connection logging and connection search. This is shown as Connection search:
yes in the CLI. For more information, see the PacketLogic CLI Reference Guide.
You configure the search functionality with the system configuration value PLS_CONNLOG_SEARCHABLE_CRITERIAS in the
Statistics folder. This system configuration value holds a comma-separated list of criteria available for searches in the connection
log. An empty list means that all criteria will be searchable. Performance and storage space are greatly affected by connection
logging, therefore you should only select relevant searchable criteria. For more information about performance configuration and
considerations, see Section 6.5, “Performance considerations”.
The following criteria are available:
• SERVER
• CLIENT
• CLIENTPORT
• SERVERPORT
• PROTOCOL
• SERVICE
• SERVERHOST
• HOST
• VNO (Visible NetObject)
• SERVER_IPV6
• CLIENT_IPV6
• HOST_IPV6
• NATCLIENT
• NATSERVER
• NATHOST
• NATCLIENTPORT
• NATSERVERPORT
All connection logging data will be stored regardless of how many searchable criteria are selected, but only the selected criteria,
along with start time and end time of the connection, will be available as search criteria in the Connection Search tool in
PacketLogic Client. The connection logging only stores information about the connections, and not the corresponding packet
242
data. To obtain entire packets for debugging purposes, use the Monitor Interface option in a filtering rule to duplicate packets to
the PacketLogic PCAP Writer or to a packet analysis tools. For more information, see Section 7.10.4, “Monitor” in PacketLogic
For every connection, the following information will be stored and available for display in the client when you perform a connection
search:
• Start Time
• End Time
• Client
• Server
• Client Port
• Server Port
• Protocol
• Service
• Server Hostname
• Incoming
• Outgoing
• Flags
• NetObjects
• Rewrite Client Address
• Rewrite Client Port
• Rewrite Server Address
• Rewrite Server Port
See also
11.2. Configuring a statistics rule to log connections

You log connections to enable searches based on connection properties.
To configuring a statistics rule to log connections
243
3. In the navigation pane, expand the Statistics rules folder, and select a statistics rule.
4. In the workspace, select the Enable connection log check box.
See also
11.3. Connection search

The Connection Search is a tool that uses search criteria—for example host, service, protocol, or a time interval—to search
for connections. Connection logging data for all connections that have passed through the PacketLogic, and that matched a
statistics rule where connection logging is enabled, will be stored and is available for connection search.
EXAMPLE 11.1 Connection search example
A set of hosts connect to the Internet through a NAT appliance. An abuse case is reported which states that someone
from the host 1.2.3.4 has attacked their web server. The host 1.2.3.4 is the external interface of the NAT appliance and the
PacketLogic is placed behind the NAT, to be able to log the connections made by the private hosts. A search for the host name
"www.webserver.com" returns the results of which private address that has performed the attack.
The connection search takes a set of criteria as input and returns a result set. Searching will query the connection database
for connections that match the criteria. The criteria only support exact positive matches, thus, it is not possible to search for
something which is NOT EQUAL to something. Criteria that are not defined are set to ANY. At least one criterion must be
given to perform a search.
The following search criteria are available:
• Client: The IPv4 address, IPv6 address, or port of the client. It can be entered as an exact match or as s range.
• Server: The IPv4 address, IPv6 address, port, or host name of the server. IP addresses and ports can be entered as an
exact match or as a range.
• Host: The IPv4 or IPv6 address of the client or the server. It can be entered as an exact match or as a range.
• Start Time Interval: A time interval during which the connection was initiated.
• End Time Interval: A time interval during which the connection ended.
• Service: The service.
• Protocol: The protocol.
• Visible NetObject: The visible NetObject.
• Rewrite Client: The IPv4 address or port after NAT rewrite of the client. It can be entered as an exact match or as a range.
• Rewrite Server: The IPv4 address or port after NAT rewrite of the server. It can be entered as an exact match or as a range.
244
• Rewrite Host: The IPv4 address of the client or the server after NAT rewrite It can be entered as an exact match or as
a range.
The Start Time Interval and End Time Interval criteria will always be available when performing a connection search. Use End
Time Interval as a search criterion to effectively limit the search result.
To optimize the search, only specify the necessary fields. The more criteria added to the search, the more specific the result will
be, but it will take longer time to produce the results. For example, search only the service "http", instead of the service "http",
the Protocol "TCP", and the Server Port "80". Both "TCP" and "80" are obvious information in this case.
See also
• Section 11.3.1, “Searching for connections”
11.3.1. Searching for connections

You perform a search to see connection logging statistics.
To search for connections
2. On the Tools menu, click Connection Search.
3. In the Connection Search window, click Add Criteria, and click the criteria you want to search by.
4. Enter values for the added criteria, and then click Search.
See also
245
246
Appendix A. Statistics fields
The field references use the following structure:
The name of the field
A description of the field
Unit The unit of the field metric
StatisticsObject field name The field name used in the StatisticsObject field configuration in
Python API field name The field name used in the Python API
Report Studio field name The field name used in Report Studio
SQL interface field name The field name used in the SQL interface
Insights Data Storage column name The column name used in Insights Data Storage
A.1. Traffic statistics total fields

Incoming Bytes
The downstream volume.
Unit bytes
StatisticsObject field name Incoming Bytes
Python API field name bytes in
Report Studio field name Incoming_Bytes
SQL interface field name bytes_in
Insights Data Storage column name bytes_in
Outgoing Bytes
The upstream volume.
Unit bytes
StatisticsObject field name Outgoing Bytes
Python API field name bytes out
Report Studio field name Outgoing_Bytes
SQL interface field name bytes_out
Insights Data Storage column name bytes_out
Total Bytes
Total Bytes is calculated from Incoming Bytes and Outgoing Bytes.
Unit bytes
247
Total Bytes
StatisticsObject field name This field is not selectable in the field configuration of a StatisticsObject.
Python API field name bytes total
Report Studio field name Total_Bytes
SQL interface field name bytes_total
Incoming Shaping Dropped Bytes
The number of incoming bytes dropped due to shaping.
StatisticsObject field name Incoming Shaping Dropped Bytes
Python API field name shaping byte drops in
SQL interface field name bytedrops_in
Insights Data Storage column name policy_bytes_dropped_in
Outgoing Shaping Dropped Bytes
The number of outgoing bytes dropped due to shaping.
StatisticsObject field name Outgoing Shaping Dropped Bytes
Python API field name shaping byte drops out
SQL interface field name bytedrops_out
Insights Data Storage column name policy_bytes_dropped_out
Connections
The total number of connections.
StatisticsObject field name Connections
Python API field name connections
Report Studio field name Connections
SQL interface field name conns
Unestablished Connections
The number of unestablished connections.
StatisticsObject field name Unestablished Connections
Python API field name unest. connections
Report Studio field name Unestablished_Connections
SQL interface field name uconns
Incoming Connections
The number of incoming connections.
248
Incoming Connections
StatisticsObject field name Incoming Connections
Python API field name inbound connections
Report Studio field name Incoming_Connections
SQL interface field name conns_in
Insights Data Storage column name connections_in
Outgoing Connections
The number of outgoing connections.
StatisticsObject field name Outgoing Connections
Python API field name outbound connections
Report Studio field name Outgoing_Connections
SQL interface field name conns_out
Insights Data Storage column name connections_out
Incoming Unestablished Connections
The number of incoming unestablished connections.
StatisticsObject field name Incoming Unestablished Connections
Python API field name inbound unest. connections
Report Studio field name Incoming_Unestablished_Connections
SQL interface field name uconns_in
Insights Data Storage column name connections_unestablished_in
Outgoing Unestablished Connections
The number of outgoing unestablished connections.
StatisticsObject field name Outgoing Unestablished Connections
Python API field name outbound unest. connections
Report Studio field name Outgoing_Unestablished_Connections
SQL interface field name uconns_out
Insights Data Storage column name connections_unestablished_out
Incoming concurrent connections (Peak)
The maximum number of concurrent incoming connections during the time interval.
StatisticsObject field name Incoming concurrent connections
Python API field name concurrent connections in
249
Incoming concurrent connections (Peak)
Report Studio field name Incoming_concurrent_connections__Peak_
SQL interface field name curconns_in
Insights Data Storage column name connections_concurrent_in
Outgoing concurrent connections (Peak)
The maximum number of concurrent outgoing connections during the time interval.
StatisticsObject field name Outgoing concurrent connections
Python API field name concurrent connections out
Report Studio field name Outgoing_concurrent_connections__Peak_
SQL interface field name curconns_out
Insights Data Storage column name connections_concurrent_out
Incoming Shaping Dropped Packets
The number of incoming packet shaping drops.
StatisticsObject field name Incoming Shaping Dropped Packets
Python API field name shaping drops in
Report Studio field name Incoming_Dropped_Packets
SQL interface field name pktdrops_in
Insights Data Storage column name policy_packet_drops_in
Outgoing Shaping Dropped Packets
The number of outgoing packet shaping drops.
StatisticsObject field name Outgoing Shaping Dropped Packets
Python API field name shaping drops out
Report Studio field name Outgoing_Dropped_Packets
SQL interface field name pktdrops_out
Insights Data Storage column name policy_packet_drops_out
Incoming Packets
The number of incoming packets.
StatisticsObject field name Incoming Packets
Python API field name packets in
Report Studio field name Incoming_Packets
SQL interface field name packets_in
250
Incoming Packets
Insights Data Storage column name packets_in
Outgoing Packets
The number of outgoing packets.
StatisticsObject field name Outgoing Packets
Python API field name packets out
Report Studio field name Outgoing_Packets
SQL interface field name packets_out
Insights Data Storage column name packets_out
Incoming Avg Latency
The average time in milliseconds that incoming packets are buffered due to shaping. Depending on how a ShapingObject is
configured, latency is added to packets belonging to connections that match the shaping rules linked to the object.
See the PacketLogic Real-Time Enforcement Product Guide for information about traffic shaping.
Unit ms
StatisticsObject field name Incoming Avg Latency
Python API field name avg latency in
Report Studio field name Incoming_Avg_Latency
SQL interface field name avg_latency_in
Insights Data Storage column name policy_latency_in
Outgoing Avg Latency
The average time in milliseconds that outgoing packets are buffered due to shaping. Depending on how a ShapingObject is
See the PacketLogic Real-Time Enforcement Product Guide for information about traffic shaping.
Unit ms
StatisticsObject field name Outgoing Avg Latency
Python API field name avg latency out
Report Studio field name Outgoing_Avg_Latency
SQL interface field name avg_latency_out
Insights Data Storage column name policy_latency_out
Sub-Item Count
Sub-Item Count is used in the Statistics viewer in PacketLogic Client. Separate sub-item count fields are included and
accounted for depending on the object types used in the distribution of the StatisticsObject. See Section A.6, “Sub-item
count statistics” for all types of sub-item counts.
251
Sub-Item Count
StatisticsObject field name Sub-Item Count
Report Studio field name Sub_Item_Count
Incoming Quality (Internal)
Incoming Quality (Internal) is calculated by dividing the number of incoming packets dropped on the internal side of PRE by
the number of incoming TCP packets (Incoming Quality Packets).
See Section 5.4.1, “Connection quality measurement” for a description of the PacketLogic quality measurement.
Unit %
StatisticsObject field name Incoming Quality (Internal)
Python API field name in Quality internal
Report Studio field name Incoming_Quality__Internal_
SQL interface field name quality_int_in
Outgoing Quality (Internal)
Outgoing Quality (Internal) is calculated by dividing the number of outgoing packets dropped on the internal side of PRE by
the number of outgoing TCP packets (Outgoing Quality Packets).
Unit %
StatisticsObject field name Outgoing Quality (Internal)
Python API field name out Quality internal
Report Studio field name Outgoing_Quality__Internal_
SQL interface field name quality_int_out
Incoming Quality (External)
Incoming Quality (External) is calculated by dividing the number of incoming packets dropped on the external side of PRE by
the number of incoming TCP packets (Incoming Quality Packets).
Unit %
StatisticsObject field name Incoming Quality (External)
Python API field name in Quality external
Report Studio field name Incoming_Quality__External_
SQL interface field name quality_ext_in
Outgoing Quality (External)
Outgoing Quality (External) is calculated by dividing the number of outgoing packets dropped on the external side of PRE by
the number of outgoing TCP packets (Outgoing Quality Packets).
252

Unit %
StatisticsObject field name Outgoing Quality (External)
Python API field name out Quality external
Report Studio field name Outgoing_Quality__External_
SQL interface field name quality_ext_out
Internal Avg Handshake RTT
The average time in milliseconds for the internal handshake RTT (Round Trip Time). Note that the Handshake RTT metric
also contains RTT based on Timestamp option.
See also Section 5.4.2, “Handshake Round-Trip Time (RTT)” and Section 5.4.3, “Timestamp option based Round-
Trip Time (RTT)”.
Unit ms
StatisticsObject field name Internal Avg Handshake RTT
Python API field name avg rtt in
Report Studio field name Internal_Avg_Handshake_RTT
SQL interface field name rtt_in
External Avg Handshake RTT
The average time in milliseconds for the external handshake RTT (Round Trip Time). Note that the Handshake RTT metric
Trip Time (RTT)”.
Unit ms
StatisticsObject field name External Avg Handshake RTT
Python API field name avg rtt out
Report Studio field name External_Avg_Handshake_RTT
SQL interface field name rtt_out
Incoming Quality of Experience
Legacy field.
Unit %
Python API field name inbound Quality of experience
Outgoing Quality of Experience
Legacy field.
253
Unit %
Python API field name outbound Quality of experience
Incoming Quality Packets
The number of incoming TCP packets.
Python API field name in Quality packets
Report Studio field name Incoming_Quality_Packets
SQL interface field name quality_pkts_in
Insights Data Storage column name quality_packets_in
Outgoing Quality Packets
The number of outgoing TCP packets.
Python API field name out Quality packets
Report Studio field name Outgoing_Quality_Packets
SQL interface field name quality_pkts_out
Insights Data Storage column name quality_packets_out
Incoming Packet Drops
The number of dropped packets in incoming traffic on the external side of PRE. This field is stored automatically when
Incoming Quality (External) is selected in the Fields configuration.
For information about the PacketLogic quality measurement, see Section 5.4.1, “Connection quality measurement”.
Python API field name packet drops in
Insights Data Storage column name quality_packets_lost_ext_in
Outgoing Packet Drops
The number of dropped packets in outgoing traffic on the internal side of PRE. This field is stored automatically when
Outgoing Quality (Internal) is selected in the Fields configuration.
Python API field name packet drops out
Insights Data Storage column name quality_packets_lost_int_out
Incoming Packet Retransmissions
The number of retransmitted packets in incoming traffic on the internal side of PRE. This field is stored automatically when
Incoming Quality (Internal) is selected in the Fields configuration.
254

Python API field name packet retransmissions in
SQL interface field name quality_retr_in
Insights Data Storage column name quality_packets_lost_int_in
Outgoing Packet Retransmissions
The number of retransmitted packets in outgoing traffic on the internal side of PRE. This field is stored automatically when
Outgoing Quality (External) is selected in the Fields configuration.
Python API field name packet retransmissions out
SQL interface field name quality_retr_out
Insights Data Storage column name quality_packets_lost_ext_out
A.2. Traffic statistics graph fields

Incoming bps
The downstream throughput.
Unit bps
StatisticsObject field name Incoming Bytes
Python API field name bytes in
Unit can be selected when using the Python API (bps or bytes).
Report Studio field name Incoming_bps
SQL interface field name bytes_in
Insights Data Storage column name bps_in
Outgoing bps
The upstream throughput.
Unit bps
StatisticsObject field name Outgoing Bytes
Python API field name bytes out
Report Studio field name Outgoing_bps
SQL interface field name bytes_out
255
Outgoing bps
Insights Data Storage column name bps_out
Total bps
The total throughput. Total bps is calculated from Incoming Bytes and Outgoing Bytes.
Unit bps
StatisticsObject field name This field is not selectable in the field configuration of a StatisticsObject.
Python API field name bytes total
Report Studio field name Total_bps
Incoming Shaping Dropped Bytes
The number of incoming bytes dropped due to shaping.
StatisticsObject field name Incoming Shaping Dropped Bytes
Python API field name shaping byte drops in
SQL interface field name bytedrops_in
Outgoing Shaping Dropped Bytes
The number of outgoing bytes dropped due to shaping.
StatisticsObject field name Outgoing Shaping Dropped Bytes
Python API field name shaping byte drops out
SQL interface field name bytedrops_out
CPS
The rate of connections.
Unit cps
StatisticsObject field name Connections
Python API field name connections
Report Studio field name CPS
SQL interface field name cps
Unestablished CPS
The rate of unestablished connections.
Unit cps
StatisticsObject field name Unestablished Connections
256
Unestablished CPS
Python API field name unest. connections
Report Studio field name Unestablished_CPS
SQL interface field name ucps
Incoming CPS
The rate of incoming connections.
Unit cps
StatisticsObject field name Incoming Connections
Python API field name inbound connections
Report Studio field name Incoming_CPS
SQL interface field name cps_in
Outgoing CPS
The rate of outgoing connections.
Unit cps
StatisticsObject field name Outgoing Connections
Python API field name outbound connections
Report Studio field name Outgoing_CPS
SQL interface field name cps_out
Unestablished Incoming CPS
The rate of incoming unestablished connections.
Unit cps
StatisticsObject field name Incoming Unestablished Connections
Python API field name inbound unest. connections
Report Studio field name Unestablished_Incoming_CPS
SQL interface field name ucps_in
Unestablished Outgoing CPS
The rate of outgoing unestablished connections.
Unit cps
StatisticsObject field name Outgoing Unestablished Connections
Python API field name outbound unest. connections
Report Studio field name Unestablished_Outgoing_CPS
257
Unestablished Outgoing CPS
SQL interface field name ucps_out
Incoming concurrent connections
The maximum number of concurrent incoming connections during the graph time interval.
StatisticsObject field name Incoming concurrent connections
Python API field name inbound concurrent connections
Report Studio field name Incoming_concurrent_connections
SQL interface field name curconns_in
Outgoing concurrent connections
The maximum number of concurrent outgoing connections during the graph time interval.
StatisticsObject field name Outgoing concurrent connections
Python API field name outbound concurrent connections
Report Studio field name Outgoing_concurrent_connections
SQL interface field name curconns_out
Incoming Shaping Dropped Packets
The number of incoming packet shaping drops.
StatisticsObject field name Incoming Shaping Dropped Packets
Python API field name shaping drops in
Report Studio field name Incoming_Dropped_Packets
Outgoing Shaping Dropped Packets
The number of outgoing packet shaping drops.
StatisticsObject field name Outgoing Shaping Dropped Packets
Python API field name shaping drops out
Report Studio field name Outgoing_Dropped_Packets
Incoming Packets
The number of incoming packets.
StatisticsObject field name Incoming Packets
Python API field name packets in
258
Incoming Packets
SQL interface field name packets_in
Outgoing Packets
The number of outgoing packets.
StatisticsObject field name Outgoing Packets
Python API field name packets out
SQL interface field name packets_out
Incoming Avg Latency
The average time in milliseconds that incoming packets are buffered due to shaping. Depending on how a ShapingObject is
See the PacketLogic Product Guide for information about traffic shaping.
Unit ms
StatisticsObject field name Incoming Avg Latency
Python API field name avg shaping latency in
Report Studio field name Incoming_Avg_Latency
SQL interface field name avg_latency_in
Outgoing Avg Latency
The average time in milliseconds that outgoing packets are buffered due to shaping. Depending on how a ShapingObject is
See the PacketLogic Product Guide for information about traffic shaping.
Unit ms
StatisticsObject field name Outgoing Avg Latency
Python API field name avg shaping latency out
Report Studio field name Outgoing_Avg_Latency
SQL interface field name avg_latency_out
Sub-Item Count
The number of sub-items. Sub-Item Count is used in the Statistics viewer in PacketLogic client. Separate sub-item count
fields are included and accounted for depending on the object types used in the distribution of the StatisticsObject. See
Section A.6, “Sub-item count statistics” for all types of sub-item counts.
StatisticsObject field name Sub-Item Count
The internal incoming quality index. Incoming Quality (Internal) is calculated by dividing the number of incoming packets
dropped on the internal side of PRE by the number of incoming TCP packets (Incoming Quality Packets).
259

Unit %
StatisticsObject field name Incoming Quality (Internal)
Python API field name in quality internal
Report Studio field name Incoming_Quality__Internal_
SQL interface field name quality_int_in
Outgoing Quality (Internal)
The internal outgoing quality index. Outgoing Quality (Internal) is calculated by dividing the number of outgoing packets
dropped on the internal side of PRE by the number of incoming TCP packets (Outgoing Quality Packets).
Unit %
StatisticsObject field name Outgoing Quality (Internal)
Python API field name out quality internal
Report Studio field name Outgoing_Quality__Internal_
SQL interface field name quality_int_out
Incoming Quality (External)
The external incoming quality index. Incoming Quality (External) is calculated by dividing the number of incoming packets
dropped on the external side of PRE by the number of incoming TCP packets (Incoming Quality Packets).
Unit %
StatisticsObject field name Incoming Quality (External)
Python API field name in quality external
Report Studio field name Incoming_Quality__External_
SQL interface field name quality_ext_in
The external outgoing quality index. Outgoing Quality (External) is calculated by dividing the number of outgoing packets
dropped on the external side of PRE by the number of incoming TCP packets (Outgoing Quality Packets).
Unit %
StatisticsObject field name Outgoing Quality (External)
Python API field name out quality external
Report Studio field name Outgoing_Quality__External_
260
SQL interface field name quality_ext_out
Internal Avg Handshake RTT
The average time in milliseconds for the internal handshake RTT (Round Trip Time). Note that the Handshake RTT metric
Trip Time (RTT)”.
Unit ms
StatisticsObject field name Internal Avg Handshake RTT
Python API field name avg rtt in
Report Studio field name Internal_Avg_Handshake_RTT
SQL interface field name rtt_in
External Avg Handshake RTT
The average time in milliseconds for the external handshake RTT (Round Trip Time). Note that the Handshake RTT metric
Trip Time (RTT)”.
Unit ms
StatisticsObject field name External Avg Handshake RTT
Python API field name avg rtt out
Report Studio field name External_Avg_Handshake_RTT
SQL interface field name rtt_out
Incoming Quality of Experience
Legacy field.
Python API field name inbound quality of experience
Legacy field.
Python API field name outbound quality of experience
The number of incoming TCP packets during the time interval.
Python API field name in quality packets
Report Studio field name Incoming_Quality_Packets
261
Outgoing Quality Packets
The number of outgoing TCP packets during the time interval.
Python API field name out quality packets
Report Studio field name Outgoing_Quality_Packets
Incoming Packet Drops
The number of dropped packets in incoming traffic on the external side of PRE during the time interval. This field is stored
automatically when Incoming Quality (External) is selected in the Fields configuration.
Python API field name packet drops in
Outgoing Packet Drops
The number of dropped packets in outgoing traffic on the internal side of PRE during the time interval. This field is stored
automatically when Outgoing Quality (Internal) is selected in the Fields configuration.
Python API field name packet drops out
The number of retransmitted packets in incoming traffic on the internal side of PRE during the time interval. This field is
stored automatically when Incoming Quality (Internal) is selected in the Fields configuration.
Python API field name packet retransmissions in
SQL interface field name quality_retr_in
Outgoing Packet Retransmissions
The number of retransmitted packets in outgoing traffic on the external side of PRE during the time interval. This field is
stored automatically when Outgoing Quality (External) is selected in the Fields configuration.
Python API field name packet retransmissions out
SQL interface field name quality_retr_out
262
Incoming Link Utilization
The downstream link utilization index.
Unit %
Python API field name link utilization in
SQL interface field name link_utilization_in
Outgoing Link Utilization
The upstream link utilization index.
Unit %
Python API field name link utilization out
SQL interface field name link_utilization_out
Incoming link speed
The downstream link capacity.
Unit bps
Python API field name link speed in
SQL interface field name link_speed_in
Outgoing link speed
The upstream link capacity.
Unit bps
Python API field name link speed out
SQL interface field name link_speed_out
A.3. Channel statistics total fields

RX Packets
The number of received packets.
Python API field name RX packets
SQL interface field name rx_packets
TX Packets
The number of transmitted packets.
Python API field name TX packets
263
TX Packets
SQL interface field name tx_packets
RX Bytes
The received volume.
Unit bytes
Python API field name RX bytes
SQL interface field name rx_bytes
TX Bytes
The transmitted volume.
Unit bytes
Python API field name TX bytes
SQL interface field name tx_bytes
RX Errors
The number of receive errors.
Python API field name RX errors
SQL interface field name rx_errors
TX Errors
The number of transmit errors.
Python API field name TX errors
SQL interface field name tx_errors
RX Drops
The number of receive drops.
Python API field name RX drops
SQL interface field name rx_drops
TX Drops
The number of transmit drops.
Python API field name TX drops
SQL interface field name tx_drops
A.4. Channel statistics graph fields
264
RX Packets
The number of received packets.
Python API field name RX packets
SQL interface field name rx_packets
TX Packets
The number of transmitted packets.
Python API field name TX packets
SQL interface field name tx_packets
RX Speed
The receive speed.
Unit bps
Python API field name RX speed
SQL interface field name rx_bytes
TX Speed
The transmit speed.
Unit bps
Python API field name TX speed
SQL interface field name tx_bytes
RX Errors
The number of receive errors.
Python API field name RX errors
SQL interface field name rx_errors
TX Errors
The number of transmit errors.
Python API field name TX errors
SQL interface field name tx_errors
RX Drops
The number of receive drops.
265
RX Drops
Python API field name RX drops
SQL interface field name rx_drops
TX Drops
The number of transmit drops.
Python API field name TX drops
SQL interface field name tx_drops
A.5. NAT statistics fields

Port blocks (low)
The maximum number of concurrently allocated low range port blocks.
Python API field name Port blocks (low)
SQL interface field name port_blocks_low
Port blocks (high)
The maximum number of concurrently allocated high range port blocks.
Python API field name Port blocks (high)
SQL interface field name port_blocks_high
TCP ports (low)
The maximum number of concurrently allocated low range TCP ports.
Python API field name TCP ports (low)
SQL interface field name tcp_low_ports
TCP ports (high)
The maximum number of concurrently allocated high range TCP ports.
Python API field name TCP ports (high)
SQL interface field name tcp_high_ports
TCP port allocation failures (low)
The number of low range TCP port allocation failures.
Python API field name TCP port allocation failures (low)
SQL interface field name tcp_low_ports_alloc_errors
266
TCP port allocation failures (high)
The number of high range TCP port allocation failures.
Python API field name TCP port allocation failures (high)
SQL interface field name tcp_high_ports_alloc_errors
UDP ports (low)
The maximum number of concurrently allocated low range UDP ports.
Python API field name UDP ports (low)
SQL interface field name udp_low_ports
UDP ports (high)
The maximum number of concurrently allocated high range UDP ports.
Python API field name UDP ports (high)
SQL interface field name udp_high_ports
UDP port allocation failures (low)
The number of low range UDP port allocation failures.
Python API field name UDP port allocation failures (low)
SQL interface field name udp_low_ports_alloc_errors
UDP port allocation failures (high)
The number of high range UDP port allocation failures.
Python API field name UDP port allocation failures (high)
SQL interface field name udp_high_ports_alloc_errors
ICMP ports (low)
The maximum number of concurrently allocated low range ICMP ports.
Python API field name ICMP ports (low)
SQL interface field name icmp_low_ports
ICMP ports (high)
The maximum number of concurrently allocated high range ICMP ports.
Python API field name ICMP ports (high)
SQL interface field name icmp_high_ports
ICMP port allocation failures (low)
The number of low range ICMP port allocation failures.
267
ICMP port allocation failures (low)
Python API field name ICMP port allocation failures (low)
SQL interface field name icmp_low_ports_alloc_errors
ICMP port allocation failures (high)
The number of high range ICMP port allocation failures.
Python API field name ICMP port allocation failures (high)
SQL interface field name icmp_high_ports_alloc_errors
Outgoing translation failures (incompatible L4 protocol)
The outgoing translation failures due to incompatible L4 protocol.
Python API field name Outgoing translation failures (incompatible L4 protocol)
SQL interface field name l4_translation_errors_out
Outgoing translation failures (incompatible L4 protocol)
The outgoing translation failures due to incompatible L4 protocol.
Python API field name Outgoing translation failures (incompatible L4 protocol)
SQL interface field name l4_translation_errors_out
Sub-Item Count
Sub-item Count.
A.6. Sub-item count statistics

Sub-item count statistics are collected when configured in the fields configuration of the StatisticsObject.
The following types of sub-item counts are available:
Type SQL interface name
NetObject subitem_count_netobject
Local Host subitem_count_localhost
Local Vhost subitem_count_localvhost
Remote Vhost subitem_count_remotevhost
ServiceObject subitem_count_service_object
Service subitem_count_service
Internal ASpath subitem_count_int_aspath
External ASpath subitem_count_ext_aspath
268
Type SQL interface name
In Vlan ID subitem_count_vlan_in
XFB Flags subitem_count_xfbflag
IP Protocol subitem_count_ipprotocol
Remote Host subitem_count_remotehost
Link
Out Vlan ID subitem_count_vlan_out
In DCSP subitem_count_dscp_in
Out DCSP subitem_count_dscp_out
In Channel subitem_count_channel_in
Out Channel subitem_count_channel_out
In MPLS subitem_count_mpls_in
Out MPLS subitem_count_mpls_out
Base Service subitem_count_base_service
Origin AS subitem_count_origin_as
Property subitem_count_property
Internal BGP Community subitem_count_int_bgpcomm
External BGP Community subitem_count_ext_bgpcomm
Outgoing TTL subitem_count_ttl
269
270
Appendix B. System Configuration Values
B.1. Introduction
This section describes the system configuration values available in PacketLogic. The system configuration values are viewed
and modified in the System Configuration Editor in the PacketLogic client (see Section 3.22, “System Configuration Editor
window”).
The system configuration values are divided into sections according to the function they relate to. Values that are changed from
the default are marked in bold, and the sections in which changed values exist are also marked in bold.
For each value, the system configuration shows a brief description, default, minimum, and maximum values, and the current
value. A button to reset the value to the default is next to the current setting of the value. Information is shown on when the
value was last changed and by whom. The Requires field lists the components that need to be restarted for a change in
the value to take effect.
B.1.1. Exceeding minimum and maximum values

The hardware platforms PacketLogic is running on, are evolving and getting more and more powerful. Many system configuration
values have hard coded maximum values that in some hardware configurations are too small.
A soft limit mode is available for setting system configuration values outside of the recommended values. This makes the system
more flexible. To enable the soft limit mode open the System configuration editor, click on the value to change, and use the
shortcut Ctrl+Alt+i (Windows/Linux) or Cmd+Alt+i (Mac).
Warning
Setting a system configuration value outside of the recommended values increases the risk of damage
to the system. You must consult with your local Sandvine support representative before setting a system
configuration value outside of the recommended values. Fail to consult with Sandvine and all responsibility
will be transferred to you.
After the soft limit mode is enabled ANY positive or negative 64-bit number can be set.
Note
Entering a very large number will of course make no sense in most cases.
To set another value select the next value and use the shortcut again.
To exit the soft limit mode, the value must be set to between minimum and maximum recommended values, and the System
configuration editor must be restarted.
B.1.2. Restart Levels

For each restart, perform the following actions (restart commands are available in the CLI, see CLI commands (operational
mode) in PacketLogic CLI Reference Guide for details):
Restart Engine
On PL15000/PL20000 systems, restart the flow processors using the reboot-chassis-components command. On
all other systems, use the reload-core-services command.
Restart core services

Use the restart services core command.
Restart statistics service

Use the restart services statistics command.
271
Restart database service

Use the restart services database command.
Restart LB
Only applicable on PL15000/PL20000 systems. Restart the load balancers using the reboot-chassis-components
command.
Specific for PLOS platform

Indicates that the value only applies to non- PL15000/PL20000 traffic management systems (not statistics or PSM
systems).
Specific for PL20k platform

Indicates that the value only applies to PL15000/PL20000 systems.
Recompile ruleset
Requires a ruleset recompilation/reload to take effect.
B.2. BGP
BGP_ALLOW_IBGP_WITH_PREPEND
Allow iBGP connection to BGP-peer/server. BGP_MYAS will be prepended to each AS-path."
BGP_COMMUNITY_ENABLED
Enable displaying BGP communities
BGP_ENABLED
Enable the BGP function in PacketLogic
BGP_MAX_COMMUNITIES
Maximum number of communities in an UPDATE.
BGP_MYAS
BGP AS number this system will identify itself as. May not be same as the BGP-peer. Connection must be eBGP. Private
AS range is 64512-65534 inclusive for 16-bit AS numbers, 4200000000-4294967294 inclusive for 32-bit AS numbers.
BGP_PATH_CUTOFF
If non-zero, AS-paths will be limited to this number of hops
BGP_SERVER
Comma-separated list of IP addresses of remote BGP servers
BGP_TCP_MD5_PASSWORD
BGP TCP MD5 password (RFC2385)
B.3. Connection Handling

CONNECTION_PROT_HOST_FIFO_SIZE
Size of a fifo (first-in, first-out) queue, one per host, with time stamps for connections created by that host.
CONNECTION_PROT_HOST_MAX
The maximum number of connections for a host to use to calculate the connection rate.
CONNECTION_SEND_SHAPING_SPLITCOPY_INFO
Send shaping object stats to LiveView. Required in order to collect data properly for Shaping Object related filters and
distributions.
272
CONNECTION_SEND_UPDATES_FOR_UNESTABLISHED
Determines whether to send connection updates to LiveView and statistics for connections that has never reached an
established state.
CONNECTION_UPDATES_DDOS_FILTER
Determines whether connection updates to LiveView and statistics shall be filtered out for connections that have only
had one single packet transfered in total.
CONNECTION_UPDATE_INTERVAL
Interval in seconds between connection updates from engine
CONNPROT_MODE_DEST_HOST_ACCOUNTED
Enable/disable connection protection on single destination hosts.
CONNPROT_MODE_ESTABLISHED
Only account unestablished connections towards connection protection threshold.
CONNPROT_THRESHHOLD
Number of connections per second before enabling connection protection (0 disables connection protection)
DYNAMIC_NATCFG_CACHE_TIMEOUT
Number of seconds to wait before removing unused dynamic natcfg entries, to avoid subscribers switching IP addresses
between connections.
LLID_FIELDS
Which fields should be included when calculating the link-level hash.
MAX_CONNECTIONS
Maximum number of simultaneously accounted connections
MAX_CONNECTION_HOSTNAMES
Maximum number of connection hostnames
NAT_ALG_FTP
Enable NAT FTP ALG support
NAT_ALG_FTP_MAX_DATA_CONNECTIONS
Maximum number of open data connections per FTP session
NAT_ALG_PPTP
Enable NAT PPTP ALG support
NAT_ALG_PPTP_MAX_CALLS
Maximum number of calls per PPTP session
NAT_ALG_RTSP
Enable NAT RTSP ALG support
NAT_ALG_RTSP_MAX_STREAM_CHANNELS
Maximum number of open stream channels per RTSP session
NAT_DETERMINISTIC_MIN_POOL_SIZE
Least number of consecutive NAT addresses per pool. 0 disables functionality. Can be
{2,4,8,16,32,64,128,256,512,1024,2048,4096}. Needs to be active_fps^2 for even rebalancing, and each NAT exit
pool must contain only one IP range.
NAT_DETERMINISTIC_NAT_IP
Always assign a deterministic NAT IP for a source IP address. If no port blocks are available for that IP, the packet will
be dropped.
273
NAT_DYNAMIC_IP_SEARCH_LENGTH
The maximum number of IP address candidates allowed to test when chosing a rewrite IP address. A higher number may
result in slower searches but may give a better result.
NAT_EIF_ENABLED
Enable Endpoint-Independent Filtering (full cone) NAT behaviour.
NAT_EIF_ENTRIES
Number of passback entries to allocate, will never be less than MAX_CONNECTIONS * REDIRECT_HDR_PERCENT /
100.
NAT_EIF_FORWARD_UNKNOWN
Forward packets un-rewitten if destined to external NAT address but no passback was found for the port.
NAT_GENERIC_TTL
TTL in seconds for NATed generic connections
NAT_ICMP_TTL
TTL in seconds for NATed ICMP connections
NAT_NUM_SRC_ADDRS
Number of NAT ipaddresses configurable
NAT_PBA_GRANULARITY_HIGH
Default number of ports in each port block in the high port range (1024 and above) for NAT pools
NAT_PBA_GRANULARITY_LOW
Default number of ports in each port block in the low port range (1023 and below) for NAT pools. Value 0 disables the usage
of low NAT ports (low source ports will be NATed to high ports, if available). If set to 0 NAT_PBA_MAX_BLOCKS_LOW
must be set to 0
NAT_PBA_MAX_BLOCKS_HIGH
Default number of port blocks allowed in the high port range (1024 and above) per subscriber and pool
NAT_PBA_MAX_BLOCKS_LOW
Default number of port blocks allowed in the low port range (1023 and below) per subscriber and pool. If set to 0
NAT_PBA_GRANULARITY_LOW must be set to 0
NAT_PBA_MAX_POOLS
Maximum number of NAT pools configurable
NAT_PBA_NUM_PORTBLOCKS
Number of NAT portblocks
NAT_PBA_REUSE_FIRST
Allocate ports from blocks in ascending block allocation order
NAT_PBA_SYSLOG_TARGET
Where to send syslog events related to port block usage ( udp:<ip>:<port> )
NAT_PBA_SYSLOG_UPDATE_INTERVAL
How often (minutes) to send interim port block usage event log
NAT_SERVICE_TTL_USE_BASE_SERVICE
Use base service for service specific NAT TTL
NAT_TCP_CLOSING_TTL
TTL in seconds for NATed TCP connections in closing phase
NAT_TCP_ESTABLISHED_TTL
TTL in seconds for NATed TCP connections in established phase
274
NAT_TCP_PARTIAL_OPEN_TTL
TTL in seconds for NATed TCP connections in partial open phase
NAT_TCP_TIME_WAIT_TTL
TTL in seconds for NATed TCP connections in TIME-WAIT phase
NAT_UDP_INBOUND_REFRESH
Reset the TTL for NATed UDP connection on receiving an inbound packet
NAT_UDP_TTL
TTL in seconds for NATed UDP connections
NAT_UNHANDLED_PROTOCOLS
Rewrite source-ip of protocols that are otherwise not handled. Port block logging is not performed for these protocols.
REDIRECT_HDR_PERCENT
Percent of the total number of connections that are allowed to be rewritten as part of NAT. For example, 50 means 50%,
so half of connections can be rewritten.
REWRITE_LOG
Log connection rewrites
SHUNT_CONNECTION_FAILURES
Enable shunting traffic when a connection cannot be allocated, because the number of connections is too high. Shunted
traffic is not analyzed, accounted or managed, but immediately forwarded.
STATISTICS_CONNECTION_UPDATE_INTERVAL
The interval with which engine sends connection updates to statistics clients. Must be a multiple of and greater than
CONNECTION_UPDATE_INTERVAL.
TCPV4_TTL
TTL in seconds for established TCP connections
TCPV4_TTL_ASYMMETRIC
TTL in seconds for asymmetric TCP connections
TCPV4_TTL_BEING_ANALYZED
TTL in seconds for TCP connections with service Being Analyzed
TCPV4_TTL_UNTRACKED
TTL in seconds for untracked TCP connections
TCP_KEEP_RSTD_FLOWS
Keep TCP connections a short while after RST to handle lost/ignored RST
TCP_OUTOFSYNC_SEGMENTS_LIMIT
Number of TCP segments to buffer before marking a connection as out of sync
TCP_OUTOFWINDOW_SEGMENTS_LIMIT
Number of out of window TCP segments before marking a connection as out of sync
TCP_SEGMENT_TTL
TTL in seconds for segmented connections
TCP_TTL_CLOSED
TTL in seconds for closed TCP connections
TRIGGER_ON_CONNPROT_HOSTS
Send triggers when hosts are hitting connection protection
UDP_KEEP_RSTD_FLOWS
Keep UDP connections a short while after reject to handle lost/ignored icmp packets
275
UDP_RESPONSE_RTT_AS_HANDSHAKE_RTT
Use time-from-first-request-packet-to-first-response-packet as 'Handshake RTT' for UDP connections
UDP_TTL
TTL in seconds for UDP connections
B.4. Connsync
CONNSYNC_ENABLED
Enable flow (connection) synchronization
NATSYNC_ENABLED
Enables the NATsync protocol which is used to synchronize private to public IP address mappings and port block
allocations in asymmetric traffic environment. The NATsync protocol uses FlowSync interfaces to communicate with peers.
NATSYNC_ID
Unique number to identify each PRE participating in NATsync. Must be non-zero when NATsync is used. Values
must be contiguous within a cluster and start with 1. The highest NATSYNC_ID used in a cluster should be equal to
NATSYNC_NUM_SYSTEMS.
NATSYNC_NUM_SYSTEMS
The number of systems forming the NATsync cluster. This value cannot be 0 when NATsync is enabled. This should be
equal to the highest NATSYNC_ID in a cluster.
NATSYNC_PASSBACK_EXPIRATION_TIME
The time in seconds a NAT mapping created by NATsync will exist without matching traffic seen on the local system.
NATSYNC_PERIODIC_SYNC_INTERVAL
Interval (seconds) with which periodic broadcast NATsync messages are sent. If this interval is shorter than
CONNECTION_UPDATE_INTERVAL, this interval is overridden by CONNECTION_UPDATE_INTERVAL.
B.5. ContentLogic
CONTENTLOGIC_ENABLED
Enable ContentLogic
CONTENTLOGIC_TABLE_SIZE
Maximum number of entries, in the lookup table. This number is generally larger than the number of URLs.
B.6. DRDL
CONNECTION_PROP_BUFFERS
Maximum number of DRDL temporary buffers
DRDL_ASYMMETRIC_ENABLED
Enable asymmetric signatures
DRDL_BINCODE_ENABLED
Enable execution of bincode within DRDL
DRDL_ENABLED
Enable DRDL content recognition
276
DRDL_MAX_VS_ARM_SIZE
Maximum size for compiled Virtual Services files
DRDL_QUEUE_MODE
Determines if packets taking too long (more than 2 ms for a batch of packets) to analyze in DRDL are enqueued until the
CPU has idle cycles for analysis. Enqueues as follows: 0 = never, 1 = non-TCP packets in the batch, 2 = all packets
in the batch.
DRDL_QUEUE_SIZE
The number of packets that is allowed to be queued for later processing
DRDL_SLICE_STATE_STRUCTURES
Maximum number of DRDL slice_state structures. Set to 0 for same as MAX_CONNECTIONS.
DRDL_TAINT_STORE_SIZE
Size of store used for DRDL connection tainting. This value will be rounded up to the closest larger power of 2.
DRDL_UCAP_MAXFILES
UCAP: Maximum number of files to save with packet captures of unknown connections
DRDL_UCAP_PKTQUEUES
UCAP: Maximum number of current connections to track for connections marked as unknown by DRDL. Set to 0 to
turn feature off
SERVICE_CHILD_POOLSIZE
Maximum number of waiting childconnections
SERVICE_DNS_POOLSIZE
Maximum number of DNS records
SERVICE_KVSTORE_POOLSIZE
Maximum number of DRDL Key-Value store entries
SERVICE_PROP_POOLSIZE_128
Maximum number of service property strings of size 128
B.7. Debugging
OUTPUT_CONNPROT_HOSTS
Output hosts that are hitting connection protection
B.8. Divert
DIVERT_ARP_ENABLED
Disable transmitting ARP packets on divert channels.
277
DIVERT_HB_MAX_LOST
Maximum number of lost heartbeat packets before disabling the divert channel
DIVERT_HB_MS
Number of milliseconds between heartbeat packets to the divert channel
DIVERT_HB_RECOVERY
Minimum number of successful heartbeat packets in sequence before enabling the divert channel
DIVERT_HOST_USE_EXTERNAL
When enabled: use both internal and external ipaddresses when creating divert hosts. When disabled: only use internal
ipaddress when creating divert hosts.
DIVERT_INJECT_FAIL_ACTION
Action that shall be taken when there is a failure in inject data of divert rule. 0 - divert with truncated property/no inject,
1 - drop and 2 - no divert.
DIVERT_IPV6_ENABLED
Enable diverting IPv6 packets. Third party devices might not support IPv6 and may thus not forward them.
DIVERT_L3_TTL_INC
Amount that IPv4 TTL should be increased by when divert is operating in L3 mode
DIVERT_MAX_PROXY_CONNECTIONS
Maximum number of simultaneously proxied connections
DIVERT_NUM_HOSTS
Number of local host/remote host pairs to store L2 data for
DIVERT_PROXY_TIMEOUT
Timeout in milliseconds for divert proxy TCP 3-way handshake
DIVERT_TTL_TERMINATED
Time (seconds) that connections are remembered after being terminated, needed to ensure that packets still in flight on
a divert channel are handled correctly when received back
B.9. Filtering
FW_MAX_LOG
Maximum number of log entries in the firewall log view
FW_SYSLOG
Enable Firewall logging to syslog
B.10. General
COMM_SERVER_AUTH_TIMEOUT
Timeout for PLCOMM server authentication session
COMM_SERVER_MAX_AUTH_ATTEMPTS
Max authentication attempts in PLCOMMD server authenitcation session.
PLRC_LIVEVIEW_RX_SIZE
Size of the buffer used to send data from PLD to PLRCD
278
PLRC_LIVEVIEW_TX_SIZE
Size of the buffer used to send data from PLRCD to PLD
SYSDIAG_PROXY_UPDATE_LOCAL
Update local sysdiag values even though the sysdiag resource is proxied.
SYSDIAG_SNMP_LOCAL_ONLY
Only export local system sysdiag values to SNMP.
SYSDIAG_SNMP_MAX_DEPTH
Maximum level of subvalues exported by snmp. (0 means no subvalues at all)
SYSTEM_NAME
The name of the system as it appears in the System Overview.
B.11. GeoLogic
GEOLOGIC_ENABLED
Enable the GeoLogic function in PacketLogic
GEOLOGIC_FIELDS
Specify GeoLogic interesting FIELDS from database.
GEOLOGIC_PREALLOCED_TABLE_ROWS
Number of rows to preallocate for data
B.12. Host statistics

HOST_STATS_ENABLED
Enable host stats
HOST_STATS_MAX_HOSTS
Maximum number of hosts to store host statistics for.
HOST_STATS_SAMPLING_PERCENT
Percent of all IP addresses to include when gathering host statistics.
HOST_STATS_VOLUME_THRESHOLD
Defines the threshold for sending host stats records to Insights Data Storage. The threshold is the number of total bytes
measured over one high frequency interval (256 ms).
B.13. IPFIX
IPFIX_ENABLED
Enables IPFIX export.
IPFIX_FLOW_DEFINITION
Definition of an IPFIX flow. 0: Intermediate flow, 1: Full flow
IPFIX_MAX_COLLECTORS
Maximum number of IPFIX collectors allowed on the system.
279
IPFIX_MESSAGE_MAX_LENGTH
Maximum length (bytes) of a single IPFIX message.
IPFIX_SAMPLING_PERCENT
Connection sampling percent for IPFIX export. Connections matching a statistics rule with an associated IPFIXObject will
be sampled by this percent. When a connection is included in the IPFIX export, all of its data will be exported regardless
of IPFIX_FLOW_DEFINITION.
IPFIX_TRANSPORT_PROTOCOL
Transport protocol used for exporting IPFIX messages. Supported protocols: UDP, SCTP
B.14. Insights
INSIGHTS_CONNECTION_SSL_ENABLED
Enable SSL for connections to the Insights storage cluster
INSIGHTS_DATATRANSFER_GZIP_ENABLED
Enable gzip compression of data sent to Insights storage
INSIGHTS_DATA_COLLECTION_SCORE_SERVICE
Collect service dimensions for Insights score data.
INSIGHTS_DATA_COLLECTION_TRAFFIC_BGP
Collect BGP dimensions for Insights traffic data.
INSIGHTS_DATA_COLLECTION_TRAFFIC_CONNECTION
Collect metrics about connections (concurrent, unestablished) for Insights traffic data.
INSIGHTS_DATA_COLLECTION_TRAFFIC_CONTENTLOGIC
Collect Contentlogic dimensions for Insights traffic data.
INSIGHTS_DATA_COLLECTION_TRAFFIC_LS_DEVICE_COUNT
Collect metrics for Linesharing (device count) for Insights traffic data.
INSIGHTS_DATA_COLLECTION_TRAFFIC_LS_DEVICE_ID
Collect Line sharing device dimensions for Insights traffic data.
INSIGHTS_DATA_COLLECTION_TRAFFIC_POLICY
Collect metrics about policy (packet drops, latency) for Insights traffic data.
INSIGHTS_DATA_COLLECTION_TRAFFIC_QUALITY
Collect metrics about quality (RTT, packets, lost packets) for Insights traffic data.
INSIGHTS_DIMENSIONS_ACCESS_NODE
-- Session context column / NetObject path to access node dimension information. -- Leaving this empty will cause the
dimension to be unprovisioned. -- Session context example: "cmts" -- NetObject example: "/PSM/Mobile/By CMTS"
INSIGHTS_DIMENSIONS_ACCESS_TECHNOLOGY
-- Session context column / NetObject path to access technology dimension information. -- Leaving this empty will cause
the dimension to be unprovisioned. -- Session context example: "access_technology" -- NetObject example: "/PSM/
Mobile/By Technology"
INSIGHTS_DIMENSIONS_APN
-- Session context column / NetObject path to apn dimension information. -- Leaving this empty will cause the dimension
to be unprovisioned. -- Session context example: "apn" -- NetObject example: "/PSM/Mobile/By APN"
INSIGHTS_DIMENSIONS_BGP_EXT_N_HOP
Sets 'N' for external BGP N hop data. The N'th AS on the external AS path will be stored in Insights traffic.
280
INSIGHTS_DIMENSIONS_CHANNELS_DS
-- Session context column / NetObject path to channels_ds dimension information. -- Leaving this empty will cause
the dimension to be unprovisioned. -- Session context example: "channels_ds" -- NetObject example: "/PSM/Mobile/
By Channel Ds"
INSIGHTS_DIMENSIONS_CHANNELS_US
-- Session context column / NetObject path to channels_us dimension information. -- Leaving this empty will cause
the dimension to be unprovisioned. -- Session context example: "channels_us" -- NetObject example: "/PSM/Mobile/
By Channel Us"
INSIGHTS_DIMENSIONS_CUSTOM_1
-- Session context column / NetObject path to a custom dimension information. -- Leaving this empty will cause the
dimension to be unprovisioned. -- Session context example: "customer_class" -- NetObject example: "/PSM/Mobile/
Class"
Class"
Class"
Class"
Class"
Class"
Class"
Class"
Class"
Class"
281
INSIGHTS_DIMENSIONS_DEVICE
-- Session context column / NetObject path to device dimension information. -- Leaving this empty will cause the
dimension to be unprovisioned. -- Session context example: "device" -- NetObject example: "/PSM/Mobile/By Device"
INSIGHTS_DIMENSIONS_GATEWAY
-- Session context column / NetObject path to gateway dimension information. -- Leaving this empty will cause the
dimension to be unprovisioned. -- Session context example: "gateway" -- NetObject example: "/PSM/Mobile/By Gateway"
INSIGHTS_DIMENSIONS_GEOLOGIC_CITY
-- Geologic database column to city dimension information. -- Leaving this empty will cause the dimension to be
unprovisioned.
INSIGHTS_DIMENSIONS_GEOLOGIC_COUNTRY
-- Geologic database column to country dimension information. -- Leaving this empty will cause the dimension to be
unprovisioned.
INSIGHTS_DIMENSIONS_GEOLOGIC_REGION
-- Geologic database column to region dimension information. -- Leaving this empty will cause the dimension to be
unprovisioned.
INSIGHTS_DIMENSIONS_INTERFACE
-- Session context column / NetObject path to interface dimension information. -- Leaving this empty will cause the
dimension to be unprovisioned. -- Session context example: "interface" -- NetObject example: "/PSM/Mobile/By Interface"
INSIGHTS_DIMENSIONS_LOCATION
-- Session context column / NetObject path to location dimension information. -- Leaving this empty will cause the
dimension to be unprovisioned. -- Session context example: "cgi" -- NetObject example: "/PSM/Mobile/By CGI"
INSIGHTS_DIMENSIONS_NETWORK
-- Session context column / NetObject path to network dimension information. -- Leaving this empty will cause the
dimension to be unprovisioned. -- Session context example: "network" -- NetObject example: "/PSM/Mobile/By Network"
INSIGHTS_DIMENSIONS_SERVICE_PLAN
-- Session context column / NetObject path to service plan dimension information. -- Leaving this empty will cause the
dimension to be unprovisioned. -- Session context example: "service_plan" -- NetObject example: "/PSM/Mobile/By
Service Plan"
INSIGHTS_DIMENSIONS_SIGNATURE_DEVICE_CATEGORY
-- Property name for Device Category -- or, NetObject path for Device Category, example: "/PSM/Pinned Device Name"
-- or, Session Context column, with Device Category, example: "Pinned Device Name" -- Empty to leave this traffic
dimension unassigned
INSIGHTS_DIMENSIONS_SIGNATURE_DEVICE_NAME
-- Property name for Device Name -- or, NetObject path for Device Name, example: "/PSM/Pinned Device Name" -- or,
Session Context column, with Device Name, example: "Pinned Device Name" -- Empty to leave this traffic dimension
unassigned
INSIGHTS_DIMENSIONS_SIGNATURE_SERVICE_CATEGORY
Service Object path to Service Category -- Optional |<depth> suffix to use a level below the specified path, e.g. "/Procera
Networks Categorization/Categories|3" -- Empty to leave this traffic dimension unassigned
INSIGHTS_DIMENSIONS_SITE
-- Session context column / NetObject path to site dimension information. -- Leaving this empty will cause the dimension
to be unprovisioned. -- Session context example: "site" -- NetObject example: "/PSM/Mobile/By Site"
INSIGHTS_DIMENSIONS_SUBSCRIBER
-- Session context column / NetObject path to subscriber dimension information. -- Leaving this empty will cause
the dimension to be unprovisioned. -- Session context example: "subscriber" -- NetObject example: "/PSM/Mobile/All
Subscribers"
282
INSIGHTS_DIMENSIONS_USE_PINNED_DEVICES
Use NetObjects/Session Context data to populate Signature Device Name and Category.
INSIGHTS_OBFUSCATE_SUBSCRIBERS
Obfuscate data populating 'Subscriber' column.
INSIGHTS_SCORE_BUFFER_SIZE_MB
Bulk size (MB) used for Insights Score data loading.
INSIGHTS_SCORE_DUMP_INTERVAL
The dump interval for Insights score data in seconds. The value must be a divisor of a full hour. Score data is sent to
Insights Storage at the dump interval and when the score data buffer is full (INSIGHTS_SCORE_BUFFER_SIZE_MB).
Caution: A low dump interval might cause resource problems in Insights Storage.
INSIGHTS_SESSION_CONTEXT_SCHEMAS
-- Session context schema names of the schemas that represents subscribers. -- Use comma (,) to delimit multiple
schema names. Do not use any spaces between the names. -- Example: "fixed,mobile"
INSIGHTS_TRAFFIC_ENABLED
Enable Insights traffic statistics collection facility
INSIGHTS_TRAFFIC_SCHEMA
Database schema containing the Traffic Perspectives data
INSIGHTS_TRAFFIC_TABLE
Database table containing the base Traffic Perspectives data
INSIGHTS_USE_SESSION_CONTEXT
Use session context data to populate tables.
B.15. Linesharing
LS_DEVICE_PORT_ENABLE
TCP port based detection
LS_DEVICE_PORT_SIZE
Number of detectable port devices per host
LS_DEVICE_TS_ENABLE
TCP timestamp based detection
LS_DEVICE_TS_SIZE
Number of detectable timestamp devices per host
LS_ENABLE
Enable line sharing detection
LS_HOST_POOL_SIZE
The number of host entries in the memory pool for tracking line sharing devices
B.16. LiveView
HOST_NUM_HOSTS
Maximum number of simulatenously accounted hosts
283
HOST_NUM_NETOBJECTS
Number of netobjects an IP can be viewed in. This only applies to the Local Hosts view.
LIVEVIEW_MAX_VIEWS
Maximum number of concurrent connection views
LIVEVIEW_WEB_SERVER_PORT
Web liveview server port
MAX_VISIBLE_NETOBJECTS
Maximum number of visible NetObjects allowed
PLD_CLIENT_SEND_RINGBUF_HEADROOM
Headroom of PLD_CLIENT_SEND_RINGBUF_MEGS in percentage before liveview updates are dropped.
PLD_CLIENT_SEND_RINGBUF_MEGS
Size in MB of the ringbuffer in PLD and PLRCD used to transmit data to one non-PLSD client. There is one for each
connected and authenticated client.
PLD_CONN_UPDATE_THREADS
Number of connection update threads per reaper. Value must be a power of two.
PLD_REAPER_RINGBUF_MEGS
Size in MB of each ringbuffer in PLD used to receive data from a reaper. There is one for each reaper (flow processor).
PLD_REAPER_SEND_RINGBUF_MEGS
Size in MB of each ringbuffer in PLD used to transmit data to a reaper. There is one for each reaper (flow processor).
PLNATD_REAPER_RINGBUF_MEGS
Size in MB of each ringbuffer in PLNATD used to receive data from a reaper. There is one for each reaper (flow processor).
PLRC_REAPER_RINGBUF_MEGS
Size in MB of each ringbuffer in PLRCD used to receive data from a reaper. There is one for each reaper (flow processor).
B.17. Low Level Filters

SHUNT_IP_SELECTOR
Bitmask of ipaddress selectors that are to be matched against IPv4 and IPv6 shunting rules. Internal ipaddress is
represented by bit 0 (value 1) External ipaddress is represented by bit 1 (value 2)
SHUNT_MONITOR_IFACE
Interface name to use as shunt monitor interface. Empty value means use physical monitor port.
B.18. Packet Handling

ALLOW_FWD_ON_INJECT
Allow forwarding of packets on INJECT
ALWAYS_FORWARD
Allow forwarding of packets before ruleset is loaded
BYPASS_TIMEOUT
Bypass timeout in milliseconds for Advantech and Silicom bypass NMCs.
284
CONNECTION_HOPLIMIT_FIRSTPACKET
Only look at the hop limit (that is, max TTL) of the initial packet in a connection. Disable to refresh hop limit on every
packet, possibly with a negative performance impact.
E10K_RX_ERROR_TIMEOUT
Time duration in milliseconds after TX laser enabling before we treat RX symbol errors as an error (e10k interfaces)
E10K_RX_QUEUE_LENGTH
Hardware receive queue length. Needs to be a power of two! (Hardwired to 1024 for LB blade ports.)
E10K_TX_QUEUE_LENGTH
Hardware transmit queue length. Needs to be a power of two! (Hardwired to 1024 for LB blade ports.)
E1K_BYPASS_ENABLED
Enable bypass for Intel pci-express adapters
E1K_LOL_ENABLED
Enable Loss of Link (Light) propagation for Intel e1k/e10k-based fiber optic adapters. For 100GE interfaces (PL15000
and PL20000), use LOL_ENABLED.
E1K_RX_ERROR_TIMEOUT
Time duration in milliseconds after TX laser enabling before we treat RX symbol errors as an error (e1k interfaces)
ECN_FULL_SHAPING
Enable ECN for all shaping objects
ECN_SUPPORT
Enable ECN support (RFC3168) for shaping objects that are split by local host, split by subscriber and split by connection
FORWARDING_DISABLED
If set no received packets are transmitted. Flowsync, divert and monitor packets are still transmitted.
FP_AUTOMATIC_REBOOT
Enable FP automatic reboot in case of emergency problem
I40E_RX_ERROR_TIMEOUT
Time duration in milliseconds after TX laser enabling before we treat RX symbol errors as an error (i40e interfaces)
IPV4_EXPOSE_FRAGMENT_VIOLATIONS
Enable logging when a connection has more fragments for a packet header than
IPV4_MAX_FRAGMENTS_PER_HEADER.
IPV4_FRAGMENT_REASS_PPS
Limit IPv4 fragment reassemblies (pps/thread), 0 to disable. When this limit is reached, subsequent fragmented packets
are dropped. Drops are accounted by the system diagnostics value IPv4/Reassembly refused (Rate Limit).
IPV4_MAX_FRAGMENTS_PER_HEADER
Maximum number of fragments per IPv4 packet
IPV4_TUNNELING
Enable generic IPv4 tunneling support
IPV6_ICMPV6_GENERATION
Enable IPv6 ICMPv6 packet generation
IPV6_ICMPV6_GENERATION_PPS
IPv6 ICMPv6 packet generation rate (pps/thread)
IPV6_TEREDO
Enable Teredo support (RFC4380)
285
IPV6_TUNNELING
Enable generic IPv6 tunneling support (RFC2473)
IP_FRAGMENTS
Number of simultaneously defragmented IP packets
LB_ACTIVE_FP
Number of Flow Processors used to process traffic
LB_BLACKLIST_ENABLED
Enable finegrained (1024 buckets) blacklisting triggered on RX drops in the FP. Default action is Shunt. See also
LB_DROP_BLACKLISTED.
LB_BLACKLIST_TIMEOUT
Number of seconds that a bucket remains blacklisted. See also LB_BLACKLIST_ENABLED.
LB_CPU_PACKET_BUFFER_SIZE
Size of the packet buffer in load balancer's CPU memory.
LB_DROP_BLACKLISTED
Drop incoming packets for blacklisted buckets instead of shunting them
LB_FABRICS_ALLOW
Bitmask of switch fabrics that are allowed to be used for heartbeats and traffic towards Flow Processors. Fabric 1 is bit
0 (value 1) Fabric 2 is bit 1 (value 2)
LB_HB_BYPASS_DROP_THRESHOLD
Number of sequential heartbeat packets required to be dropped by a flow processor before it is disabled
LB_HB_GRACE
Number of sequential heartbeat checks (two packets, one per direction) required to pass through a flow processor before
it is enabled
LB_HB_RATE
Number of heartbeat checks (two packets, one per direction) sent to a flow processor per second
LB_NUM_FP
Total number of Flow Processors
LB_REBALANCE_INERTIA
Maximum load differential, as percent of PPS, is allowed between the highest- and lowest-load threads before traffic is
rebalanced
LB_REBALANCE_IPV4_FAILED_FP
Rebalance ipv4 packets balanced to a failed fp, instead of shunting. If no other fp is available, the packet will be dropped.
Both switch fabrics must be allowed to be used for heartbeats.
LB_USE_FP_TABLE
Use fp lookup table to balance traffic instead of normal balancing algo. Balancing will be done without jhash to support
deterministic cgnat. This feature should only be used with cgnat.
LLHDR_CACHE_ENTRIES
Maximum number of stored link-level headers
LLHDR_CACHE_HEADER_SIZE
Maximum size of each stored link-level header
LOL_DEADLOCK_TIMEOUT
Interval (seconds) with which ports are probed to detect and mitigate deadlock in Loss of Link state. 0 (zero) disables
probing.
286
LOL_ENABLED
Enable Loss of Link (Light) propagation for 100G platforms (PL15000/PL20000). For corresponding configuration on
1GE/10GE non-SFP fiber, use E1K_LOL_ENABLED.
LOL_RX_ERROR_REACT
Allow Loss of Link (Light) propagation to treat RX symbol errors like loss of signal
LOL_RX_ERROR_TIMEOUT
Time duration in milliseconds after linkup before we treat remote fault as an error
MAX_REAPERS
Maximum number of packetlogicd reapers
MONITOR_INTERNAL_HEADER
If set to true and using rewriting, monitor the internal packet header, otherwise monitor the external packet header.
MONITOR_SIMPLIFY_HEADER
Remove all data, in the monitored packet, between end of ethernet header and start of currently inspected IP-header.
This might be Dot1q, MPLS, PPPoE etc data, or the outer IP-header/UDP-header if matching on the inner IP-header of
a tunneled packet.
MPLS_CONTROL_WORD_PRESENT
Defines if MPLS traffic contains a four byte control word. If enabled, all MPLS traffic is assumed to contain the control
word which is skipped when reading the enclosed packet.
MPLS_GUESS_PREFER_ETH
Assume Ethernet MPLS-encapsulated frames over IP (when indeterminate)
PACKET_ACCOUNTING_IGNORE_MPLS
Ignore size of MPLS header when accounting packet length.
PACKET_ACCOUNTING_MODE_L3
Ignore size of L2 header when accounting packet length in layer 3+.
PACKET_INSPECT_MTU
Maximum ethernet frame size (bytes) including CRC to inspect
PACKET_POOL_SIZE
Number of packets in the packet pool
PACKET_RESERVE
Reserved packets
PLOS_BALANCER_ALLOW_CPU0
Allow CPU0 to perform NIC polling and load balancing
PLOS_BALANCER_ALLOW_LB_ON_FP
Allow FP CPUs to perform NIC polling and load balancing
PLOS_BALANCER_LB_CPUS
Number of dedicated NIC polling/load balancing CPUs, excluding CPU0
PLOS_BALANCER_LOCAL_NODE
Load balance to FP CPUs on the same node as the LB CPU (and NIC)
PLOS_BALANCER_QUEUE_LENGTH
Maximum number of packets that each CPU can have enqueued for processing from load balancing (only valid on
appliances)
PLOS_BALANCER_USE_5TUPLE
Enable load balancing based on a hash of the connection 5-tuple (best for inspected tunnels) instead of the internal IP
address (best for split by subscriber provisioning)
287
PLOS_CLOCK_HZ
PLOS Clock Frequency 0 = 1Khz, 1 = 10Khz
PLOS_OLPROT_BACKOFF_ENABLED
Enable overload protection backoff. If enabled, PLOS will try to reenable packet processing after a minimum of
PLOS_OLPROT_CHECK_INTERVAL seconds has passed.
PLOS_OLPROT_CHECK_INTERVAL
How often (in seconds) PLOS should check for overload. Setting this to 0 will disable overload protection.
PLOS_OLPROT_THRESHOLD
The number of packets (per 1000) that may be dropped (linklevel RX drops) before triggering overload protection on PLOS
PORT_QUIRKS
Specify quirks for hardware ports. Specified as name1:value1 or name2:mask2:value2
(pl15k_tx_diff:0,pl20k_rx_sec:0x41:31). On Pl20k systems restart of lbumd (or reboot of IO card) is need in order for the
changes to apply.
TCPV4_SEGMENT_FACTOR
Number of TCP segment headers allocated, multiplied by MAX_CONNECTIONS.
TUNNELING_ACCOUNTING_LEVEL_MAX
Defines the highest tunnel level to account traffic for. Use this to customize how Session Context counters are updated
in tunneled configurations.
TUNNELING_ACCOUNTING_LEVEL_MIN
Defines the lowest tunnel level to account traffic for. Use this to customize how Session Context counters are updated
in tunneled configurations.
TUNNELING_ACCOUNT_HEADERS
Include header size of lower level tunnels when accounting packet length inside tunnels
TUNNELING_CAPWAP_DATA_PORT
Port used for transport of CAPWAP data
TUNNELING_CAPWAP_SUPPORT
Enable CAPWAP tunneling support
TUNNELING_DSLITE_SUPPORT
Enable DS-Lite tunneling support (requires IPV4_TUNNELING)
TUNNELING_ETHERIP_SUPPORT
Enable EtherIP tunneling support
TUNNELING_GRE_SUPPORT
Enable GRE tunneling support
TUNNELING_GTP_C_PORT
Destination port for GTP-C traffic
TUNNELING_GTP_SUPPORT
Enable GTP tunneling support
TUNNELING_GTP_U_PORT
Destination port for GTP-U traffic
TUNNELING_L2TP_CONTROL_MONITOR_IFACE
Interface name to use for L2TP control packet mirroring. Empty value means no mirroring.
TUNNELING_L2TP_MAP_ENABLE
Enable L2TP map support
288
TUNNELING_L2TP_MAP_MAX
Max entries in L2TP map
TUNNELING_L2TP_PORT
L2TP port
TUNNELING_L2TP_SUPPORT
Enable L2TP tunneling support
TUNNELING_MAX_LEVEL
Maximum number of tunnel levels to go through
TUNNELING_SUB_LEVEL
The tunnel level subscribers are expected at
TUNNEL_CTXS
Number of simultaneous tunnel contexts
B.19. Queue Sync

EXT_QUEUESYNC_ENABLED
Enable External Queue Sync
EXT_QUEUESYNC_IFACE
Interface name to use for External Queue Sync
EXT_QUEUESYNC_REMOVE_TIME
Remove timeout time, in ms, before QSync peer is removed from peer table and sysdiag values. Default is two weeks."
EXT_QUEUESYNC_SEND_BUFFER_MEGS
Size (MB) of send buffer for external qsync
EXT_QUEUESYNC_STATUS_INTERVAL
Status packet send interval in ms
EXT_QUEUESYNC_TIMEOUT_TIME
Timeout time, in ms, before QSync peer is marked as timed out
EXT_QUEUESYNC_USE_NAME
Use object names instead of object ids in External Queue Sync
EXT_QUEUESYNC_WHITELIST
Commaseparated list of prefixes which peers must match to be allowed to queuesync.
QUEUESYNC_AIMD_THRESHOLD
If non-zero, this controls the inertia for increasing available bandwidth in queue sync. Larger number means quicker
increase in synced available bandwidth.
B.20. Ruleset
BGP_USE_EXTERNAL_PATH_ONLY
When matching BGP rules, only consider external ASpath/communities
DYNAMIC_NETOBJECT_ENRICH_ENABLE
Enable dynamic enrich for dynamic netobject items.
289
DYNAMIC_NETOBJECT_ENRICH_MAX
Maximum number of dynamic enrich configs added for dynamic netobject that an enrichobject uses in the ruleset. Enable
DYNAMIC_NETOBJECT_ENRICH_ENABLE for this.
DYNAMIC_NETOBJECT_PREFIXES_MAX
Maximum number of unique IP-prefixes (IPv4 and IPv6) added as dynamic netobject items.
DYNAMIC_NETOBJECT_SAVE_ENABLE
Save the dynamic netobject items to disk. This is normally not needed as a PSM or other client provisions the dynitems.
This will affect performance very bad when the number of dynamic items increases.
DYNAMIC_NETOBJECT_SAVE_INTERVAL
How often, in seconds, to save dynamic netobjects to disk if DYNAMIC_NETOBJECT_SAVE_ENABLE is TRUE
DYNAMIC_NETOBJECT_SUBSCRIBER_MAX
Maximum number of unique subscriber names added as dynamic netobject items under a netobject being used by any
rule.
MAX_DYNAMIC_NATCFG_ENGINE
Maximum number of NAT instances in engine
MPLS_ILEVEL
MPLS label nesting effective for ruleset
NETOBJECT_PREFIXES_MAX_BITMASKS
Maximum number of prefix matching combinations all prefixes has. If two prefixes matches the same rules, only one
bitmask is used.
NETOBJECT_PREFIXES_MAX_IPV4
Maximum number of unique IPv4 prefix, used in ruleset via a netobject. This is the sum of static and dynamic netobject
items in netobjects used by rules.
NETOBJECT_PREFIXES_MAX_IPV6
Maximum number of unique IPv6 prefix, used in ruleset via a netobject. This is the sum of static and dynamic netobject
items in netobjects used by rules.
QINQ_ILEVEL
Number of nested VLAN IDs traversed to set the VLAN ID for a connection (0 means no traversal, i.e. look at the outermost
ID)
RESET_PPPOE_CONNECTIONS
Reset PPPoE connections
RULESET_COMPILATION_COMPILE_OBJECTS
Compile each object before using them in a rule. Will save complation time when many rules are using the same object,
but it might be harder to read the compilation dump of any rule or ruleset.
RULESET_COMPILATION_DUMP_TOLOG
Enable dumping of ruleset compilation to plrcd.log. Warning, this will create a lot of logs. Use this only with a small number
of active rules during ruleset debugging.
RULESET_COMPILATION_MAX_RULES
Maximum number of rules in ruleset firewall+shaping+statistics rules combined"
RULESET_COMPILATION_PROPERTYOBJECT_MAX_COMPLEXITY
Max complexity allowed in propertyobjects. Refers to max number of compile states in the pattern matcher. Using * in the
patterns will use many states. If you get too complex propertyobjects, split it into two objects and use OR between them.
RULESET_DIVERT_ON_FIRST_ONLY
Prevent starting to divert packets after the first packet in a connection. Ruleset reloads may still cause divert changes
mid-connection.
290
RULESET_DYNIP_ALWAYS_REHASH
Enable rehashing the ruleset on dynamic IP updates
RULESET_ENRICH_BEFORE_DIVERT
Do enrichment before divert
RULESET_ENRICH_LOG_ACTIONS
Log each enrichment action
RULESET_FILTER_COMBINE_RULES
Allow accumulating settings from filtering rules with actions REWRITE and ACCEPT when multiple rules match a
connection.
RULESET_MAX_ENRICH_CONNECTIONS
Maximum number of connections that can undergo header enrichment simultaneously.
RULESET_REWRITE_ON_FIRST_ONLY
Prevent starting to rewrite packets after the first packet in a connection. Ruleset reloads may still cause rewrite changes
mid-connection.
B.21. Shaping
PRIO_EMPTY_ACK
Prioritize ACK packets without payload
PRIO_RETRANSMISSION
Prioritize TCP retransmissions
SHAPING_BLUE_HOLD_TIME
Blue hold time in ms
SHAPING_COUNTERS_GRANULARITY_SHIFT
Minimum change in shaping counters reported (as a shift, default 18 means 1 << 18 = 256k)
SHAPING_COUNTERS_MAX
Maximum number of active shaping counters
SHAPING_COUNTERS_SUBSCRIBER_SEND_ALL
Send all counters for a subscriber when one of its counters crosses granulaity boundary.
SHAPING_DSCP_MAP
DSCP values used for marking. Example: 10,12 will mark packets sent without borrowing with 10, packets that borrow
from the second object will be marked 12. DSCP values are between 0 and 63, 255 means keep existing DSCP
SHAPING_DSCP_MARKING
DSCP marking support
SHAPING_HOSTFAIRNESS_IPV6_PREFIX_LEN
Prefix length used for IPv6 host fairness
SHAPING_MAX_RULES_PER_CONNECTION
Maximum number of shaping rules that can match one connection
SHAPING_MAX_SPLITTED_OBJECTS
Maximum total number of objects created by using Split By in ShapingObjects. Higher value results in increased load
on CPU0.
291
SHAPING_OBJECTS_PER_CONN
Maximum number of ShapingObjects any one connection may exist in
SHAPING_OR_BORROWING
Enable accounting packets on all ShapingObjects in a Shaping rule, rather than only the one that dequeues it first
SHAPING_PRIO0_FASTLANE
Never drop packets with priority 0, allowing them to exceed configured bandwidth limits (Probably do not want to use
together with PRIO_EMPTY_ACK)
SHAPING_QUEUE_FACTOR
The maximum size of the queue is multiplied by QUEUE_FACTOR. The original size is calculated from the shaping object
bandwidth.
SHAPING_QUEUE_GOAL
The shaping algorithm will try to regulate the queue usage such that the queue length is around QUEUE_GOAL in
milliseconds.
B.22. Statistics
PLDB_STATISTICSFS_MAX_SUBS
Maximum number of subscribers stored in statistics
PLDB_STATISTICSFS_MAX_VALUES
Size of the Global Index table for statisticsfs. Change takes effect only when a Global Index table is created.
PLDB_STATISTICSFS_MAX_VALUES_DATASET
Maximum total number of values in all datasets stored
PLDB_STATWRITER_GRACE_PERIOD
Time in seconds Statwriter waits after a dataset is received before it starts writing
PLS_CHANNELSTATS_ENABLED
Enable collecting channel statistics
PLS_CONNLOG_ENABLED
Enable Collection of Connlog records.
PLS_CONNLOG_REINDEXING_ENABLED
Enable reindexing for connection logging data. Disk usage for connlog data will decrease if reindexing is disabled.
PLS_CONNLOG_SEARCHABLE_CRITERIAS
Comma-separated list of searchable criteria in connlog: SERVER CLIENT CLIENTPORT SERVERPORT PROTOCOL
SERVICE SERVERHOST HOST VNO SERVER_IPV6 CLIENT_IPV6 HOST_IPV6 NATCLIENT NATSERVER NATHOST
NATCLIENTPORT NATSERVERPORT (empty list equals all criterias)
PLS_CONN_THRESHOLD_IN
Account only for flows that send more than this many bytes downstream.
PLS_CONN_THRESHOLD_OUT
Account only for flows that send more than this many bytes upstream.
PLS_DATASET_BANDWIDTH_LIMIT
Maximum Bandwidth(in Kbps) to use to transfer Dataset to Statwriter/StatBackup Resource
PLS_DISK_CACHE_INTERVAL
Interval with which PLSD caches datasets to disk. PLS_DISK_CACHE_INTERVAL must be a multiple of
PLS_GRAPH_FREQUENCY and PLS_DUMP_INTERVAL must be a multiple of PLS_DISK_CACHE_INTERVAL
292
PLS_DUMP_INTERVAL
Interval with which PLSD dumps datasets to statwiter. This value must be a multiple of PLS_GRAPH_FREQUENCY and
a divisor of a full day.
PLS_GRAPH_FREQUENCY
Sampling frequency for line graph in Statistics
PLS_MAX_VALUES
Maximum number of values in a dataset for one PLSD
PLS_MAX_VALUE_DEPTH
Maximum depth allowed for a statistics value
PLS_NATSTATS_ENABLED
Enable collecting NAT statistics
PLS_OBFUSCATE_SUBSCRIBERS
Obfuscate 'Subscriber' distributions in Statistics.
PLS_PRIORITY_THRESHOLD
If value usage exceeds this percentage, only High Priority values will be created.
PLS_RINGBUF_MEGS
Size in MB of the ringbuffer in PLSD to receive data from PLD. There is one for each PLSD.
PLS_SCHEMA_COLUMN_SUBSCRIBER
The Session Context column(s) that are counted as subscriber(s) in the statistics file system. These values are obfuscated
by default in statistics. A single value is entered in the format “schema name/column name”, for example, subscriber/
msisdn. Multiple values are entered as a comma-separated list, for example, subscriber/msisdn,session/imsi.
PLS_SESSION_CONTEXT_MAX_COLUMNS
Maximum number of Columns per Session Context Schema in PLSD.
PLS_SESSION_CONTEXT_MAX_ROWS
Maximum number of Session Context Rows in PLSD.
PLS_SHAPINGOBJECTSTATS_ENABLED
Enable collection of ShapingObject Statistics.
PLS_STATBACKUP_ENABLED
Enable statistics backup resource
PLS_STATBACKUP_WRITE_VERSION
Firmware version of the STATBACKUP resource in format: major.minor.drop
PLS_STATISTICS_ENABLED
Enable collecting statistics
PLS_STATWRITER_WRITE_VERSION
Firmware version of the STATWRITER resource in format: major.minor.drop
SNMP_LOG_REWRITES
Enable logging rewritten connection data to SNMP agent
STATISTICS_MAX_RULES_PER_CONNECTION
Maximum number of statistics rules any one connection is allowed to match
293
294
Appendix C. System Diagnostics Values
C.1. Introduction
This section describes the values shown in the System Diagnostics view in LiveView in the PacketLogic client.
System diagnostics shows values for various parts and subsystems in PacketLogic. The values are divided into so-called zones,
each representing a specific part or subsystem.
For each value, there are three columns: Rate, Current/Total, and Peak. Rate shows the rate at which the value is increasing.
Rate is not applicable for all values. Current/Total shows the current value or the accumulated total, depending on the nature of
the value. Peak shows the highest registered value or rate sample, depending on the nature of the value.
Note: Values denoted as bytes have rate values in bits per second (bps).
Some zones are only available if the associated functionality is active (for example, the BGP zone is only visible if BGP is
configured and used), whereas others are always present.
For some zones, the values are expandable. This applies when there are more than one component in the system performing
the associated function. For example, the Connection zone has expandable zones in case there are multiple components
handling connections. Expanding the value will then display values for the individual components, even down to each thread
running on a multithreaded processor.
C.2. BGP
Connection uptime
This is the time this system has maintained its current connection with a peer BGP server.
OID: 1.3.6.1.4.1.15397.2.1.122.4
Current peer server

Index of current BGP peer server [0..<Number of peer servers>-1].
OID: 1.3.6.1.4.1.15397.2.1.122.49
Longest AS-path we have seen in a BGP update

This is the longest AS path so far received from the BGP peer in any one update.
OID: 1.3.6.1.4.1.15397.2.1.122.23
Maximum number of communities we have seen in a BGP update

This is the highest number of communities so far received from the BGP peer in any one update.
OID: 1.3.6.1.4.1.15397.2.1.122.25
Number of AS-paths received that exceed PL_CONFIG_BGP_MAX_PATH
OID: 1.3.6.1.4.1.15397.2.1.122.22
Number of IPv4 prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.31
Number of IPv6 prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.41
295
Number of community updates received that exceed PL_CONFIG_BGP_MAX_COMMUNITIES

This is the number of communities in an update that exceed the limit imposed by the system configuration value
BGP_MAX_COMMUNITIES. These communities are ignored and will not be shown in LiveView or applied in the ruleset.
OID: 1.3.6.1.4.1.15397.2.1.122.24
Number of paths waiting for garbage collection

This is the number of paths that are no longer announced, but still has connections in packetlogicd using them.
OID: 1.3.6.1.4.1.15397.2.1.122.12
Number of peer servers

Number of BGP peer servers [0..9]. Only one is connected at a time.
OID: 1.3.6.1.4.1.15397.2.1.122.48
Number of prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.2
Number of unique paths

This is the number of unique AS paths in the lookup tree
OID: 1.3.6.1.4.1.15397.2.1.122.3
Time to balance IPv4 tree
OID: 1.3.6.1.4.1.15397.2.1.122.35
Time to balance IPv6 tree
OID: 1.3.6.1.4.1.15397.2.1.122.45
Time to compile IPv4 tree to lookup table
OID: 1.3.6.1.4.1.15397.2.1.122.36
Time to compile IPv6 tree to lookup table
OID: 1.3.6.1.4.1.15397.2.1.122.46
Time to send IPv4 lookup table to engine
OID: 1.3.6.1.4.1.15397.2.1.122.37
Time to send IPv6 lookup table to engine
OID: 1.3.6.1.4.1.15397.2.1.122.47
Total count of IPv4 announced prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.32
Total count of IPv4 announces without withdraw, replacing an already existing prefix/route
OID: 1.3.6.1.4.1.15397.2.1.122.34
Total count of IPv4 withdrawn prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.33
Total count of IPv6 announced prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.42
296
Total count of IPv6 announces without withdraw, replacing an already existing prefix/route
OID: 1.3.6.1.4.1.15397.2.1.122.44
Total count of IPv6 withdrawn prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.43
Total count of announced prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.9
Total count of announces without withdraw, replacing an already existing prefix/route
OID: 1.3.6.1.4.1.15397.2.1.122.7
Total count of withdrawn prefixes/routes
OID: 1.3.6.1.4.1.15397.2.1.122.8
Total number of reconnects

This is the total number of times the system has reconnected to any of the BGP servers.
OID: 1.3.6.1.4.1.15397.2.1.122.10
Updates received
This is the total number of updates received from any of the BGP servers.
OID: 1.3.6.1.4.1.15397.2.1.122.1
C.3. CAPWAP
Non-CAPWAP packets seen on the CAPWAP port
Number of packets on the configured CAPWAP tunnel port that failed CAPWAP protocol validation.
OID: 1.3.6.1.4.1.15397.2.1.154.8
Number of CAPWAP packets

Number of CAPWAP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.154.1
Number of CAPWAP packets with non-802.3 ethernet frames

Number of CAPWAP packets with non-802.3 ethernet frames.
OID: 1.3.6.1.4.1.15397.2.1.154.7
Number of Fragmented CAPWAP packets

Number of Fragmented CAPWAP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.154.6
Number of bytes of payload in CAPWAP packets

Number of bytes of payload in CAPWAP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.154.2
Number of packets on CAPWAP port that failed CAPWAP validation

Number of packets on CAPWAP port not handled
297
OID: 1.3.6.1.4.1.15397.2.1.154.3
C.4. Comm
CLIENT: Authentication failures
This system has failed authenticating towards another PacketLogic when connecting using plcommd.
OID: 1.3.6.1.4.1.15397.2.1.148.6
CLIENT: Connect failures

This system has failed to connect to another PacketLogic system using plcommd.
OID: 1.3.6.1.4.1.15397.2.1.148.8
CLIENT: Data transferred by daemon
OID: 1.3.6.1.4.1.15397.2.1.148.5
CLIENT: Host key verification failures

This system has failed to verify the host key of another PacketLogic system while connecting to it using plcommd.
OID: 1.3.6.1.4.1.15397.2.1.148.7
CLIENT: Number of ssh channels open
OID: 1.3.6.1.4.1.15397.2.1.148.4
SERVER: Data transferred by daemon
OID: 1.3.6.1.4.1.15397.2.1.148.2
SERVER: Number of clients connected
OID: 1.3.6.1.4.1.15397.2.1.148.3
SERVER: Number of ssh channels open
OID: 1.3.6.1.4.1.15397.2.1.148.1
C.5. Connection
Attempts refused (already existed)
This is the number of connection create attempts that failed because an identical connection already existed. This is a
typical sign of a worm, but could also be a natural occurrence.
OID: 1.3.6.1.4.1.15397.2.1.56.18
Attempts refused (connprot)

This is the number of connection create attempts that were refused by the connection protection.
OID: 1.3.6.1.4.1.15397.2.1.56.5
Attempts refused (resources)

This is the number of connection create attempts refused because the connection pool was exhausted.
OID: 1.3.6.1.4.1.15397.2.1.56.6
298
Attempts refused (rewrite failure)
OID: 1.3.6.1.4.1.15397.2.1.56.43
Attempts refused (ruleset)

This is the number of connection create attempts refused by the current ruleset.
OID: 1.3.6.1.4.1.15397.2.1.56.19
Bytes received after connection close

This is the number of bytes seen for connections where a RST has been seen.
OID: 1.3.6.1.4.1.15397.2.1.56.42
Connections allocated from LRU

This is the number of connections that have been allocated by taking the least recently used connection and reusing
the memory for the new connection.
OID: 1.3.6.1.4.1.15397.2.1.56.9
Connections destroyed on LB unset command
OID: 1.3.6.1.4.1.15397.2.1.56.49
Connections destroyed on stale passback
OID: 1.3.6.1.4.1.15397.2.1.56.48
Create attempts inbound

This is the number of inbound connection create attempts.
OID: 1.3.6.1.4.1.15397.2.1.56.3
Create attempts outbound

This is the number of outbound connection create attempts.
OID: 1.3.6.1.4.1.15397.2.1.56.4
Created inbound
This is the number of inbound connections created.
OID: 1.3.6.1.4.1.15397.2.1.56.7
Created outbound
This is the number of outbound connections created.
OID: 1.3.6.1.4.1.15397.2.1.56.8
Current count
This is the current number of connections, both established and unestablished.
OID: 1.3.6.1.4.1.15397.2.1.56.1
Current established count

This is the current number of established connections. Established connections have had traffic in both directions. For
TCP, connections remain unestablished until the entire TCP handshake has been completed.
OID: 1.3.6.1.4.1.15397.2.1.56.2
Protection enabled
This is the number of times the connection protection has been enabled. This happens when the connection creation
rate is above CONNPROT_THRESSHOLD.
299
OID: 1.3.6.1.4.1.15397.2.1.56.14
Shunted bytes (connection create failure)

This is the number of bytes that have been shunted (directly forwarded) because a connection could not be created
for the packet.
OID: 1.3.6.1.4.1.15397.2.1.56.41
Shunted packets (connection create failure)

This is the number of packets that have been shunted (directly forwarded) because a connection could not be created
for the packet.
OID: 1.3.6.1.4.1.15397.2.1.56.40
C.6. Connsync
Clocks out of sync between peers
OID: 1.3.6.1.4.1.15397.2.1.60.64
Connections actively syncing

This is the number of connections currently taking part in synchronization.
OID: 1.3.6.1.4.1.15397.2.1.60.8
Double seen
This is the number of times a SEEN message is received when flow synchronization is already set up.
OID: 1.3.6.1.4.1.15397.2.1.60.9
First updates received (seen-ack)
OID: 1.3.6.1.4.1.15397.2.1.60.4
Header enrichment updates received
OID: 1.3.6.1.4.1.15397.2.1.60.47
Header enrichment updates sent
OID: 1.3.6.1.4.1.15397.2.1.60.48
Hello received
This is the number of Hello packets received from flow syncing peers.
OID: 1.3.6.1.4.1.15397.2.1.60.10
Number of connsynced peers

This is the number of peers with which the system has established flow sync communication.
OID: 1.3.6.1.4.1.15397.2.1.60.32
Ohai received
OID: 1.3.6.1.4.1.15397.2.1.60.60
Out of syncs
This is the number of connections set as out of sync due to UPDATE messages arriving after ordinary packets for a
connection. This can be caused by too high latency on the flowsync connection.
300
OID: 1.3.6.1.4.1.15397.2.1.60.7
Peer RTT mean (ms)
OID: 1.3.6.1.4.1.15397.2.1.60.61
Peer RTT variance (ms)
OID: 1.3.6.1.4.1.15397.2.1.60.62
Proxy divert notifications receive errors (connection not found)
OID: 1.3.6.1.4.1.15397.2.1.60.59
Proxy divert notifications received
OID: 1.3.6.1.4.1.15397.2.1.60.58
Proxy divert notifications sent
OID: 1.3.6.1.4.1.15397.2.1.60.57
Proxy receive error
OID: 1.3.6.1.4.1.15397.2.1.60.53
Proxy received packets
OID: 1.3.6.1.4.1.15397.2.1.60.52
Proxy send error
OID: 1.3.6.1.4.1.15397.2.1.60.50
Proxy sent packets
OID: 1.3.6.1.4.1.15397.2.1.60.49
Received packets with incompatible version

This is the number of flow sync packets received from an engine that has an incompatible version.
OID: 1.3.6.1.4.1.15397.2.1.60.17
Received packets with incorrect ethernet type

This is the number of packets received on the flow sync interface that are not flow sync packets.
OID: 1.3.6.1.4.1.15397.2.1.60.18
Received packets with own engine-id

This is the number of flow sync packets received from an engine that claims to have the same ID as this one.
OID: 1.3.6.1.4.1.15397.2.1.60.19
Seen received
This is the number of SEEN messages received (that is, the number of times requests to synchronize connections have
been received).
OID: 1.3.6.1.4.1.15397.2.1.60.2
Seen sent
This is the number of SEEN messages sent (that is, the number of times requests to synchronize connections have
been sent).
301
OID: 1.3.6.1.4.1.15397.2.1.60.1
TLV packets received

This is the number of connection-independent data packets received.
OID: 1.3.6.1.4.1.15397.2.1.60.68
TLV packets sent

This is the number of connection-independent data packets sent.
OID: 1.3.6.1.4.1.15397.2.1.60.67
UDP Property Sync requests

This is the number of flow sync packets sent for UDP connections with property sync requests.
OID: 1.3.6.1.4.1.15397.2.1.60.65
UDP Property Sync responses

This is the number of flow sync packets received for UDP connections with property sync responses.
OID: 1.3.6.1.4.1.15397.2.1.60.66
UDP received
This is the number of flow sync packets receiver for UDP connections.
OID: 1.3.6.1.4.1.15397.2.1.60.21
UDP sent
This is the number of flow sync packets sent for UDP connections.
OID: 1.3.6.1.4.1.15397.2.1.60.20
Updates Sent
This is the number of connection synchronization update messages sent.
OID: 1.3.6.1.4.1.15397.2.1.60.3
Updates for mismatching ARM

This is the number of flow sync updates sent from an engine that has another ARM (signature bundle) version than the
local one.
OID: 1.3.6.1.4.1.15397.2.1.60.13
Updates for unknown connections received

This is the number of times connection synchronization messages for unknown connections have been received.
OID: 1.3.6.1.4.1.15397.2.1.60.6
Updates received
This is the number of connection synchronization update messages received (for connections being synchronized).
OID: 1.3.6.1.4.1.15397.2.1.60.5
C.7. ContentLogic
Current categories load ratio
OID: 1.3.6.1.4.1.15397.2.1.140.6
302
Current number of URLs loaded
OID: 1.3.6.1.4.1.15397.2.1.140.10
Current table load ratio
OID: 1.3.6.1.4.1.15397.2.1.140.2
Last revision loaded
OID: 1.3.6.1.4.1.15397.2.1.140.9
Number of lookups
OID: 1.3.6.1.4.1.15397.2.1.140.11
Number of matching lookups
OID: 1.3.6.1.4.1.15397.2.1.140.12
C.8. Divert
Bypassed packets
This is the number of packets that match a Divert rule where the system to divert to is considered down. These packets
are bypassed, but still processed by the rest of the ruleset.
OID: 1.3.6.1.4.1.15397.2.1.125.17
Connections
This is the number of connections being diverted.
OID: 1.3.6.1.4.1.15397.2.1.125.11
Dropped packets
This is the number of packets dropped because the divert mechanism could not determine what to do with it.
OID: 1.3.6.1.4.1.15397.2.1.125.18
Egress bytes
This is the number of bytes sent to divert system(s).
OID: 1.3.6.1.4.1.15397.2.1.125.5
Egress packets
This is the number of packets sent to divert system(s).
OID: 1.3.6.1.4.1.15397.2.1.125.4
Heartbeat replies received

This is the number of heart beat replies received from divert system(s).
OID: 1.3.6.1.4.1.15397.2.1.125.15
Heartbeat replies sent

This is the number of heart beat replies sent to divert system(s).
OID: 1.3.6.1.4.1.15397.2.1.125.14
303
Heartbeat requests received

This is the number of heart beat requests received from divert system(s).
OID: 1.3.6.1.4.1.15397.2.1.125.13
Heartbeat requests sent

This is the number of heart beat replies sent to divert system(s).
OID: 1.3.6.1.4.1.15397.2.1.125.12
Heartbeats lost
This is the number of heart beats lost.
OID: 1.3.6.1.4.1.15397.2.1.125.16
Hosts
This is the number of hosts stored for divert channels.
OID: 1.3.6.1.4.1.15397.2.1.125.10
Ingress bytes
This is the number of bytes received from divert system(s).
OID: 1.3.6.1.4.1.15397.2.1.125.7
Ingress packets
This is the number of packets received from divert system(s).
OID: 1.3.6.1.4.1.15397.2.1.125.6
Ingress packets with host missing L2-header

This is the number of packets received from divert systems where there is no original L2 header stored for that host and
direction. In this case, the L2 header is constructed from the L2 header for the host in the opposite direction, but with
source/destination MAC address reversed.
OID: 1.3.6.1.4.1.15397.2.1.125.9
Ingress packets with missing channel

This is the number of packets received from divert systems where there is no original channel stored. These packets
are dropped.
OID: 1.3.6.1.4.1.15397.2.1.125.27
Ingress packets with missing host

This is the number of packets received from divert systems where there is no host stored. These packets are dropped.
OID: 1.3.6.1.4.1.15397.2.1.125.8
Inject data failures

This is the number of times an inject action on a connection destined for a divert channel failed.
OID: 1.3.6.1.4.1.15397.2.1.125.25
Out of hosts
This is the number of attempts to create a new data structure for a host with diverted connections when there are no
more to allocate. This means the system configuration value DIVERT_NUM_HOSTS must be raised or the number of
hosts diverted must be lowered.
OID: 1.3.6.1.4.1.15397.2.1.125.2
Proxy asym connections

This is the number of connections identified as asymmetric and diverted mid-session.
304
OID: 1.3.6.1.4.1.15397.2.1.125.41
Proxy asym local egress errors

This is the number of errors sending packets on the local divert channel interface for asymmetric connection diverted
mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.35
Proxy asym local egress packets

This is the number of packets sent on the local divert channel interface for asymmetric connections diverted mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.34
Proxy asym local ingress packets

This is the number of packets received on the local divert channel interface for asymmetric connections diverted mid-
session.
OID: 1.3.6.1.4.1.15397.2.1.125.40
Proxy asym notifications receive error

This is the number of errors detected when receiving notifications from the remote PRE for asymmetric connections
diverted mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.49
Proxy asym notifications received

This is the number of notifications received from the remote PRE for asymmetric connections diverted mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.46
Proxy asym notifications received (abort)

This is the number of notifications received containing abort instructions from the remote PRE for asymmetric connections
OID: 1.3.6.1.4.1.15397.2.1.125.48
Proxy asym notifications sent

This is the number of notifications sent to the remote PRE for asymmetric connections diverted mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.42
Proxy asym notifications sent (abort)

This is the number of notifications sent containing abort instructions to the remote PRE for asymmetric connections
OID: 1.3.6.1.4.1.15397.2.1.125.44
Proxy asym notifications sent error (resource)

This is the number of errors detected when sending notifications to the remote PRE for asymmetric connections diverted
mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.45
Proxy asym remote egress packets

This is the number of packets sent via flowsync for egress on the remote divert channel interface for asymmetric
connections diverted mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.28
Proxy asym remote ingress errors

This is the number of errors receiving packets via flowsync from the remote divert channel interface for asymmetric
connection diverted mid-session.
305
OID: 1.3.6.1.4.1.15397.2.1.125.30
Proxy asym remote ingress packets

This is the number of packets received via flowsync from the remote divert channel interface for asymmetric connection
OID: 1.3.6.1.4.1.15397.2.1.125.29
Proxy buffered packets

This is the number of packets buffered for connections diverted mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.57
Proxy connections
This is the number of connections in mid-session divert.
OID: 1.3.6.1.4.1.15397.2.1.125.19
Proxy connections failed

This is the number of failed attempts to divert a connection mid-session.
OID: 1.3.6.1.4.1.15397.2.1.125.20
Proxy connections ignored
OID: 1.3.6.1.4.1.15397.2.1.125.71
Too large L2-headers

This is the number of times the L2 header was too large to store in the divert hosts data structure (or too large to restore
after diverting). If this happens when the packet is received from the originator, the packet is bypassed (not diverted). If
this happens when the packet returns from the divert system it is dropped.
OID: 1.3.6.1.4.1.15397.2.1.125.3
C.9. Drdl
Analyzer actions called
This is the number of actions called by DRDL when analyzing traffic.
OID: 1.3.6.1.4.1.15397.2.1.24.14
Analyzer literals set

This is the number of properties set as string literals by the DRDL engine.
OID: 1.3.6.1.4.1.15397.2.1.24.29
Analyzer properties set

This is the number of properties set by the DRDL engine.
OID: 1.3.6.1.4.1.15397.2.1.24.15
Analyzer properties that could not be set

This is the number of times DRDL has failed to set a property for a connection.
OID: 1.3.6.1.4.1.15397.2.1.24.30
Connection tainting data structure usage

This is the usage level of the data structure used for connection tainting.
306
OID: 1.3.6.1.4.1.15397.2.1.24.54
How many key-value store objects are being reused
OID: 1.3.6.1.4.1.15397.2.1.24.73
New childconnections
This is the number of expected child connections hooks that are installed.
OID: 1.3.6.1.4.1.15397.2.1.24.2
Number of buffer allocation failures

This is the number of buffer allocations that fail. Buffers are DRDL containers that are used as temporary storage. If there
are allocation failures here, the connection properties will not be complete. The number of buffers available is governed
by the System Configuration value CONNECTION_PROP_BUFFERS.
OID: 1.3.6.1.4.1.15397.2.1.24.23
Number of buffers used

This is the number of buffers used by DRDL.
OID: 1.3.6.1.4.1.15397.2.1.24.22
Number of slice state structure allocation failures
OID: 1.3.6.1.4.1.15397.2.1.24.28
Properties used (128)

This is the number of 128 byte properties used.
OID: 1.3.6.1.4.1.15397.2.1.24.75
OID: 1.3.6.1.4.1.15397.2.1.24.56

This is the number of 256 byte properties used. Properties are allocated in pools of either 256 or 32 bytes.
OID: 1.3.6.1.4.1.15397.2.1.24.10

This is the number of 32 byte properties used.
OID: 1.3.6.1.4.1.15397.2.1.24.8
The minimum lifetime of the lately reused key-value objects
OID: 1.3.6.1.4.1.15397.2.1.24.72
Waiting childconnections
This is the number of child connections hooks pending.
OID: 1.3.6.1.4.1.15397.2.1.24.1
C.10. Drdl - Bincode

Analyzer properties set from bincode
307
OID: 1.3.6.1.4.1.15397.2.1.25.1
Analyzer properties that could not be set from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.2
Failed executions of bincode
OID: 1.3.6.1.4.1.15397.2.1.25.12
Key-Value store entries added from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.3
Key-Value store lookup hits from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.4
Key-Value store lookup misses from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.5
Successful executions of bincode
OID: 1.3.6.1.4.1.15397.2.1.25.11
C.11. EtherIP
EtherIP Packets with invalid reserved bits
OID: 1.3.6.1.4.1.15397.2.1.157.4
EtherIP Packets with non-IP tunneled packets
OID: 1.3.6.1.4.1.15397.2.1.157.5
EtherIP Packets with unknown version
OID: 1.3.6.1.4.1.15397.2.1.157.3
Number of EtherIP packets

Number of EtherIP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.157.1
Number of bytes of payload in EtherIP packets

Number of bytes of payload in EtherIP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.157.2
C.12. Ethernet
802.1q encapsulated packets
This is the number of 802.1q encapsulated frames received. These frames have a VLAN ID, and a priority field, and are
also called 'trunked' or 'vlan trunked' packets.
OID: 1.3.6.1.4.1.15397.2.1.28.4
308
Blind forwarded bytes

This is the number of bytes that have been blindly forwarded due to overload protection mode.
OID: 1.3.6.1.4.1.15397.2.1.28.40
Blind forwarded packets

This is the number of packets blindly forwarded due to overload protection mode.
OID: 1.3.6.1.4.1.15397.2.1.28.39
Broadcast packets
This is the number of ethernet broadcast packets. Broadcast packets have 0xFF in the first byte of the ethernet destination
address.
OID: 1.3.6.1.4.1.15397.2.1.28.2
Divert packets
This is the number of packets received on divert channels.
OID: 1.3.6.1.4.1.15397.2.1.28.8
Ethernet bytes (IPv4 and IPv6)

The number of bytes of Ethernet frames seen with IPv4 or IPv6 headers.
OID: 1.3.6.1.4.1.15397.2.1.28.30
Flowsync packets received on non-flowsync interface
OID: 1.3.6.1.4.1.15397.2.1.28.35
Invalid MPLS frames

This is the number of packets with an ethernet type of MPLS (0x8847 or 0x8848) but with no bottom of stack found.
These packets are dropped.
OID: 1.3.6.1.4.1.15397.2.1.28.6
Largest seen link-level header
OID: 1.3.6.1.4.1.15397.2.1.28.34
MPLS over Ethernet frames

This is the number of MPLS frames received. The contents of the MPLS frame is then run through the Ethernet layer
one more time, so the packet counters for different ethernet types might be larger than the number of received packets
on the wire.
OID: 1.3.6.1.4.1.15397.2.1.28.5
Multicast packets
This is the number of ethernet multicast packets received. These packets have the first bit in the ethernet destination set,
but the first byte is not 0xFF (in which case it is a broadcast packet).
OID: 1.3.6.1.4.1.15397.2.1.28.3
Natsync packets received on non-natsync interface
OID: 1.3.6.1.4.1.15397.2.1.28.36
Non IP packets
This is the number of packets received that do not contain an IPv4 header. These are silently forwarded.
OID: 1.3.6.1.4.1.15397.2.1.28.7
309
Not stored link-level header (out of entries)
OID: 1.3.6.1.4.1.15397.2.1.28.33
Not stored link-level header (oversized)
OID: 1.3.6.1.4.1.15397.2.1.28.32
Number of unique link-level headers stored
OID: 1.3.6.1.4.1.15397.2.1.28.31
Shunted bytes (Channel role)

This is the number of bytes that have been shunted due to the channel role being configured to shunt.
OID: 1.3.6.1.4.1.15397.2.1.28.38
Shunted bytes (Dot1q)

This is the number of bytes that have been shunted due to a VLAN ID matching the system configuration.
OID: 1.3.6.1.4.1.15397.2.1.28.29
Shunted bytes (EoMPLS)

This is the number of bytes that have been shunted because the packets are Ethernet-over-MPLS (EoMPLS) and shunting
EoMPLS is configured.
OID: 1.3.6.1.4.1.15397.2.1.28.27
Shunted bytes (MPLS)

This is the number of bytes that have been shunted due to an MPLS label matching the system configuration.
OID: 1.3.6.1.4.1.15397.2.1.28.25
Shunted bytes (ethertype)

This is the number of bytes that have been shunted due to an ethertype matching the system configuration.
OID: 1.3.6.1.4.1.15397.2.1.28.23
Shunted packets (Channel role)

This is the number of packets that have been shunted due to the channel role being configured to shunt.
OID: 1.3.6.1.4.1.15397.2.1.28.37
Shunted packets (Dot1q)

This is the number of packets that have been shunted due to a VLAN ID matching the system configuration.
OID: 1.3.6.1.4.1.15397.2.1.28.28
Shunted packets (EoMPLS)

This is the number of packets that have been shunted because the packets are Ethernet-over-MPLS (EoMPLS) and
shunting EoMPLS is configured.
OID: 1.3.6.1.4.1.15397.2.1.28.26
Shunted packets (MPLS)

This is the number of packets that have been shunted due to an MPLS label matching the system configuration.
OID: 1.3.6.1.4.1.15397.2.1.28.24
Shunted packets (ethertype)

This is the number of packets that have been shunted due to an ethertype matching the system configuration.
310
OID: 1.3.6.1.4.1.15397.2.1.28.22
Unicast packets
This is the number of unicasted ethernet packets. These are all ethernet frames except multicast and broadcast packets.
OID: 1.3.6.1.4.1.15397.2.1.28.1
C.13. Filtering
Failed monitored packets
This is the number of monitored packets that failed to be duplicated to user space.
OID: 1.3.6.1.4.1.15397.2.1.80.9
Inject data invalid properties
OID: 1.3.6.1.4.1.15397.2.1.80.12
Inject data preparation failures

This is the number of attempts to generate inject packets that have failed because the resulting data becomes too large
or because the property from which to use data is not found.
OID: 1.3.6.1.4.1.15397.2.1.80.11
Log entries
This is the number of log entries made.
OID: 1.3.6.1.4.1.15397.2.1.80.7
Monitored packets
This is the number of packets monitored.
OID: 1.3.6.1.4.1.15397.2.1.80.8
Rewrites changed in active connection

This is the number of times a ruleset evaluation caused the rewrite of an existing connection to change.
OID: 1.3.6.1.4.1.15397.2.1.80.13
Ruleset evaluations giving ACCEPT

This is the number of times the ruleset has been evaluated to accept a packet. Note that only the first packet of a new
connection will be evaluated by the ruleset. Subsequent packets will continue to use the previously calculated action until
a property in the connection changes (such as services, properties, or AS path).
OID: 1.3.6.1.4.1.15397.2.1.80.1
Ruleset evaluations giving DIVERT

This is the number of times the ruleset has been evaluated to divert a packet. Note that only the first packet of a new
OID: 1.3.6.1.4.1.15397.2.1.80.5
Ruleset evaluations giving DROP

This is the number of times the ruleset has been evaluated to drop a packet. Note that only the first packet of a new
OID: 1.3.6.1.4.1.15397.2.1.80.3
311
Ruleset evaluations giving ENRICH
OID: 1.3.6.1.4.1.15397.2.1.80.14
Ruleset evaluations giving INJECT

This is the number of times the ruleset has been evaluated to set off injection. Note that only the first packet of a new
OID: 1.3.6.1.4.1.15397.2.1.80.10
Ruleset evaluations giving REJECT

This is the number of times the ruleset has been evaluated to reject a packet. Note that only the first packet of a new
OID: 1.3.6.1.4.1.15397.2.1.80.2
Ruleset evaluations giving REWRITE

This is the number of times the ruleset has been evaluated to rewrite a packet. Note that only the first packet of a new
OID: 1.3.6.1.4.1.15397.2.1.80.4
C.14. GRE
RX data
Number of bytes of payload in GRE packets seen.
OID: 1.3.6.1.4.1.15397.2.1.131.3
RX packets
Number of GRE packets seen.
OID: 1.3.6.1.4.1.15397.2.1.131.2
C.15. GTP
RX data
Number of bytes of payload in GTP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.129.3
RX packets
Number of GTP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.129.2
C.16. GeoLogic - Engine

Number of connection relookups
312
OID: 1.3.6.1.4.1.15397.2.1.155.7
Number of failed lookups in engine due to ltable not populated
OID: 1.3.6.1.4.1.15397.2.1.155.3
Number of failed lookups in engine due to unknown IP
OID: 1.3.6.1.4.1.15397.2.1.155.2
Number of lookups in engine
OID: 1.3.6.1.4.1.15397.2.1.155.1
Number of provisioned IPV4 rows in engine
OID: 1.3.6.1.4.1.15397.2.1.155.5
Number of provisioned IPV6 rows in engine
OID: 1.3.6.1.4.1.15397.2.1.155.6
Version
OID: 1.3.6.1.4.1.15397.2.1.155.4
C.17. GeoLogic - Userspace

Number of matching headers found
OID: 1.3.6.1.4.1.15397.2.1.156.1
Number of provisioned IPV4 rows in PLRCD
OID: 1.3.6.1.4.1.15397.2.1.156.2
Number of provisioned IPV6 rows in PLRCD
OID: 1.3.6.1.4.1.15397.2.1.156.3
Size of IntArray in PLRCD
OID: 1.3.6.1.4.1.15397.2.1.156.5
Size of StringArray in PLRCD
OID: 1.3.6.1.4.1.15397.2.1.156.4
Time it took to read the csv file
OID: 1.3.6.1.4.1.15397.2.1.156.8
Total number of bytes read from the csv file
OID: 1.3.6.1.4.1.15397.2.1.156.7
Version in PLRCD
OID: 1.3.6.1.4.1.15397.2.1.156.6
313
C.18. Header Enrichment

Number of currently enriched connections
OID: 1.3.6.1.4.1.15397.2.1.143.3
Number of enrichment data allocation failures
OID: 1.3.6.1.4.1.15397.2.1.143.2
Number of headers inserted
OID: 1.3.6.1.4.1.15397.2.1.143.14
Number of headers overwritten
OID: 1.3.6.1.4.1.15397.2.1.143.6
Number of headers removed
OID: 1.3.6.1.4.1.15397.2.1.143.7
Number of packet buffer overflows
OID: 1.3.6.1.4.1.15397.2.1.143.12
Number of packets buffered
OID: 1.3.6.1.4.1.15397.2.1.143.13
Number of packets dropped by enrichment (to client)
OID: 1.3.6.1.4.1.15397.2.1.143.4
Number of packets dropped by enrichment (to server)
OID: 1.3.6.1.4.1.15397.2.1.143.5
Number of packets enrichment has added
OID: 1.3.6.1.4.1.15397.2.1.143.1
Number of packets handled by enrichment (to client)
OID: 1.3.6.1.4.1.15397.2.1.143.9
Number of packets handled by enrichment (to server)
OID: 1.3.6.1.4.1.15397.2.1.143.10
Number of packets retransmitted
OID: 1.3.6.1.4.1.15397.2.1.143.11
Number of sequence map overflows
OID: 1.3.6.1.4.1.15397.2.1.143.8
Out of temporary buffer space
314
OID: 1.3.6.1.4.1.15397.2.1.143.15
C.19. Host Stats

Buffer aliasing count
OID: 1.3.6.1.4.1.15397.2.1.146.3
Host stats host pool exhausted
OID: 1.3.6.1.4.1.15397.2.1.146.7
Host stats timer runs
OID: 1.3.6.1.4.1.15397.2.1.146.6
Host stats traffic sent over the interface
OID: 1.3.6.1.4.1.15397.2.1.146.1
Hosts processed in timer func
OID: 1.3.6.1.4.1.15397.2.1.146.5
Messages sent
OID: 1.3.6.1.4.1.15397.2.1.146.12
Missed send-deadlines
OID: 1.3.6.1.4.1.15397.2.1.146.4
Number of hosts
OID: 1.3.6.1.4.1.15397.2.1.146.2
Number of hosts added
OID: 1.3.6.1.4.1.15397.2.1.146.8
Number of hosts removed
OID: 1.3.6.1.4.1.15397.2.1.146.9
C.20. ICMPv4
RX bytes
OID: 1.3.6.1.4.1.15397.2.1.49.2
RX packets
OID: 1.3.6.1.4.1.15397.2.1.49.1
Refused (ruleset)
315
OID: 1.3.6.1.4.1.15397.2.1.49.3
Refused (short)
OID: 1.3.6.1.4.1.15397.2.1.49.4
C.21. ICMPv6
RX bytes
OID: 1.3.6.1.4.1.15397.2.1.50.2
RX packets
OID: 1.3.6.1.4.1.15397.2.1.50.1
Refused (ruleset)
OID: 1.3.6.1.4.1.15397.2.1.50.3
Refused (short)
OID: 1.3.6.1.4.1.15397.2.1.50.4
C.22. IPv4
Dropped fragments (timeout/LRU)
This is the number of times fragments have been dropped because the packet was not reassembled before the timeout,
or due to LRU allocation of newer fragments.
OID: 1.3.6.1.4.1.15397.2.1.32.21
ECN Capable Packets ECT(0)

The number of IPv4 packets seen marked as ECN capable, with ECT(0) set.
OID: 1.3.6.1.4.1.15397.2.1.32.39

OID: 1.3.6.1.4.1.15397.2.1.32.40
ECN Packets Congestion Experienced

The number of IPv4 packets seen marked as having experience congestion with ECN.
OID: 1.3.6.1.4.1.15397.2.1.32.41
Fragment allocation failures

This is the number of allocations failed (from the packet pool) for IP fragments.
OID: 1.3.6.1.4.1.15397.2.1.32.15
Fragment reassembly failures

This is the number of times an IP packet was not reassembled due to packet allocation failure, or invalid fragmentation.
316
OID: 1.3.6.1.4.1.15397.2.1.32.16
Fragments in queue
This is the number of fragments buffered waiting for reassembly.
OID: 1.3.6.1.4.1.15397.2.1.32.11
Packets refused (too many fragments)

This is the number of refused packets that were discarded because it used too many fragments (the threshold is
configurable with the system configuration value IPV4_MAX_FRAGMENTS_PER_HEADER). To see what IP address
is affected, set the system configuration value IPV4_EXPOSE_FRAGMENT_VIOLATIONS to True. This will store a log
message in the engine log every time a packet is refused due to too many IP fragments.
OID: 1.3.6.1.4.1.15397.2.1.32.19
Packets refused by lowlevel filter

Not in use currently
OID: 1.3.6.1.4.1.15397.2.1.32.17
RX data
This is the number of bytes received as IPv4 packets.
OID: 1.3.6.1.4.1.15397.2.1.32.2
RX packets
This is the number of packets received as IPv4 packets.
OID: 1.3.6.1.4.1.15397.2.1.32.1
Reassembled packets
This is the number of packets reassembled from fragments.
OID: 1.3.6.1.4.1.15397.2.1.32.20
Reassembly refused (Rate Limit)

Number of packets dropped because they are fragmented and IPV4_FRAGMENT_REASS_PPS is exceeded.
OID: 1.3.6.1.4.1.15397.2.1.32.42
Refused (invalid version)

This is the number of packets dropped because the IP header version was not 4 (but the ethernet type said IPv4)
OID: 1.3.6.1.4.1.15397.2.1.32.4
Refused (packet is too short)

This is the number of packets refused because they are not long enough to contain an IPv4 header, or the payload length
in the IPv4 header does not fit in the packet.
OID: 1.3.6.1.4.1.15397.2.1.32.3
Shunted bytes (DSCP)
OID: 1.3.6.1.4.1.15397.2.1.32.44
Shunted bytes (address)

This is the number of bytes shunted based on address.
OID: 1.3.6.1.4.1.15397.2.1.32.36
Shunted bytes (protocol)

This is the number of bytes shunted based on protocol.
317
OID: 1.3.6.1.4.1.15397.2.1.32.38
Shunted packets (DSCP)
OID: 1.3.6.1.4.1.15397.2.1.32.43
Shunted packets (address)

This is the number of packets shunted based on address.
OID: 1.3.6.1.4.1.15397.2.1.32.35
Shunted packets (protocol)

This is the number of packets shunted based on protocol.
OID: 1.3.6.1.4.1.15397.2.1.32.37
C.23. IPv6
Destination Ext. Headers
This is the number of destination extension headers seen.
OID: 1.3.6.1.4.1.15397.2.1.126.22
Dropped fragments (timeout/LRU)

This is the number of times fragments have been dropped because the packet was not reassembled before the timeout,
or due to LRU allocation of newer fragments.
OID: 1.3.6.1.4.1.15397.2.1.126.27

OID: 1.3.6.1.4.1.15397.2.1.126.33

OID: 1.3.6.1.4.1.15397.2.1.126.34
ECN Packets Congestion Experienced

The number of IPv6 packets seen marked as having experience congestion with ECN.
OID: 1.3.6.1.4.1.15397.2.1.126.35
Fragment allocation failures

This is the number of allocations failed (from the packet pool) for IP fragments.
OID: 1.3.6.1.4.1.15397.2.1.126.15
Fragment reassembly failures

This is the number of times an IP packet was not reassembled due to packet allocation failure, or invalid fragmentation.
OID: 1.3.6.1.4.1.15397.2.1.126.16
Fragments in queue
This is the number of fragments buffered waiting for reassembly.
OID: 1.3.6.1.4.1.15397.2.1.126.11
318
Hob-by-hop Ext. Headers

This is the number of hop-by-hop extension headers seen.
OID: 1.3.6.1.4.1.15397.2.1.126.23
Invalid Ext. Headers

This is the number of invalid extension headers seen.
OID: 1.3.6.1.4.1.15397.2.1.126.25
Overlapping Fragments
This is the number of overlapping fragments seen. These are not allowed and will be dropped.
OID: 1.3.6.1.4.1.15397.2.1.126.21
Packets refused (too many fragments)

This is the number of refused packets that were discarded because it used too many fragments.
OID: 1.3.6.1.4.1.15397.2.1.126.19
RX data
This is the number of bytes received as IPv6 packets.
OID: 1.3.6.1.4.1.15397.2.1.126.2
RX packets
This is the number of packets received as IPv6 packets.
OID: 1.3.6.1.4.1.15397.2.1.126.1
Reassembled packets
This is the number of packets reassembled from fragments.
OID: 1.3.6.1.4.1.15397.2.1.126.20
Reassembly Timeout
This is the number of times fragmented packets have been discarded because it took too long to receive all fragments.
OID: 1.3.6.1.4.1.15397.2.1.126.26
Refused (invalid version)

This is the number of packets dropped because the IP header version was not 6 (but the ethernet type said IPv6)
OID: 1.3.6.1.4.1.15397.2.1.126.4
Refused (packet is too short)

This is the number of packets refused because they are not long enough to contain an IPv6 header, or the payload length
in the IPv6 header does not fit in the packet.
OID: 1.3.6.1.4.1.15397.2.1.126.3
Refused (src == dest)

This is the number of packets refused because the IP header source address is identical to the destination address.
OID: 1.3.6.1.4.1.15397.2.1.126.5
Route Ext, Headers

This is the number of route extension headers seen.
OID: 1.3.6.1.4.1.15397.2.1.126.24
319
Shunted bytes (DSCP)
OID: 1.3.6.1.4.1.15397.2.1.126.37
Shunted bytes (address)

This is the number of bytes shunted based on address.
OID: 1.3.6.1.4.1.15397.2.1.126.29
Shunted bytes (protocol)

This is the number of bytes shunted based on protocol.
OID: 1.3.6.1.4.1.15397.2.1.126.31
Shunted packets (DSCP)
OID: 1.3.6.1.4.1.15397.2.1.126.36
Shunted packets (address)

This is the number of packets shunted based on address.
OID: 1.3.6.1.4.1.15397.2.1.126.28
Shunted packets (protocol)

This is the number of packets shunted based on protocol.
OID: 1.3.6.1.4.1.15397.2.1.126.30
C.24. Insights
Datacore: Bytes sent
OID: 1.3.6.1.4.1.15397.2.1.145.5
Datacore: Insights storage connections
OID: 1.3.6.1.4.1.15397.2.1.145.53
Datacore: Records sent
OID: 1.3.6.1.4.1.15397.2.1.145.4
Datacore: Uncompressed bytes sent
OID: 1.3.6.1.4.1.15397.2.1.145.62
Score: Batches dropped
OID: 1.3.6.1.4.1.15397.2.1.145.61
Score: Bytes sent
OID: 1.3.6.1.4.1.15397.2.1.145.43
Score: Bytes unaccounted in

This is the number of incoming bytes, for score, transferred to PLSD by PLD that are not accounted for by PLSD.
OID: 1.3.6.1.4.1.15397.2.1.145.83
320
Score: Bytes unaccounted out

This is the number of outgoing bytes, for score, transferred to PLSD by PLD that are not accounted for by PLSD.
OID: 1.3.6.1.4.1.15397.2.1.145.84
Score: Current batch spilled to disk
OID: 1.3.6.1.4.1.15397.2.1.145.71
Score: Dump backlog
OID: 1.3.6.1.4.1.15397.2.1.145.67
Score: Dump duration
OID: 1.3.6.1.4.1.15397.2.1.145.66
Score: Host stats records received
OID: 1.3.6.1.4.1.15397.2.1.145.24
Score: Max buffer bytes used per builder thread

Score: The maximum number of buffer bytes used per builder thread in the PacketLogic Statistics Daemon (PLSD)
memory.
OID: 1.3.6.1.4.1.15397.2.1.145.92
Score: Max buffered records per builder thread

Score: The maximum number of buffered records per builder thread in the PacketLogic Statistics Daemon (PLSD) memory.
OID: 1.3.6.1.4.1.15397.2.1.145.91
Score: Records dropped
OID: 1.3.6.1.4.1.15397.2.1.145.45
Score: Records rejected
OID: 1.3.6.1.4.1.15397.2.1.145.58
Score: Records sent
OID: 1.3.6.1.4.1.15397.2.1.145.42
Score: Spilled batches on disk
OID: 1.3.6.1.4.1.15397.2.1.145.76
Score: Total buffer bytes used

Score: The total number of buffer bytes used in the PacketLogic Statistics Daemon (PLSD) memory.
OID: 1.3.6.1.4.1.15397.2.1.145.90
Score: Total buffered records

Score: The total number of buffered records in the PacketLogic Statistics Daemon (PLSD) memory.
OID: 1.3.6.1.4.1.15397.2.1.145.89
Score: Uncompressed bytes sent
OID: 1.3.6.1.4.1.15397.2.1.145.65
321
Traffic: Batches dropped
OID: 1.3.6.1.4.1.15397.2.1.145.59
Traffic: Bytes sent
OID: 1.3.6.1.4.1.15397.2.1.145.19
Traffic: Current batch spilled to disk
OID: 1.3.6.1.4.1.15397.2.1.145.70
Traffic: Previous dump bytes
OID: 1.3.6.1.4.1.15397.2.1.145.54
Traffic: Previous dump duration
OID: 1.3.6.1.4.1.15397.2.1.145.8
Traffic: Previous dump records
OID: 1.3.6.1.4.1.15397.2.1.145.55
Traffic: Records rejected
OID: 1.3.6.1.4.1.15397.2.1.145.56
Traffic: Records sent
OID: 1.3.6.1.4.1.15397.2.1.145.18
Traffic: Spilled batches on disk
OID: 1.3.6.1.4.1.15397.2.1.145.75
Traffic: Uncompressed bytes sent
OID: 1.3.6.1.4.1.15397.2.1.145.63
C.25. Interface
Flow updates missed
OID: 1.3.6.1.4.1.15397.2.1.120.11
Hostname allocation failures
OID: 1.3.6.1.4.1.15397.2.1.120.13
Hostname allocations
OID: 1.3.6.1.4.1.15397.2.1.120.15
New flows
OID: 1.3.6.1.4.1.15397.2.1.120.12
New flows missed
322
OID: 1.3.6.1.4.1.15397.2.1.120.10
Received from engine
OID: 1.3.6.1.4.1.15397.2.1.120.9
Reordered flow updates
OID: 1.3.6.1.4.1.15397.2.1.120.14
Sent to engine
OID: 1.3.6.1.4.1.15397.2.1.120.8
C.26. Ipfix Exporter

Collectors
OID: 1.3.6.1.4.1.15397.2.1.139.21
Connection table size

The size of the table (current number of entries) where connection information for IPFIX is stored. If the system configuration
value IPFIX_FLOW_DEFINITION is set to 1 (full flow), the IPFIX exporter will not keep connection information in memory
as the data will be exported on termination of the connection. Thereby 'Connection table size' will be 0 when full flow
IPFIX export is configured.
OID: 1.3.6.1.4.1.15397.2.1.139.1
Connection updates
The number of connection updates per second received by the IPFIX exporter. If the system configuration value
IPFIX_FLOW_DEFINITION is set to intermediate flow, each connection update that matches a statistics rule with an
associated IPFIXObject will generate one record per IPFIXObject that it matches. In case of full flow IPFIX configuration,
only the final connection update will generate IPFIX records.
OID: 1.3.6.1.4.1.15397.2.1.139.2
Connects
The number of times the current running IPFIX exporter has connected to packetlogicd. If the value is increased
unexpectedly, the IPFIX exporter has been disconnected.
OID: 1.3.6.1.4.1.15397.2.1.139.12
Dropped messages, congestion
OID: 1.3.6.1.4.1.15397.2.1.139.18
Dropped messages, connection error
OID: 1.3.6.1.4.1.15397.2.1.139.19
Dropped messages, internal buffer exhaustion
OID: 1.3.6.1.4.1.15397.2.1.139.20
Dropped records
The number of records that have been dropped. An IPFIX record will be dropped if the size of the record exceeds the
maximum message size (set by the system configuration value IPFIX_MESSAGE_MAX_LENGTH). To avoid drops due to
size, large IPFIX templates may be split into smaller templates. This will result in more but smaller IPFIX records.
323
OID: 1.3.6.1.4.1.15397.2.1.139.8
Export Bandwidth used

The current export bandwidth calculated from the size of the exported IPFIX messages.
OID: 1.3.6.1.4.1.15397.2.1.139.9
Exported Ipfix Messages

The number of IPFIX messages that has been exported. Each message can contain multiple records.
OID: 1.3.6.1.4.1.15397.2.1.139.7
Exported Records
The number of IPFIX data records that has been exported.
OID: 1.3.6.1.4.1.15397.2.1.139.10
Receive Ringbuffer usage

The usage of the receiving ringbuffer in bytes. The receiving ringbuffer buffers messages to the IPFIX exporter. The
ringbuffer usage will peak once for every STATISTICS_CONNECTION_UPDATE_INTERVAL when connection updates
are sent for all long lasting connections that are still in the packetlogicd connection table.
OID: 1.3.6.1.4.1.15397.2.1.139.11
C.27. L2TP
Control RX data
The number of payload bytes in L2TP control packets seen.
OID: 1.3.6.1.4.1.15397.2.1.132.27
Control RX packets
The number of L2TP control packets seen.
OID: 1.3.6.1.4.1.15397.2.1.132.26
L2TP map: Number of ENTRIES (outgoing, incoming)-pairs in storage in engine
OID: 1.3.6.1.4.1.15397.2.1.132.20
L2TP map: Number of INSERT operations into L2TP map
OID: 1.3.6.1.4.1.15397.2.1.132.22
L2TP map: Number of LOOKUP operations in L2TP map
OID: 1.3.6.1.4.1.15397.2.1.132.24
L2TP map: Number of REMOVE operations from L2TP map
OID: 1.3.6.1.4.1.15397.2.1.132.23
L2TP map: Number of lookup and FOUND operations in L2TP map
OID: 1.3.6.1.4.1.15397.2.1.132.25
L2TP map: Storage in engine is FULL
OID: 1.3.6.1.4.1.15397.2.1.132.21
324
PPP CHAP RX packets

The number of PPP CHAP packets seen in L2TP.
OID: 1.3.6.1.4.1.15397.2.1.132.9
PPP CIPv4 RX packets

The number of PPP CIPv4 packets seen in L2TP.
OID: 1.3.6.1.4.1.15397.2.1.132.7
PPP CIPv6 RX packets

The number of PPP CIPv6 packets seen in L2TP.
OID: 1.3.6.1.4.1.15397.2.1.132.8
PPP IPv4 RX packets

The number of PPP IPv4 packets seen in L2TP.
OID: 1.3.6.1.4.1.15397.2.1.132.4
PPP IPv6 RX packets

The number of PPP IPv6 packets seen in L2TP.
OID: 1.3.6.1.4.1.15397.2.1.132.5
PPP LCP RX packets

The number of PPP LCP packets seen in L2TP.
OID: 1.3.6.1.4.1.15397.2.1.132.6
RX data
The number of payload bytes in L2TP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.132.3
RX packets
The number of L2TP packets seen.
OID: 1.3.6.1.4.1.15397.2.1.132.2
C.28. Line Sharing

Host pool is depleted
OID: 1.3.6.1.4.1.15397.2.1.153.14
Hosts Created
OID: 1.3.6.1.4.1.15397.2.1.153.2
Hosts Deleted
OID: 1.3.6.1.4.1.15397.2.1.153.3
Number of Hosts
OID: 1.3.6.1.4.1.15397.2.1.153.1
Port Devices
325
OID: 1.3.6.1.4.1.15397.2.1.153.9
Port Devices Created
OID: 1.3.6.1.4.1.15397.2.1.153.10
Port Devices Deleted
OID: 1.3.6.1.4.1.15397.2.1.153.11
Port Failure - No space in array
OID: 1.3.6.1.4.1.15397.2.1.153.13
Timestamp Devices
OID: 1.3.6.1.4.1.15397.2.1.153.4
Timestamp Devices Created
OID: 1.3.6.1.4.1.15397.2.1.153.5
Timestamp Devices Deleted
OID: 1.3.6.1.4.1.15397.2.1.153.6
Timestamp Failure - No space in array
OID: 1.3.6.1.4.1.15397.2.1.153.8
C.29. Liveview
Active hosts
This is the number of hosts seen in the traffic belonging to the network(s) connected to an internal channel interface.
OID: 1.3.6.1.4.1.15397.2.1.134.4
Active hosts (hourly)

This is the number of hosts seen in the traffic belonging to the network(s) connected to an internal channel interface.
OID: 1.3.6.1.4.1.15397.2.1.134.47
Client send buffer usage
OID: 1.3.6.1.4.1.15397.2.1.134.53
Connected PLSD clients

This is the number of clients receiving all streams. These are usually statistics receivers.
OID: 1.3.6.1.4.1.15397.2.1.134.3
Connected clients
This is the total number of clients connected to PLD.
OID: 1.3.6.1.4.1.15397.2.1.134.2
DRDL revision
This is the revision number on the DRDL Application Recognition Module (ARM) currently installed.
326
OID: 1.3.6.1.4.1.15397.2.1.134.7
Hostname allocation failures

The number of times allocating a hostname failed.
OID: 1.3.6.1.4.1.15397.2.1.134.20
Hosts not created due to exhausted cache

This is the number of times a host could not be created because the data structure for holding hosts is full. The system
configuration value HOST_NUM_HOSTS needs to be raised.
OID: 1.3.6.1.4.1.15397.2.1.134.14
Max complexity among active views
OID: 1.3.6.1.4.1.15397.2.1.134.48
Messages with excess ShapingObject

Number of messages received by pld that contained more shaping objects than the configured maximum per connection
OID: 1.3.6.1.4.1.15397.2.1.134.51
Number of liveview updates dropped by PLD
OID: 1.3.6.1.4.1.15397.2.1.134.52
PLSD buffer usage

This is the buffer usage for the statistics daemon.
OID: 1.3.6.1.4.1.15397.2.1.134.23
Post-processing time (ms)
OID: 1.3.6.1.4.1.15397.2.1.134.29
Properties stored
OID: 1.3.6.1.4.1.15397.2.1.134.17
Property arrays used
OID: 1.3.6.1.4.1.15397.2.1.134.16
Property entries used
OID: 1.3.6.1.4.1.15397.2.1.134.15
Reaper receive buffer usage
OID: 1.3.6.1.4.1.15397.2.1.134.21
Reaper send buffer usage
OID: 1.3.6.1.4.1.15397.2.1.134.22
Session Context Rows
OID: 1.3.6.1.4.1.15397.2.1.134.39
Session Context Rows in Table
OID: 1.3.6.1.4.1.15397.2.1.134.40
327
ShapingObject array allocation failures

The number of times allocating a ShapingObject array failed.
OID: 1.3.6.1.4.1.15397.2.1.134.50
String cache usage

This is the number of items in the string cache.
OID: 1.3.6.1.4.1.15397.2.1.134.10
Too many netobjects on a single host
OID: 1.3.6.1.4.1.15397.2.1.134.18
Uptime
OID: 1.3.6.1.4.1.15397.2.1.134.1
Visible NetObjects
This is the number of visible NetObjects in the rule set.
OID: 1.3.6.1.4.1.15397.2.1.134.5
Visible netobject pool exhausted

This is the number of times allocating a visible NetObject has failed. This could indicate that the system configuration
value MAX_VISIBLE_NETOBJECTS should be raised.
OID: 1.3.6.1.4.1.15397.2.1.134.8
C.30. Load Balancer

Blacklisted buckets
This is the number of buckets blacklisted by the load balancer.
OID: 1.3.6.1.4.1.15397.2.1.135.51
Blacklisted packets
This is the number of packets shunted or dropped due to blacklisting in the load balancer.
OID: 1.3.6.1.4.1.15397.2.1.135.52
CPU load
CPU load on the load balancer CPU.
OID: 1.3.6.1.4.1.15397.2.1.135.40
CPU packet buffer failures
OID: 1.3.6.1.4.1.15397.2.1.135.83
CPU uptime
Uptime of the load balancer.
OID: 1.3.6.1.4.1.15397.2.1.135.39
Corrupt CPU packets
OID: 1.3.6.1.4.1.15397.2.1.135.82
328
Fabrics allowed
This is a bitmask representation of the switch fabrics allowed to use for communication with flow processors (as defined
by system configuration value LB_FABRICS_ALLOW.
OID: 1.3.6.1.4.1.15397.2.1.135.62
Heartbeat packets lost

This is the number of heartbeats sent to flow processors that have been lost.
OID: 1.3.6.1.4.1.15397.2.1.135.49
Incompatible flowsync packets

This is the number of flowsync packets seen that are not the correct version.
OID: 1.3.6.1.4.1.15397.2.1.135.14
Incompatible natsync packets
OID: 1.3.6.1.4.1.15397.2.1.135.96
Logical ID
This is the logical ID of the load balancer CPU.
OID: 1.3.6.1.4.1.15397.2.1.135.45
Logical flow processors

This is the list of the logical IDs of the flow processors handled by this load balancer.
OID: 1.3.6.1.4.1.15397.2.1.135.2
Moved buckets
This is the number of buckets that have been moved to a different flow processor by the load balancer.
OID: 1.3.6.1.4.1.15397.2.1.135.50
Number of flow processors

This is the number of flow processors installed in the system.
OID: 1.3.6.1.4.1.15397.2.1.135.1
Online flow processors
OID: 1.3.6.1.4.1.15397.2.1.135.3
RX bytes external
This is the number of bytes of data received by the load balancer from the external channel interface(s).
OID: 1.3.6.1.4.1.15397.2.1.135.7
RX bytes internal
This is the number of bytes of data received by the load balancer from the internal channel interface(s).
OID: 1.3.6.1.4.1.15397.2.1.135.6
RX drops external
OID: 1.3.6.1.4.1.15397.2.1.135.54
RX drops internal
OID: 1.3.6.1.4.1.15397.2.1.135.53
329
RX errors external
This is the number of errors in packet reception from the external channel interface(s).
OID: 1.3.6.1.4.1.15397.2.1.135.9
RX errors internal
This is the number of errors in packet reception from the internal channel interface(s).
OID: 1.3.6.1.4.1.15397.2.1.135.8
RX packets external
This is the number of packets of data received by the load balancer from the external channel interface(s).
OID: 1.3.6.1.4.1.15397.2.1.135.5
RX packets internal
This is the number of packets of data received by the load balancer from the internal channel interface(s).
OID: 1.3.6.1.4.1.15397.2.1.135.4
Shunt bytes external (Channel role)

This is the number of bytes that have been shunted over the external channel interface due to the channel role being
configured to shunt.
OID: 1.3.6.1.4.1.15397.2.1.135.100
Shunt bytes external (EoMPLS)
OID: 1.3.6.1.4.1.15397.2.1.135.38
Shunt bytes external (IPv4 DSCP)
OID: 1.3.6.1.4.1.15397.2.1.135.89
Shunt bytes external (IPv4 address)
OID: 1.3.6.1.4.1.15397.2.1.135.18
Shunt bytes external (IPv4 protocol)
OID: 1.3.6.1.4.1.15397.2.1.135.22
Shunt bytes external (IPv6 DSCP)
OID: 1.3.6.1.4.1.15397.2.1.135.93
Shunt bytes external (IPv6 address)
OID: 1.3.6.1.4.1.15397.2.1.135.44
Shunt bytes external (MPLS)
OID: 1.3.6.1.4.1.15397.2.1.135.34
Shunt bytes external (dot1q)
OID: 1.3.6.1.4.1.15397.2.1.135.30
Shunt bytes external (ethertype)
OID: 1.3.6.1.4.1.15397.2.1.135.26
330
Shunt bytes internal (Channel role)

This is the number of bytes that have been shunted over the internal channel interface due to the channel role being
OID: 1.3.6.1.4.1.15397.2.1.135.99
Shunt bytes internal (EoMPLS)
OID: 1.3.6.1.4.1.15397.2.1.135.37
Shunt bytes internal (IPv4 DSCP)
OID: 1.3.6.1.4.1.15397.2.1.135.88
Shunt bytes internal (IPv4 address)
OID: 1.3.6.1.4.1.15397.2.1.135.17
Shunt bytes internal (IPv4 protocol)
OID: 1.3.6.1.4.1.15397.2.1.135.21
Shunt bytes internal (IPv6 DSCP)
OID: 1.3.6.1.4.1.15397.2.1.135.92
Shunt bytes internal (IPv6 address)
OID: 1.3.6.1.4.1.15397.2.1.135.43
Shunt bytes internal (MPLS)
OID: 1.3.6.1.4.1.15397.2.1.135.33
Shunt bytes internal (dot1q)
OID: 1.3.6.1.4.1.15397.2.1.135.29
Shunt bytes internal (ethertype)
OID: 1.3.6.1.4.1.15397.2.1.135.25
Shunt packets external (Channel role)

This is the number of packets that have been shunted over the external channel interface due to the channel role being
OID: 1.3.6.1.4.1.15397.2.1.135.98
Shunt packets external (EoMPLS)
OID: 1.3.6.1.4.1.15397.2.1.135.36
Shunt packets external (IPv4 DSCP)
OID: 1.3.6.1.4.1.15397.2.1.135.87
Shunt packets external (IPv4 address)
OID: 1.3.6.1.4.1.15397.2.1.135.16
Shunt packets external (IPv4 protocol)
331
OID: 1.3.6.1.4.1.15397.2.1.135.20
Shunt packets external (IPv6 DSCP)
OID: 1.3.6.1.4.1.15397.2.1.135.91
Shunt packets external (IPv6 address)
OID: 1.3.6.1.4.1.15397.2.1.135.42
Shunt packets external (MPLS)
OID: 1.3.6.1.4.1.15397.2.1.135.32
Shunt packets external (dot1q)
OID: 1.3.6.1.4.1.15397.2.1.135.28
Shunt packets external (ethertype)
OID: 1.3.6.1.4.1.15397.2.1.135.24
Shunt packets internal (Channel role)

This is the number of packets that have been shunted over the internal channel interface due to the channel role being
OID: 1.3.6.1.4.1.15397.2.1.135.97
Shunt packets internal (EoMPLS)
OID: 1.3.6.1.4.1.15397.2.1.135.35
Shunt packets internal (IPv4 DSCP)
OID: 1.3.6.1.4.1.15397.2.1.135.86
Shunt packets internal (IPv4 address)
OID: 1.3.6.1.4.1.15397.2.1.135.15
Shunt packets internal (IPv4 protocol)
OID: 1.3.6.1.4.1.15397.2.1.135.19
Shunt packets internal (IPv6 DSCP)
OID: 1.3.6.1.4.1.15397.2.1.135.90
Shunt packets internal (IPv6 address)
OID: 1.3.6.1.4.1.15397.2.1.135.41
Shunt packets internal (MPLS)
OID: 1.3.6.1.4.1.15397.2.1.135.31
Shunt packets internal (dot1q)
OID: 1.3.6.1.4.1.15397.2.1.135.27
Shunt packets internal (ethertype)
OID: 1.3.6.1.4.1.15397.2.1.135.23
332
TX bytes Fabric 1 external
OID: 1.3.6.1.4.1.15397.2.1.135.75
TX bytes Fabric 1 internal
OID: 1.3.6.1.4.1.15397.2.1.135.74
TX bytes Fabric 2 external
OID: 1.3.6.1.4.1.15397.2.1.135.81
TX bytes Fabric 2 internal
OID: 1.3.6.1.4.1.15397.2.1.135.80
TX bytes SFP channel external
OID: 1.3.6.1.4.1.15397.2.1.135.69
TX bytes SFP channel internal
OID: 1.3.6.1.4.1.15397.2.1.135.68
TX direct external
This is the number of packets forwarded directly to the external channel interface(s) without being processed by a flow
processor.
OID: 1.3.6.1.4.1.15397.2.1.135.11
TX direct internal
This is the number of packets forwarded directly to the internal channel interface(s) without being processed by a flow
processor.
OID: 1.3.6.1.4.1.15397.2.1.135.10
TX drops Fabric 1 external
OID: 1.3.6.1.4.1.15397.2.1.135.71
TX drops Fabric 1 internal
OID: 1.3.6.1.4.1.15397.2.1.135.70
TX drops Fabric 2 external
OID: 1.3.6.1.4.1.15397.2.1.135.77
TX drops Fabric 2 internal
OID: 1.3.6.1.4.1.15397.2.1.135.76
TX drops SFP channel external
OID: 1.3.6.1.4.1.15397.2.1.135.67
TX drops SFP channel internal
OID: 1.3.6.1.4.1.15397.2.1.135.66
TX drops external
This is the number of packets dropped in transmission on the external channel interface(s).
333
OID: 1.3.6.1.4.1.15397.2.1.135.13
TX drops internal
This is the number of packets dropped in transmission on the internal channel interface(s).
OID: 1.3.6.1.4.1.15397.2.1.135.12
TX packets FP external
OID: 1.3.6.1.4.1.15397.2.1.135.48
TX packets FP flowsync
OID: 1.3.6.1.4.1.15397.2.1.135.46
TX packets FP internal
OID: 1.3.6.1.4.1.15397.2.1.135.47
TX packets Fabric 1 external
OID: 1.3.6.1.4.1.15397.2.1.135.73
TX packets Fabric 1 internal
OID: 1.3.6.1.4.1.15397.2.1.135.72
TX packets Fabric 2 external
OID: 1.3.6.1.4.1.15397.2.1.135.79
TX packets Fabric 2 internal
OID: 1.3.6.1.4.1.15397.2.1.135.78
TX packets SFP channel external
OID: 1.3.6.1.4.1.15397.2.1.135.56
TX packets SFP channel internal
OID: 1.3.6.1.4.1.15397.2.1.135.55
C.31. NAT
Faulty pool configuration of low port blocks
OID: 1.3.6.1.4.1.15397.2.1.142.9
Number of NAT IP-addresses

The number of IP addresses configured to be used as external NAT addresses.
OID: 1.3.6.1.4.1.15397.2.1.142.6
Number of pools
The number of pools of NAT IP addresses.
OID: 1.3.6.1.4.1.15397.2.1.142.5
334
Number of port blocks (high)
OID: 1.3.6.1.4.1.15397.2.1.142.3
Number of port blocks (low)
OID: 1.3.6.1.4.1.15397.2.1.142.1
Total usage of NAT IP addresses

This is the usage level of the number of NAT IP addresses allowed to be configured.
OID: 1.3.6.1.4.1.15397.2.1.142.11
Total usage of NAT pools

This is the usage level of the number of NAT pools allowed to be configured.
OID: 1.3.6.1.4.1.15397.2.1.142.10
C.32. Natsync
Checksum mismatch in received sync
OID: 1.3.6.1.4.1.15397.2.1.61.9
Received natsync packets from myself.

The number of NATsync messages received where the sender ID is the same as this system. This is an error that indicates
misconfiguration of the NATsync cluster.
OID: 1.3.6.1.4.1.15397.2.1.61.3
Received natsync packets with incompatible version

The number of NATsync messages received from a sender with a different NATsync protocol version. This is an error that
indicates mismatching firmware versions in the NATsync cluster.
OID: 1.3.6.1.4.1.15397.2.1.61.2
C.33. PPPoE
Control packets
This is the number of PPPoE control packets received.
OID: 1.3.6.1.4.1.15397.2.1.96.3
IPv4 packets
This is the number of IPv4 packets received in PPPoE frames.
OID: 1.3.6.1.4.1.15397.2.1.96.6
IPv6 packets
This is the number of IPv6 packets received in PPPoE frames.
OID: 1.3.6.1.4.1.15397.2.1.96.8
Non IP packets
This is the number of non-IP packets received in PPPoE frames.
335
OID: 1.3.6.1.4.1.15397.2.1.96.7
Packets with unknown version

This is the number of packets received with an unknown PPPoE version.
OID: 1.3.6.1.4.1.15397.2.1.96.2
Padded packets
This is the number of padded PPPoE frames received.
OID: 1.3.6.1.4.1.15397.2.1.96.5
Short Packets dropped

This is the number of invalidly short PPPoE frames received (and dropped).
OID: 1.3.6.1.4.1.15397.2.1.96.1
Truncated packets dropped

This is the number of truncated PPPoE frames received (and dropped).
OID: 1.3.6.1.4.1.15397.2.1.96.4
C.34. Packet Processing

CPU Load
This is the processing load, in percent of maximum capacity, on the flow processor(s) and threads.
OID: 1.3.6.1.4.1.15397.2.1.8.15
CPU uptime
This is the time a packet processor CPU has been running.
OID: 1.3.6.1.4.1.15397.2.1.8.17
Free memory
This is the amount of free memory available to a packet processor CPU.
OID: 1.3.6.1.4.1.15397.2.1.8.16
Overload mode
An integer representing the current overload mode state. 0 means normal operation, 1 means DRDL disabled, and 2
means blind forwarding.
OID: 1.3.6.1.4.1.15397.2.1.8.27
Packets left in pool

This is the number of packets left in the internal packet pool for each flow processor and thread.
OID: 1.3.6.1.4.1.15397.2.1.8.10
RX drops
This is the number of packets dropped on reception by each flow processor and thread.
OID: 1.3.6.1.4.1.15397.2.1.8.2
RX packets
This is the number of packets received by each flow processor and thread.
336
OID: 1.3.6.1.4.1.15397.2.1.8.1
Steal time (ns)

The amount of CPU time (in nanoseconds) stolen by the hypervisor.
OID: 1.3.6.1.4.1.15397.2.1.8.35
Steal time events

How many times the hypervisor has stolen CPU time.
OID: 1.3.6.1.4.1.15397.2.1.8.36
Steal time max per tick (ns)

The maximum time duration (in nanoseconds) the hypervisor stole the CPU between two time ticks, maximum per
connection update interval.
OID: 1.3.6.1.4.1.15397.2.1.8.38
TX drops
This is the number of packets dropped on transmission by each flow processor and thread.
OID: 1.3.6.1.4.1.15397.2.1.8.7
TX packets
This is the number of packets transmitted by each flow processor and thread.
OID: 1.3.6.1.4.1.15397.2.1.8.6
C.35. Queue Sync

(ext entries) Received update entries
OID: 1.3.6.1.4.1.15397.2.1.123.13
(ext entries) Sent update entries
OID: 1.3.6.1.4.1.15397.2.1.123.14
(ext sendbuffer) Entries dropped due to full sendbuffer
OID: 1.3.6.1.4.1.15397.2.1.123.17
(ext sendbuffer) Sendbuffer usage
OID: 1.3.6.1.4.1.15397.2.1.123.18
(ext status) Invalid packets received
OID: 1.3.6.1.4.1.15397.2.1.123.30
(ext status) Status packets late/out of order
OID: 1.3.6.1.4.1.15397.2.1.123.32
(ext status) Status packets lost
OID: 1.3.6.1.4.1.15397.2.1.123.31
(ext status) Status packets received
337
OID: 1.3.6.1.4.1.15397.2.1.123.28
(ext status) Status packets sent
OID: 1.3.6.1.4.1.15397.2.1.123.27
(ext status) Version mismatch in status packets received
OID: 1.3.6.1.4.1.15397.2.1.123.29
(ext timeout) Last timeout of peer
OID: 1.3.6.1.4.1.15397.2.1.123.34
(ext timeout) Number of timeouts of peer
OID: 1.3.6.1.4.1.15397.2.1.123.33
(ext update) Packets with mismatching ruleset received
OID: 1.3.6.1.4.1.15397.2.1.123.25
(ext update) Update packets lost
OID: 1.3.6.1.4.1.15397.2.1.123.26
(ext update) Update packets received
OID: 1.3.6.1.4.1.15397.2.1.123.24
(ext update) Update packets sent
OID: 1.3.6.1.4.1.15397.2.1.123.23
(ext) Last seen peer
OID: 1.3.6.1.4.1.15397.2.1.123.21
(ext) Number of peers

This is the number of peers connected for external queue synchronization.
OID: 1.3.6.1.4.1.15397.2.1.123.9
(ext) Short erronous packets received
OID: 1.3.6.1.4.1.15397.2.1.123.22
(ext) Split object age timeout

This is the number of times an entry (representing a queue in a ShapingObject) has been removed from the queue sync
table due to not being used within the timeout.
OID: 1.3.6.1.4.1.15397.2.1.123.12
Object adjustments sent

This is the number of queue synchronization messages sent requesting adjustments of a ShapingObject queue.
OID: 1.3.6.1.4.1.15397.2.1.123.8
Qsync not run because unsynced objects

This is the number of occurrences of reapers in a PL10000/PL20000 system not having identical objects, which means
queues are not synced. This can typically happen when the ruleset is reloaded.
338
OID: 1.3.6.1.4.1.15397.2.1.123.16
Split entries active (reaper)

This is the number of split entries (queues syncing) for all reapers in the PL10000/PL20000 system.
OID: 1.3.6.1.4.1.15397.2.1.123.5
Split entries active (sum)

This is the total number of split entries that PLD manages when duplicates are countes as one entry.
OID: 1.3.6.1.4.1.15397.2.1.123.7
Split entries created (reaper)

This is the number of split entries that are created.
OID: 1.3.6.1.4.1.15397.2.1.123.4
Split entries on free list (sum)

This is the number of split entries that have been put on the free list, making them available for reuse.
OID: 1.3.6.1.4.1.15397.2.1.123.6
Updates received for unknown object

This is the number of queue synchronization updates received for an object not known by the local engine.
OID: 1.3.6.1.4.1.15397.2.1.123.3
Updates received from reapers

This is the number of queue synchronization updates received from reapers on packet processing CPUs.
OID: 1.3.6.1.4.1.15397.2.1.123.1
Updates received from reapers with old ruleset

This is the number of queue synchronization updates received from reapers where the reaper did not have an up to
date ruleset.
OID: 1.3.6.1.4.1.15397.2.1.123.2
C.36. Rewrite
Fragmented header ignored (GRE)
OID: 1.3.6.1.4.1.15397.2.1.141.181
Fragmented header ignored (PPTP)
OID: 1.3.6.1.4.1.15397.2.1.141.182
Mapping - IP-address count

Number of IP addresses used in mappings.
OID: 1.3.6.1.4.1.15397.2.1.141.20
Mapping - subscriber count

Number of subscribers subject to NAT rewriting.
OID: 1.3.6.1.4.1.15397.2.1.141.19
339
Mapping creation failure (no available ports in port blocks)

Number of times a mapping could not be created because there were no ports available. This is the sum of the individual
values for ICMP, TCP, and UDP.
OID: 1.3.6.1.4.1.15397.2.1.141.15
Mapping creation failure (resources)

Number of times a mapping could not be created because the system configuration did not allow it.
OID: 1.3.6.1.4.1.15397.2.1.141.14
Mapping creation failure - GRE (no available ports in port blocks)
OID: 1.3.6.1.4.1.15397.2.1.141.24
Mapping creation failure - ICMP (no available ports in port blocks)

Number of times a mapping for ICMP could not be created because there were no ports available. This value is included
in the sum value for this failure type.
OID: 1.3.6.1.4.1.15397.2.1.141.18
Mapping creation failure - Natsync external collision
OID: 1.3.6.1.4.1.15397.2.1.141.26
Mapping creation failure - Natsync portblock not found
OID: 1.3.6.1.4.1.15397.2.1.141.27
Mapping creation failure - No available natcfg (FTP)
OID: 1.3.6.1.4.1.15397.2.1.141.29
Mapping creation failure - No available natcfg (PPTP)
OID: 1.3.6.1.4.1.15397.2.1.141.28
Mapping creation failure - No available natcfg (RTSP)
OID: 1.3.6.1.4.1.15397.2.1.141.30
Mapping creation failure - No rewrite address
OID: 1.3.6.1.4.1.15397.2.1.141.25
Mapping creation failure - TCP (no available ports in port blocks)

Number of times a mapping for TCP could not be created because there were no ports available. This value is included
OID: 1.3.6.1.4.1.15397.2.1.141.16
Mapping creation failure - UDP (no available ports in port blocks)

Number of times a mapping for UDP could not be created because there were no ports available. This value is included
OID: 1.3.6.1.4.1.15397.2.1.141.17
Mappings count
Current number of mappings. This is the sum of the individual values for ICMP, TCP, and UDP.
OID: 1.3.6.1.4.1.15397.2.1.141.10
340
Mappings count - GRE
OID: 1.3.6.1.4.1.15397.2.1.141.23
Mappings count - ICMP

Current number of mappings for ICMP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.13
Mappings count - TCP

Current number of mappings for TCP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.11
Mappings count - UDP

Current number of mappings for UDP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.12
Mappings created
Number of mappings created since last start. This is the sum of the individual values for ICMP, TCP, and UDP.
OID: 1.3.6.1.4.1.15397.2.1.141.1
Mappings created - GRE
OID: 1.3.6.1.4.1.15397.2.1.141.21
Mappings created - ICMP

Number of mappings for ICMP created since last start. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.4
Mappings created - TCP

Number of mappings for TCP created since last start. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.2
Mappings created - UDP

Number of mappings for UDP created since last start. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.3
Mappings deleted
Number of mappings deleted since last start.
OID: 1.3.6.1.4.1.15397.2.1.141.9
Mappings reused
Number of mappings that have been reused. This is the sum of the individual values for ICMP, TCP, and UDP.
OID: 1.3.6.1.4.1.15397.2.1.141.5
Mappings reused - GRE
OID: 1.3.6.1.4.1.15397.2.1.141.22
Mappings reused - ICMP

Number of mappings for ICMP that have been reused. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.8
341
Mappings reused - TCP

Number of mappings for TCP that have been reused. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.6
Mappings reused - UDP

Number of mappings for UDP that have been reused. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.7
Number of assigned port blocks - high
OID: 1.3.6.1.4.1.15397.2.1.141.140
Number of assigned port blocks - low
OID: 1.3.6.1.4.1.15397.2.1.141.139
Number of free port blocks - high
OID: 1.3.6.1.4.1.15397.2.1.141.138
Number of free port blocks - low
OID: 1.3.6.1.4.1.15397.2.1.141.137
Number of mappings used
OID: 1.3.6.1.4.1.15397.2.1.141.208
Number of redirect headers available for use
OID: 1.3.6.1.4.1.15397.2.1.141.205
Number of redirect headers created
OID: 1.3.6.1.4.1.15397.2.1.141.204
Number of redirect headers currently in use
OID: 1.3.6.1.4.1.15397.2.1.141.206
Pool - Number of IP-addresses

Number of IP addresses available in pools from which to allocate addresses for NAT rewriting.
OID: 1.3.6.1.4.1.15397.2.1.141.152
Pool - Src IP-address count
OID: 1.3.6.1.4.1.15397.2.1.141.173
Pool - collision when adding address
OID: 1.3.6.1.4.1.15397.2.1.141.168
Pool - number of subscribers
OID: 1.3.6.1.4.1.15397.2.1.141.172
Pool - port block association events sent

Number of events sent saying a port block from the cache has been associated. This is the sum of the individual values
for high ports and low ports.
342
OID: 1.3.6.1.4.1.15397.2.1.141.159
Pool - port block association events sent - high

Number of events sent saying a port block in the high port range from the cache has been associated. This value is
included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.161
Pool - port block association events sent - low

Number of events sent saying a port block in the low port range from the cache has been associated. This value is
OID: 1.3.6.1.4.1.15397.2.1.141.160
Pool - port block association update events sent
OID: 1.3.6.1.4.1.15397.2.1.141.169
Pool - port block association update events sent - high
OID: 1.3.6.1.4.1.15397.2.1.141.171
Pool - port block association update events sent - low
OID: 1.3.6.1.4.1.15397.2.1.141.170
Pool - port block deassociation events sent

Number of events sent saying a port block is no longer used. This is the sum of the individual values for high ports and
low ports.
OID: 1.3.6.1.4.1.15397.2.1.141.162
Pool - port block deassociation events sent - high

Number of events sent saying a port block in the high port range (1024 and above) is no longer used. This value is
OID: 1.3.6.1.4.1.15397.2.1.141.164
Pool - port block deassociation events sent - low

Number of events sent saying a port block in the low port range (1023 and below) is no longer used. This value is included
in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.163
Pool - port block received high

Number of port blocks received in the high port range (1024 and above).
OID: 1.3.6.1.4.1.15397.2.1.141.167
Pool - port block received low

Number of port blocks received in the low port range (1023 and below).
OID: 1.3.6.1.4.1.15397.2.1.141.166
Pools
Number of pools available from which IP addresses can be allocated.
OID: 1.3.6.1.4.1.15397.2.1.141.151
Port block assignment failures

Number of times a port block could not be assigned. This value is the sum of all causes and port ranges.
343
OID: 1.3.6.1.4.1.15397.2.1.141.126
Port block assignment failures (cache empty)

Number of times a port block assignment failed because the cache in the engine was empty. This value is the sum of
the values for high and low port ranges.
OID: 1.3.6.1.4.1.15397.2.1.141.128
Port block assignment failures (subscriber limit reached)

Number of times a port block assignment failed because the per-subscriber port block limit is reached. This value is the
sum of the values for high and low port ranges.
OID: 1.3.6.1.4.1.15397.2.1.141.127
Port block assignment failures - high

Number of times a port block in the high port range (1024 and above) could not be assigned. This value is the sum
of all causes.
OID: 1.3.6.1.4.1.15397.2.1.141.132
Port block assignment failures - high (cache empty)

Number of times a port block in the high port range (1024 and above) could not be assigned because the cache in
the engine was empty.
OID: 1.3.6.1.4.1.15397.2.1.141.134
Port block assignment failures - high (subscriber limit reached)

Number of times a port block assignment in the high port range (1024 and above) failed because the per-subscriber
high port block limit is reached.
OID: 1.3.6.1.4.1.15397.2.1.141.133
Port block assignment failures - low (cache empty, retry with high)
Number of times a port block in the low port range (1023 and below) could not be assigned because the cache in the
engine was empty. When a port block assignment in the low port range fails, engine will try to assign in the high port range.
OID: 1.3.6.1.4.1.15397.2.1.141.131
Port block assignment failures - low (retry with high)

Number of times a port block in the low port range (1023 and below) could not be assigned. This value is the sum of all
causes. When a port block assignment in the low port range fails, engine will try to assign in the high port range.
OID: 1.3.6.1.4.1.15397.2.1.141.129
Port block assignment failures - low (subscriber limit reached, retry with high)
Number of times a port block assignment in the low port range (1023 and below) failed because the per-subscriber
low port block limit is reached. When a port block assignment in the low port range fails, engine will try to assign in the
high port range.
OID: 1.3.6.1.4.1.15397.2.1.141.130
Port block count - high
OID: 1.3.6.1.4.1.15397.2.1.141.136
Port block count - low
OID: 1.3.6.1.4.1.15397.2.1.141.135
Port block creation abortion (cache full)

Number of times engine aborted creating a port block because the cache is filled to the configured size.
344
OID: 1.3.6.1.4.1.15397.2.1.141.125
Port block creation failures

Number of times engine failed to create a port block. This is the sum of all causes.
OID: 1.3.6.1.4.1.15397.2.1.141.121
Port block creation failures (low and high)

Number of times engine failed to create a port block because the block spanned both low and high ports. This value
is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.124
Port block creation failures (resources)

Number of times engine failed to create a port block due to resource starvation. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.122
Port block creation failures (start > end)
OID: 1.3.6.1.4.1.15397.2.1.141.123
Src IP-address count
OID: 1.3.6.1.4.1.15397.2.1.141.200
Src IP-address creation failures
OID: 1.3.6.1.4.1.15397.2.1.141.201
Src IP-address creation failures (resources)
OID: 1.3.6.1.4.1.15397.2.1.141.202
Synchronized mappings count

Number of synchronized mappings received via natsync from other systems.
OID: 1.3.6.1.4.1.15397.2.1.141.80
Synchronized mappings count - GRE

Number of synchronized GRE mappings received via natsync from other systems.
OID: 1.3.6.1.4.1.15397.2.1.141.84
Synchronized mappings count - ICMP

Number of synchronized ICMP mappings received via natsync from other systems.
OID: 1.3.6.1.4.1.15397.2.1.141.83
Synchronized mappings count - TCP

Number of synchronized TCP mappings received via natsync from other systems.
OID: 1.3.6.1.4.1.15397.2.1.141.81
Synchronized mappings count - UDP

Number of synchronized UDP mappings received via natsync from other systems.
OID: 1.3.6.1.4.1.15397.2.1.141.82
Synchronized mappings created

Number of synchronized mappings received via natsync created on this system.
OID: 1.3.6.1.4.1.15397.2.1.141.85
345
Synchronized mappings created - GRE

Number of synchronized GRE mappings received via natsync created on this system.
OID: 1.3.6.1.4.1.15397.2.1.141.89
Synchronized mappings created - ICMP

Number of synchronized ICMP mappings received via natsync created on this system.
OID: 1.3.6.1.4.1.15397.2.1.141.88
Synchronized mappings created - TCP

Number of synchronized TCP mappings received via natsync created on this system.
OID: 1.3.6.1.4.1.15397.2.1.141.86
Synchronized mappings created - UDP

Number of synchronized UDP mappings received via natsync created on this system.
OID: 1.3.6.1.4.1.15397.2.1.141.87
Too few src IP-addresses in loading pool.
OID: 1.3.6.1.4.1.15397.2.1.141.203
Total number of mappings
OID: 1.3.6.1.4.1.15397.2.1.141.207
Translated inbound bytes (inbound)

Number of inbound bytes in connections translated by an inbound translation. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.77
Translated inbound bytes (outbound)

Number of inbound bytes in connections translated by an outbound translation. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.107
Translated inbound bytes (total)

Number of inbound bytes in connections that are translated. This is the sum of the individual values for inbound and
outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.47
Translated inbound packets (inbound)

Number of inbound packets in connections translated by an inbound translation. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.76
Translated inbound packets (outbound)

Number of inbound packets in connections translated by an outbound translation. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.106
Translated inbound packets (total)

Number of inbound packets in connections that are translated. This is the sum of the individual values for inbound and
outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.46
Translated outbound bytes (inbound)

Number of outbound bytes in connections translated by an inbound translation. This value is included in the total value.
346
OID: 1.3.6.1.4.1.15397.2.1.141.79
Translated outbound bytes (outbound)

Number of outbound bytes in connections translated by an outbound translation. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.109
Translated outbound bytes (total)

Number of outbound bytes in connections that are translated. This is the sum of the individual values for inbound and
outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.49
Translated outbound packets (inbound)

Number of outbound packets in connections translated by an inbound translation. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.78
Translated outbound packets (outbound)

Number of outbound packets in connections translated by an outbound translation. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.108
Translated outbound packets (total)

Number of outbound packets in connections that are translated. This is the sum of the individual values for inbound and
outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.48
Translation creation collisions resolved (outbound)

Number of collisions caused by creating an outbound translation that have been resolved. This value is included in the
total value.
OID: 1.3.6.1.4.1.15397.2.1.141.104
Translation creation collisions resolved (total)

Number of collisions caused by creating a translation that have been resolved. This is the sum of the individual values
for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.44
Translation creation failure (No mapping found, inbound)

Number of times an inbound translation could not be created because no mapping was found for the subscriber. This
value is included in the total value for this failure cause.
OID: 1.3.6.1.4.1.15397.2.1.141.73
Translation creation failure (No rewrite address, total)
OID: 1.3.6.1.4.1.15397.2.1.141.50
Translation creation failure (collision, inbound)

Number of times an inbound translation could not be created due to a collision. This value is included in the total value
for this failure cause.
OID: 1.3.6.1.4.1.15397.2.1.141.72
Translation creation failure (collision, outbound)

Number of times an outbound translation could not be created due to a collision. This value is included in the total value
for this failure cause.
347
OID: 1.3.6.1.4.1.15397.2.1.141.103
Translation creation failure (collision, total)

Number of times a translation could not be created due to collision. This is the sum of the individual values for inbound
and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.43
Translation creation failure (incompatible L4 protocol, inbound)

Number of times an inbound translation could not be created because the connection was not a compatible L4 protocol.
This value is included in the total value for this failure cause.
OID: 1.3.6.1.4.1.15397.2.1.141.71
Translation creation failure (incompatible L4 protocol, outbound)

Number of times an inbound translation could not be created because the connection was not a compatible L4 protocol.
This value is included in the total value for this failure cause.
OID: 1.3.6.1.4.1.15397.2.1.141.102
Translation creation failure (incompatible L4 protocol, total)

Number of times a translation could not be created because the connection was not a compatible L4 protocol. This is
the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.42
Translation creation failure (no object, inbound)

Number of times an inbound translation could not be created because there was no exit pool object. This value is included
in the total value for this failure cause.
OID: 1.3.6.1.4.1.15397.2.1.141.69
Translation creation failure (no object, outbound)

Number of times an outbound translation could not be created because there was no exit pool object. This value is
included in the total value for this failure cause.
OID: 1.3.6.1.4.1.15397.2.1.141.100
Translation creation failure (no object, total)

Number of times a translation could not be created because there was no exit pool object. This is the sum of the individual
values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.40
Translation creation failure (not allowed, inbound)

Number of times an inbound translation could not be created because it is not allowed (EIF not enabled).
OID: 1.3.6.1.4.1.15397.2.1.141.74
Translation creation failure (resources, inbound)

Number of times an inbound translation could not be created due to lack of resources. This value is included in the total
value for this failure cause.
OID: 1.3.6.1.4.1.15397.2.1.141.70
Translation creation failure (resources, outbound)

Number of times an outbound translation could not be created due to lack of resources. This value is included in the
total value for this failure cause.
OID: 1.3.6.1.4.1.15397.2.1.141.101
348
Translation creation failure (resources, total)

Number of times a translation could not be created due to lack of resources. This is the sum of the individual values
for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.41
Translation failed - max calls reached (PPTP)
OID: 1.3.6.1.4.1.15397.2.1.141.183
Translation failed - max data connections reached (FTP)
OID: 1.3.6.1.4.1.15397.2.1.141.184
Translation failed - max stream channels reached (RTP)
OID: 1.3.6.1.4.1.15397.2.1.141.185
Translation refused on stale passback
OID: 1.3.6.1.4.1.15397.2.1.141.110
Translations count (inbound)

Number of currently existing inbound translations. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.65
Translations count (outbound)

Number of currently existing outbound translations. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.96
Translations count (total)

Number of currently existing translations. This is the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.36
Translations count - ICMP (inbound)

Number of currently existing inbound translations for ICMP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.68
Translations count - ICMP (outbound)

Number of currently existing outbound translations for ICMP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.99
Translations count - ICMP (total)

Number of currently existing translations for ICMP. This is the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.39
Translations count - TCP (inbound)

Number of currently existing inbound translations for TCP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.66
Translations count - TCP (outbound)

Number of currently existing outbound translations for TCP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.97
349
Translations count - TCP (total)

Number of currently existing translations for TCP. This is the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.37
Translations count - UDP (inbound)

Number of currently existing inbound translations for UDP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.67
Translations count - UDP (outbound)

Number of currently existing outbound translations for UDP. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.98
Translations count - UDP (total)

Number of currently existing translations for UDP. This is the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.38
Translations created (inbound)

Number of inbound translations created. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.60
Translations created (outbound)

Number of outbound translations created. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.91
Translations created (total)

Number of translations created. This is the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.31
Translations created - ICMP (inbound)

Number of inbound translations for ICMP created. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.63
Translations created - ICMP (outbound)

Number of outbound translations for ICMP created. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.94
Translations created - ICMP (total)

Number of translations for ICMP created. This is the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.34
Translations created - TCP (inbound)

Number of inbound translations for TCP created. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.61
Translations created - TCP (outbound)

Number of outbound translations for TCP created. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.92
Translations created - TCP (total)

Number of translations for TCP created. This is the sum of the individual values for inbound and outbound.
350
OID: 1.3.6.1.4.1.15397.2.1.141.32
Translations created - UDP (inbound)

Number of inbound translations for UDP created. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.62
Translations created - UDP (outbound)

Number of outbound translations for UDP created. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.93
Translations created - UDP (total)

Number of translations for UDP created. This is the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.33
Translations deleted (inbound)

Number of inbound translations deleted. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.64
Translations deleted (outbound)

Number of outbound translations deleted. This value is included in the total value.
OID: 1.3.6.1.4.1.15397.2.1.141.95
Translations deleted (total)

Number of translations deleted. This is the sum of the individual values for inbound and outbound.
OID: 1.3.6.1.4.1.15397.2.1.141.35
C.37. Ruleset - Compiler

Compiled Rules: Number of rules in compiled ruleset
OID: 1.3.6.1.4.1.15397.2.1.147.31
Config Rules: Number of rules in ruleset config
OID: 1.3.6.1.4.1.15397.2.1.147.11
Ruleset BGP: AS paths
OID: 1.3.6.1.4.1.15397.2.1.147.83
Ruleset BGP: Bitmasks
OID: 1.3.6.1.4.1.15397.2.1.147.84
Ruleset BGP: Compile and send time, in ms
OID: 1.3.6.1.4.1.15397.2.1.147.82
Ruleset BGP: Subversion updated
OID: 1.3.6.1.4.1.15397.2.1.147.81
Ruleset compile: Compilation errors in last ruleset
351
OID: 1.3.6.1.4.1.15397.2.1.147.4
Ruleset compile: Compilation warnings in last ruleset
OID: 1.3.6.1.4.1.15397.2.1.147.5
Ruleset compile: Ruleset compilation is done and sent to engine
OID: 1.3.6.1.4.1.15397.2.1.147.2
Ruleset compile: Start of ruleset compilation
OID: 1.3.6.1.4.1.15397.2.1.147.1
Ruleset compile: Total compile and send time, in ms
OID: 1.3.6.1.4.1.15397.2.1.147.3
Ruleset dynitems: Compile and send time, in ms (Subscriber, Enrich, NatCfg)
OID: 1.3.6.1.4.1.15397.2.1.147.71
Ruleset dynrule: Subversion updated (affected by DynamicRule and TimeObject)
OID: 1.3.6.1.4.1.15397.2.1.147.91
Ruleset prefixes error: Number of bitmask that was too large for max bitmask size
OID: 1.3.6.1.4.1.15397.2.1.147.69
Ruleset prefixes error: Storage for compiled IPv4 prefixes is full
OID: 1.3.6.1.4.1.15397.2.1.147.63
Ruleset prefixes error: Storage for compiled IPv6 prefixes is full
OID: 1.3.6.1.4.1.15397.2.1.147.65
Ruleset prefixes error: Storage for compiled bitmask used by compiled prefixes is full
OID: 1.3.6.1.4.1.15397.2.1.147.68
Ruleset prefixes: Compile and send time, in ms
OID: 1.3.6.1.4.1.15397.2.1.147.61
Ruleset prefixes: Number of bitmasks
OID: 1.3.6.1.4.1.15397.2.1.147.66
Ruleset prefixes: Number of compiled IPv4 prefixes
OID: 1.3.6.1.4.1.15397.2.1.147.62
Ruleset prefixes: Number of compiled IPv6 prefixes
OID: 1.3.6.1.4.1.15397.2.1.147.64
Ruleset static: Compile and send time, in ms
OID: 1.3.6.1.4.1.15397.2.1.147.41
352
C.38. Ruleset - Daemon

PLDB IO Handlers
OID: 1.3.6.1.4.1.15397.2.1.138.3
Reaper receive buffer usage
OID: 1.3.6.1.4.1.15397.2.1.138.1
Reaper send buffer usage
OID: 1.3.6.1.4.1.15397.2.1.138.2
C.39. Ruleset - Dynamic Netobject

Dynamic item: Number of dynamic items (pair Netobject-ID, Prefix)
This is the number of items in the table of dynamic NetObject items.
OID: 1.3.6.1.4.1.15397.2.1.121.6
Dynamic prefixes: Number of dynamic IPv4 prefixes
OID: 1.3.6.1.4.1.15397.2.1.121.63
Dynamic prefixes: Number of dynamic IPv6 prefixes
OID: 1.3.6.1.4.1.15397.2.1.121.52
Dynamic prefixes: Storage for dynamic prefixes is full
OID: 1.3.6.1.4.1.15397.2.1.121.1
Dynamic prefixes: Total number of dynamic prefixes

This is the number of unique IP addresses in the table of dynamic NetObject items.
OID: 1.3.6.1.4.1.15397.2.1.121.5
Oper ADD: Add calls
OID: 1.3.6.1.4.1.15397.2.1.121.11
Oper ADD: Add calls failed
OID: 1.3.6.1.4.1.15397.2.1.121.9
Oper LIST: List calls
OID: 1.3.6.1.4.1.15397.2.1.121.15
Oper LIST: List calls failed
OID: 1.3.6.1.4.1.15397.2.1.121.44
Oper REMOVE: Remove calls
353
OID: 1.3.6.1.4.1.15397.2.1.121.12
Oper REMOVE: Remove calls failed
OID: 1.3.6.1.4.1.15397.2.1.121.4
Oper REMOVEORPHANS: RemoveOrphans calls

This is the number of times the method to remove orphaned dynamic NetObject items has been made.
OID: 1.3.6.1.4.1.15397.2.1.121.40
Oper REMOVEORPHANS: RemoveOrphans calls failed
OID: 1.3.6.1.4.1.15397.2.1.121.42
Oper SET: Set calls

This is the number of calls to use the set method for dynamic NetObject items.
OID: 1.3.6.1.4.1.15397.2.1.121.30
Oper SET: Set calls failed

This is the number of failed calls to use the set method for dynamic NetObject items.
OID: 1.3.6.1.4.1.15397.2.1.121.32
Oper SET_BEGIN: SetBegin calls

This is the number of calls to use the set_begin method for dynamic NetObject items.
OID: 1.3.6.1.4.1.15397.2.1.121.33
Oper SET_BEGIN: SetBegin calls failed

This is the number of failed calls to use the set_begin method for dynamic NetObject items.
OID: 1.3.6.1.4.1.15397.2.1.121.35
Oper SET_END: SetEnd calls

This is the number of calls to use the set_end method for dynamic NetObject items.
OID: 1.3.6.1.4.1.15397.2.1.121.36
Oper SET_END: SetEnd calls failed

This is the number of successful calls to use the set_end method for dynamic NetObject items.
OID: 1.3.6.1.4.1.15397.2.1.121.38
Save: Last time saved to disk
OID: 1.3.6.1.4.1.15397.2.1.121.60
Save: Milliseconds it took to save to disk
OID: 1.3.6.1.4.1.15397.2.1.121.61
Subscriber: Number of unique subscriber names

This is the number of unique names for dynamic NetObjects.
OID: 1.3.6.1.4.1.15397.2.1.121.18
Subscriber: Storage for unique subscriber names is full
OID: 1.3.6.1.4.1.15397.2.1.121.19
354
C.40. Ruleset - Engine

BGP: Current BGP-ruleset loaded
OID: 1.3.6.1.4.1.15397.2.1.64.66
BGP: Entries in BGP IPv4 lookup table
OID: 1.3.6.1.4.1.15397.2.1.64.10
BGP: Entries in BGP IPv6 lookup table
OID: 1.3.6.1.4.1.15397.2.1.64.53
BGP: Number of ASPaths
OID: 1.3.6.1.4.1.15397.2.1.64.9
BGP: Number of bitmasks
OID: 1.3.6.1.4.1.15397.2.1.64.65
Dynamic Rule: Current dynamic rule loaded
OID: 1.3.6.1.4.1.15397.2.1.64.67
Enrich: Entries (netobjid, ipprefix)-pairs in storage in engine
OID: 1.3.6.1.4.1.15397.2.1.64.54
Enrich: Lookup in engine of non-existing enrich property
OID: 1.3.6.1.4.1.15397.2.1.64.57
Enrich: Number of operations sent to engine
OID: 1.3.6.1.4.1.15397.2.1.64.60
Enrich: Parsing/handling errors in engine
OID: 1.3.6.1.4.1.15397.2.1.64.56
Enrich: Storage in engine is full
OID: 1.3.6.1.4.1.15397.2.1.64.55
NatCfg: Dynamic natcfg allocation failures
OID: 1.3.6.1.4.1.15397.2.1.64.47
NatCfg: Number of dynamic natcfg entries
OID: 1.3.6.1.4.1.15397.2.1.64.46
Netobject prefixes: Number of IPv4 prefixes
OID: 1.3.6.1.4.1.15397.2.1.64.23
Netobject prefixes: Number of IPv6 prefixes
OID: 1.3.6.1.4.1.15397.2.1.64.61
355
Netobject prefixes: Number of bitmasks
OID: 1.3.6.1.4.1.15397.2.1.64.62
Netobject prefixes: Number of errors
OID: 1.3.6.1.4.1.15397.2.1.64.64
Netobject prefixes: Number of updating operations
OID: 1.3.6.1.4.1.15397.2.1.64.63
Ruleset problem: Too many matching statistics rules

This is the number of times the ruleset has been recalculated and a packet has matched too many statistics rules.
OID: 1.3.6.1.4.1.15397.2.1.64.26
Ruleset: Current ruleset loaded
OID: 1.3.6.1.4.1.15397.2.1.64.22
Subscriber: Entries (netobjid, ipprefix)-pairs in storage in engine

This is the number of subscribers added.
OID: 1.3.6.1.4.1.15397.2.1.64.37
Subscriber: Number of operations sent to engine
OID: 1.3.6.1.4.1.15397.2.1.64.59
Subscriber: Parsing/handling errors in engine
OID: 1.3.6.1.4.1.15397.2.1.64.58
Subscriber: Split on unknown sessioncontext
OID: 1.3.6.1.4.1.15397.2.1.64.44
Subscriber: Split on unknown subscriber
OID: 1.3.6.1.4.1.15397.2.1.64.43
Subscriber: Storage in engine is full

This is the number of times a subscriber could not be allocated.
OID: 1.3.6.1.4.1.15397.2.1.64.40
C.41. Session Context - Daemon

Accounted inbound data
OID: 1.3.6.1.4.1.15397.2.1.152.12
Accounted outbound data
OID: 1.3.6.1.4.1.15397.2.1.152.13
Barrier messages acked

Number of 'barrier' messages acked to provisioning clients (for example, PSM).
356
OID: 1.3.6.1.4.1.15397.2.1.152.16
Barrier messages received

Number of 'barrier' messages received from provisioning clients (e.g PSM). It is only after the client completes the
processing all operations requested prior to the Barrier Request, that it responds with a Barrier Reply message.
OID: 1.3.6.1.4.1.15397.2.1.152.4
Connected clients
Number of connected provisioning clients (e.g PSM).
OID: 1.3.6.1.4.1.15397.2.1.152.3
Counters Dropped
Number of counters dropped due to serialization error.
OID: 1.3.6.1.4.1.15397.2.1.152.15
Counters in flight
Number of accounting messages sent but not yet acknowledged by the provisioning client (e.g PSM).
OID: 1.3.6.1.4.1.15397.2.1.152.9
Counters sent
Number of accounting messages sent to provisioning clients (e.g PSM). One accounting message includes all counters
(as defined in the schema) for a single session context row. Messages are sent when a row is either deprovisioned or
when at least one of the counters reached its configured threshold.
OID: 1.3.6.1.4.1.15397.2.1.152.8
Create messages received

Number of 'create' messages recieved from provisioning clients (e.g PSM). Create messages add new session context
rows to the session context table.
OID: 1.3.6.1.4.1.15397.2.1.152.5
Current number of disabled items (covered)

Current number of session context rows covered by other less specific rows and subsequently ignored, e.g, if both
10.0.0.1/32 and 10.0.0.0/24 are provisioned the former is ignored as it is covered by the latter.
OID: 1.3.6.1.4.1.15397.2.1.152.10
Delete messages received

Number of 'delete' messages received from provisioning clients (e.g PSM). Delete messages remove (deprovision) existing
session context rows from the session context table.
OID: 1.3.6.1.4.1.15397.2.1.152.7
Delta messages received

Number of 'delta' messages received from provisioning clients (e.g PSM). Delta messages change existing session
context rows in the session context table.
OID: 1.3.6.1.4.1.15397.2.1.152.6
Overlapping provisioning
Accumulated number of session context rows covered by other rows and subsequently ignored.
OID: 1.3.6.1.4.1.15397.2.1.152.11
Registered schema
Number of registered session context schemas.
357
OID: 1.3.6.1.4.1.15397.2.1.152.1
Schema with connected client

Number of session context schemas that currently has an active provisioning client (e.g PSM).
OID: 1.3.6.1.4.1.15397.2.1.152.2
Work queue size

Number of work items in queue for processing. If this is growing over time, work is coming in at a higher rate than it
can be processed.
OID: 1.3.6.1.4.1.15397.2.1.152.14
C.42. Session Context - Engine

Active schema
OID: 1.3.6.1.4.1.15397.2.1.150.1
Blobstore - used entries (32)
OID: 1.3.6.1.4.1.15397.2.1.150.5
OID: 1.3.6.1.4.1.15397.2.1.150.7
OID: 1.3.6.1.4.1.15397.2.1.150.6
Counter messages sent
OID: 1.3.6.1.4.1.15397.2.1.150.9
Lookups
OID: 1.3.6.1.4.1.15397.2.1.150.8
Row count (in table)

This is the number of session context rows currently provisioned in engine
OID: 1.3.6.1.4.1.15397.2.1.150.3
Row count (total)

This is the total number of session context rows in engine, including rows that are unprovisioned but still referred to by
at least one connection.
OID: 1.3.6.1.4.1.15397.2.1.150.2
Too many sessions context entries matching single connection
OID: 1.3.6.1.4.1.15397.2.1.150.4
Unmatched bytes
This is the amount of bandwidth not being provisioned through session context.
OID: 1.3.6.1.4.1.15397.2.1.150.11
358
Unmatched connections
This is the number of connections not being provisioned through session context.
OID: 1.3.6.1.4.1.15397.2.1.150.10
C.43. Shaping
AQM packet drops
OID: 1.3.6.1.4.1.15397.2.1.88.74
BROWN per connection drops

This is the number of packets dropped by BROWN (the Active Queue Management (AQM) algorithm used by PacketLogic)
to maintain connection fairness. These packets are dropped when a certain flow is deemed to have used too much
queue and the queue length is greater than the configured latency goal.
OID: 1.3.6.1.4.1.15397.2.1.88.8
BROWN per host drops

This is the number of packets dropped by BROWN (the Active Queue Management (AQM) algorithm used by PacketLogic)
to maintain host fairness. These packets are dropped when a certain host is deemed to have used too much queue and
the queue length is greater than the configured latency goal.
OID: 1.3.6.1.4.1.15397.2.1.88.48
CPS limit drops

This is the number of packets dropped to enforce CPS limits.
OID: 1.3.6.1.4.1.15397.2.1.88.64
Dequeued bytes
This is the number of bytes dequeued from the shaping queues.
OID: 1.3.6.1.4.1.15397.2.1.88.12
Dequeued packets
This is the number of packets dequeued from the shaping queues.
OID: 1.3.6.1.4.1.15397.2.1.88.2
Directly sent bytes

This is the number of bytes queued and dequeued from the shaping queues without delay.
OID: 1.3.6.1.4.1.15397.2.1.88.45
Directly sent packets

This is the number of packets queued and dequeued from the shaping queues without delay.
OID: 1.3.6.1.4.1.15397.2.1.88.44
ECN Marked Packets
OID: 1.3.6.1.4.1.15397.2.1.88.73
Enqueued bytes
This is the number of bytes enqueued to the shaping queues.
OID: 1.3.6.1.4.1.15397.2.1.88.11
359
Enqueued packets
This is the number of packets enqueued to the shaping queues.
OID: 1.3.6.1.4.1.15397.2.1.88.1
Failures to set speed from session context value - non-numeric type
OID: 1.3.6.1.4.1.15397.2.1.88.79
Failures to set speed from session context value - not provisioned
OID: 1.3.6.1.4.1.15397.2.1.88.78
Failures to set speed from session context value - too low speed
OID: 1.3.6.1.4.1.15397.2.1.88.80
Host fairness data allocation failures

This is the number of times allocating a data object for host fairness has failed. One such object is needed for each
ShapingObject using host fairness (including dynamically split copies of ShapingObjects). The result is that host fairness
cannot be enforced for the ShapingObjects that failed to allocate a host fairness object.
OID: 1.3.6.1.4.1.15397.2.1.88.65
Host fairness data used
OID: 1.3.6.1.4.1.15397.2.1.88.66
Object copies
This is the number of ShapingObject copies.
OID: 1.3.6.1.4.1.15397.2.1.88.13
Object copies created

This is the number of ShapingObject copies created.
OID: 1.3.6.1.4.1.15397.2.1.88.72
Object max connections reached

This is the number of connections refused because a ShapingObject has reached its configured maximum number of
simultaneous connections.
OID: 1.3.6.1.4.1.15397.2.1.88.49
Out of packets drops

This is the number of packets dropped because the packet pool is exhausted. This will effectively cripple the shaping
engine.
OID: 1.3.6.1.4.1.15397.2.1.88.15
Packets received
This is the number of packets received by the shaping engine.
OID: 1.3.6.1.4.1.15397.2.1.88.16
Queue size
OID: 1.3.6.1.4.1.15397.2.1.88.9
Queuing drops (all types)

This is the number of packets dropped by the shaping.
360
OID: 1.3.6.1.4.1.15397.2.1.88.37
Too many dynamic objects

This is the number of packets dropped because the maximum number of ShapingObjects was exceeded. This can
happen if a rule uses a ShapingObject with Split by Local Host. In that case, PacketLogic dynamically creates object
instances according to the number of local hosts. In case there is an instantaneous peak in the number of local hosts
causing object instances to be created, some will fail and the packets that were to go into object instances that were not
created are dropped. This behaviour is harmless unless it is recurring and persistent.
OID: 1.3.6.1.4.1.15397.2.1.88.25
Too many matching rules

This is the number of matching rules for a connection exceeded SHAPING_MAX_RULES_PER_CONNECTION
(configurable in system configuration), and thus the packet was dropped.
OID: 1.3.6.1.4.1.15397.2.1.88.32
Too many shaping objects matching a connection
OID: 1.3.6.1.4.1.15397.2.1.88.31
Unshaped bytes
This is the number of bytes received by the shaping engine that did not match any shaping rules.
OID: 1.3.6.1.4.1.15397.2.1.88.40
Unshaped packets
This is the number of packets received by the shaping engine that did not match any shaping rules.
OID: 1.3.6.1.4.1.15397.2.1.88.39
C.44. Shaping Counter

Active clients
This is the number of clients receiving counter updates.
OID: 1.3.6.1.4.1.15397.2.1.124.3
Active counters
This is the number of counters existing.
OID: 1.3.6.1.4.1.15397.2.1.124.2
Dropped shaping counter updates
OID: 1.3.6.1.4.1.15397.2.1.124.7
Recycles
This is the number of times an existing counter has been reset to be used by another object, because the number of
counters exceeds the system configuration value SHAPING_COUNTERS_MAX.
OID: 1.3.6.1.4.1.15397.2.1.124.4
Updates crossing granularity boundary received

This is the number of updates from shaping counters received that are larger than the granularity boundary defined by the
system configuration value SHAPING_COUNTERS_GRANULARITY_SHIFT. This means the update will be sent to those
who have requested the counter (usually a VBS controller).
361
OID: 1.3.6.1.4.1.15397.2.1.124.5
Updates received
This is the total number of updates received from shaping counters.
OID: 1.3.6.1.4.1.15397.2.1.124.1
C.45. Statistics
Bandwidth used (Dataset Transfer)
This is the bandwidth used between PLSD and PLDBD. The system configuration value
PLS_DATASET_BANDWIDTH_LIMIT can be used to limit the dataset transfer rate between PLSD and PLDBD, to ensure
that not all available bandwidth is used by the dataset transfer.
OID: 1.3.6.1.4.1.15397.2.1.136.86
Bandwidth used (Packetlogicd Communication)
OID: 1.3.6.1.4.1.15397.2.1.136.31
Cached datasets
OID: 1.3.6.1.4.1.15397.2.1.136.71
Connection Bytes Unaccounted In

This is the number of incoming bytes transferred to PLSD by PLD that are not accounted for by PLSD (incoming traffic
that match no statistics rule).
OID: 1.3.6.1.4.1.15397.2.1.136.41
Connection Bytes Unaccounted Out

This is the number of outgoing bytes transferred to PLSD by PLD that are not accounted for by PLSD (outgoing traffic
that match no statistics rule).
OID: 1.3.6.1.4.1.15397.2.1.136.42
Connection table size

This is the size of the connection table in the statistics daemon. The connections in the connection table are those that
are open when the connection updates are sent to PLSD. The default update interval is five minutes. When a connection
is closed it is removed from the connection table.
OID: 1.3.6.1.4.1.15397.2.1.136.15
Connection updates
This is the number of connection updates that the statistics daemon has received from PLD.
OID: 1.3.6.1.4.1.15397.2.1.136.17
Connection updates (Full)

This is the number of connection updates containing all information about the connection. Full updates are sent for new
connections or when connection information changes. Connection updates for terminated connections always contain
all information.
OID: 1.3.6.1.4.1.15397.2.1.136.18
Connection updates (New)

This is the number of connection updates for new connections. This is a subset of Connection updates (Full).
362
OID: 1.3.6.1.4.1.15397.2.1.136.19
Connection updates (Threshold Filtered)

This is the number of connection updates that have not passed the threshold configured for what shall be
stored in statistics. The thresholds to filter connections for this value is set by the system configuration values
PLS_CONNECTION_THRESHOLD_IN and PLS_CONN_THRESHOLD_OUT.
OID: 1.3.6.1.4.1.15397.2.1.136.20
Connections dropped (Cache Exhausted)

This is the number of connections dropped from statistics due to the number of connections exceeding the system
configuration value MAX_CONNECTIONS.
OID: 1.3.6.1.4.1.15397.2.1.136.21
Connects
This is a counter that is incremented each time the statistics daemon tries to connect to the PLD. If this keeps increasing
then something is wrong in the interface between the daemons.
OID: 1.3.6.1.4.1.15397.2.1.136.33
Connlog connections added

This is the number of connections that have been added to the connection log.
OID: 1.3.6.1.4.1.15397.2.1.136.23
Connlog connections dumped

This is the number of connections written to disk in the last connlog dump. The connection logger keeps chunks of a
few hundred thousand connections in memory before writing to disk. The chunk is written to disk every hour or when
the chunk size is reached.
OID: 1.3.6.1.4.1.15397.2.1.136.25
Connlog connections stored

This is the number of connections currently stored in the statistics daemon memory.
OID: 1.3.6.1.4.1.15397.2.1.136.22
Connlog dumptime
This is the time it took to write the previous chunk of connlog connections to disk.
OID: 1.3.6.1.4.1.15397.2.1.136.26
Connlog entries dropped

This is the number of entries that have been dropped from connection logging.
OID: 1.3.6.1.4.1.15397.2.1.136.30
Connlog entries incomplete
OID: 1.3.6.1.4.1.15397.2.1.136.36
Connlog time remaining

This is the time remaining until the next connlog chunk is written to disk. It could be written to disk before this if the
chunk gets full.
OID: 1.3.6.1.4.1.15397.2.1.136.24
Dataset, size
This is the size in bytes of the dataset sent from PLSD to PLDBD after filtering. This value is updated each time the dataset
is sent. It can be used to estimate the time it would take to transfer the dataset over the a certain bandwidth.
363
OID: 1.3.6.1.4.1.15397.2.1.136.47
Dump time
This is the time it took to write the previous hour of statistics data to disk. If this grows close to an hour, then the disk is
not keeping up with the amount of data it needs to store. If so, you need to upgrade your statistics hardware, or turn off
connection logging, or cut down on the number of statistics rules you have in your ruleset.
OID: 1.3.6.1.4.1.15397.2.1.136.1
Dynamic IP count
OID: 1.3.6.1.4.1.15397.2.1.136.55
Dynamic Netobject Removes - Non existant IP address

This is the number of removes of IP addresses that aren't known to PLSD. Removes may occur if connectivity is lost
between PLSD and PLD due to lost dynitem add messages.
OID: 1.3.6.1.4.1.15397.2.1.136.84
Dynamic Netobject Removes - Non existant item

This is the number of removes of dynamic items that aren't known to PLSD. Removes may occur if connectivity is lost
between PLSD and PLD due to lost dynitem add messages.
OID: 1.3.6.1.4.1.15397.2.1.136.85
GeoLogic: Lookup failures
OID: 1.3.6.1.4.1.15397.2.1.136.106
GeoLogic: Lookups
OID: 1.3.6.1.4.1.15397.2.1.136.105
Links in dataset
This is the number of links in the dataset. Links are configured in the distribution of a StatisticsObject and are used to
reduce the amount of data stored in Statsfs by removing redundant data.
OID: 1.3.6.1.4.1.15397.2.1.136.4
NetObject Count
OID: 1.3.6.1.4.1.15397.2.1.136.59
NetObject Count, Dynamic
OID: 1.3.6.1.4.1.15397.2.1.136.65
Recv Ringbuf usage (Collector)

This is the usage of the buffer in the statistics daemon used for messages from PLD that have not yet been parsed. The
size of the buffer is set with the system configuration value PLS_RINGBUF_MEGS.
OID: 1.3.6.1.4.1.15397.2.1.136.28
Session Context Row Column Failed Lookups
OID: 1.3.6.1.4.1.15397.2.1.136.101
Session Context Row Drops
OID: 1.3.6.1.4.1.15397.2.1.136.83
364
Session Context Row Failed Lookups
OID: 1.3.6.1.4.1.15397.2.1.136.93
Session Context Row Lookups
OID: 1.3.6.1.4.1.15397.2.1.136.94
Session Context Row Parse Errors
OID: 1.3.6.1.4.1.15397.2.1.136.91
Session Context Row Remove Errors
OID: 1.3.6.1.4.1.15397.2.1.136.92
Session Context Rows
OID: 1.3.6.1.4.1.15397.2.1.136.82
Session Context Rows, Max Columns Exceeded
OID: 1.3.6.1.4.1.15397.2.1.136.100
Session Context Schemas
OID: 1.3.6.1.4.1.15397.2.1.136.81
Time connected
This is the length of time that the statistics daemon has been connected to PLD. The time counter will reset to zero in
case of a reconnect between the statistics daemon and PLD.
OID: 1.3.6.1.4.1.15397.2.1.136.32
Time of last dump

This is the timestamp for when the statistics daemon sent the dataset to PLDBD.
OID: 1.3.6.1.4.1.15397.2.1.136.27
Value Cache Usage
OID: 1.3.6.1.4.1.15397.2.1.136.48
Value Hashes
OID: 1.3.6.1.4.1.15397.2.1.136.104
Value lookups
This is the number of lookups made by the statistics daemon to see whether a built value is already stored.
OID: 1.3.6.1.4.1.15397.2.1.136.10
Value updates(Bytes)
This is the number of times values have been updated with byte counter information (for example bytes transferred or
bit rate).
OID: 1.3.6.1.4.1.15397.2.1.136.11
Value updates(Conns)
This is the number of times values have been updated with connection counter information (for example connection count
in/out or connection rate).
365
OID: 1.3.6.1.4.1.15397.2.1.136.13
Value updates, High Priority (Bytes)

This is the number of times high priority values have been updated with byte counter information (for example bytes
transferred or bit rate).
OID: 1.3.6.1.4.1.15397.2.1.136.12
Value updates, High Priority (Conns)

This is the number of times high priority values have been updated with connection counter information (for example
connection count in/out or connection rate).
OID: 1.3.6.1.4.1.15397.2.1.136.14
Values filtered
This is the number of values filtered due to the threshold settings in StatisticsObjects.
OID: 1.3.6.1.4.1.15397.2.1.136.8
Values in dataset
This is the number of values existing in the dataset.
OID: 1.3.6.1.4.1.15397.2.1.136.2
Values in dataset (delayed expand)

This is the number of values that are created by means of delayed expansion of a ServiceObject tree. This delayed
expansion optimizes performance by only updating one value when the connection update comes, and then copying the
information to all levels in a ServiceObject distribution after the connection update is processed.
OID: 1.3.6.1.4.1.15397.2.1.136.3
Values in dataset(Aggregation)
This is the number of values in the dataset that are aggregated values. Aggregation is configured in the StatisticsObjects.
OID: 1.3.6.1.4.1.15397.2.1.136.5
Values max depth
OID: 1.3.6.1.4.1.15397.2.1.136.80
Values not created, Cache exhausted

This is the number of values that should have been created but were not, because the cache in the statistics daemon
holding the dataset was exhausted. The size of the value cache is based on the setting of the system configuration value
PLS_MAX_VALUES.
OID: 1.3.6.1.4.1.15397.2.1.136.6
Values not created, Priority Threshold

This is the number of values that were not created after the priority threshold has been reached. The priority threshold is
set in the system configuration value PLS_PRIORITY_THRESHOLD as a percentage. By default this value is 90%. This
means that the threshold is 90% of the value cache, which is set in PLS_MAX_VALUES. When 90% of the value cache
has been used, the remaining 10% is reserved for high priority values. New values that are normal priority can not be
created after the threshold is reached, and the number of values is accounted for in this system diagnostics value.
OID: 1.3.6.1.4.1.15397.2.1.136.7
Values sent to Statwriter

This is the number of values sent to the Statwriter for writing to disk.
OID: 1.3.6.1.4.1.15397.2.1.136.9
366
C.46. Statistics Writer

Dataset Backlog Error count
This is the number of datasets that could not be processed and was placed in a separate directory.
OID: 1.3.6.1.4.1.15397.2.1.137.42
Dataset Backlog count

This is the number of datasets that have not yet been processed.
OID: 1.3.6.1.4.1.15397.2.1.137.41
Dataset Values
This is the number of values in the last dataset written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.4
Dataset Values Dropped (Global Index exhausted)

This is the number of values dropped because the size of the global index is not large enough to hold all values. The
size of the global index is defined by the system configuration value PLDB_STATISTICSFS_MAX_VALUES. The statistics
writer will accept a number of values 20% higher than the value of PLDB_STATISTICSFS_MAX_VALUES before dropping
values, to allow an overshoot at the end of a day, just before a new global index is created.
OID: 1.3.6.1.4.1.15397.2.1.137.7
Dataset Values Dropped (Symlink target not found)

This is the number of values dropped because they contain links with a target that cannot be found.
OID: 1.3.6.1.4.1.15397.2.1.137.8
Dataset Values Dropped (cache exhausted)

This is the number of values dropped from the dataset because the number of values exceed the size of the value cache in
the statistics writer daemon defined by the system configuration value PLDB_STATISTICSFS_MAX_VALUES_DATASET.
Values are sent from the statistics daemon to PLDBD in ascending order of depth level. Root level values are sent first.
Therefore, values with the deepest depth will be dropped first in case the cache is exhausted. It is recommended to set
an alert threshold value for this item to avoid values being dropped.
OID: 1.3.6.1.4.1.15397.2.1.137.5
Dataset Values Dropped (malformed name)

This counter is incremented when the statistics writer is dropping values because it is is unable to find the parent of a
value. The reason for this could be either that plsd is building corrupted value paths or that the index table is exhausted,
and statwriter is unable to load all values. In case the index table is exhausted, plswb logs a message similar to 'X
values not stored, Globals index table exhausted' in pldbd.log. The size of the global index table is determined by
PLDB_STATISTICSFS_MAX_VALUES.
OID: 1.3.6.1.4.1.15397.2.1.137.6
Dataset values, New Daily Indexes

This is the number of new daily indexes created when the last dataset was written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.11
Dataset values, New Global Indexes

This is the number of new entries in the global index file created when the last dataset was written to the statistics file
system.
OID: 1.3.6.1.4.1.15397.2.1.137.9
367
Dataset values, Updates (Graphs)

This is the number of updates to graph files made when the last dataset was written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.13
Dataset values, Updates (Totals)

This is the number of updates to totals files made when the last dataset was written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.12
Dataset, Begin
This is the starting time of the last dataset written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.1
Dataset, End
This is the end time of the last dataset written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.2
Dataset, Sessions
This is the number of PLSDs that connected to the statistics writer to supply the last dataset.
OID: 1.3.6.1.4.1.15397.2.1.137.3
Dataset, Size
This is the compressed size of the datasets received from all statistics daemons.
OID: 1.3.6.1.4.1.15397.2.1.137.32
Dataset, Total Write time

This is the total time to write the last dataset.
OID: 1.3.6.1.4.1.15397.2.1.137.14
Statisticsfs current globals, Disk usage

This is the size of the global index file on the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.38
Statisticsfs current globals, Utilization

This is the percentage of the global index file on the statistics file system that is currently being used.
OID: 1.3.6.1.4.1.15397.2.1.137.37
Statisticsfs globals, Count

This is the total number of global index tables on the system.
OID: 1.3.6.1.4.1.15397.2.1.137.40
Statisticsfs previous globals, Duration

This is the duration in days that the previous global index lasted before a new one was created. If this value is just a few
days, increasing PLDB_STATISTICSFS_MAX_VALUES should be considered.
OID: 1.3.6.1.4.1.15397.2.1.137.39
Statisticsfs, Daily Graph data usage (Bytes)

This is the number of bytes used for graph data in the statistics file system. This value is for uncompressed data, and the
actual disk usage may hence be less, since the information is compressed when written to disk.
OID: 1.3.6.1.4.1.15397.2.1.137.23
368
Statisticsfs, Disk Size

This is the size of the disk available to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.25
Statisticsfs, Disk Usage

This is the usage of the disk available to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.24
Statisticsfs, Disk Usage Per Day (Connlog)

This is the daily average usage of connlog data on the disk available to the statistics file system. The daily average is
calculated using the past five days.
OID: 1.3.6.1.4.1.15397.2.1.137.34
Statisticsfs, Disk Usage Per Day (Statistics)

This is the daily average usage of statistics data on the disk available to the statistics file system. The daily average is
calculated using the past five days.
OID: 1.3.6.1.4.1.15397.2.1.137.33
Statisticsfs, Values (Daily Indexes)

This is the number of daily index entries in the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.21
Statisticsfs, Values (Global Indexes)

This is the number of entries in the global index in the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.19
System, Disk Size

This is the size of the disk used for the system on which the statistics writer runs.
OID: 1.3.6.1.4.1.15397.2.1.137.27
System, Disk Usage

This is the usage of the disk used for the system on which the statistics writer runs.
OID: 1.3.6.1.4.1.15397.2.1.137.26
C.47. System
CPU load
OID: 1.3.6.1.4.1.15397.2.1.133.1
Free RAM
OID: 1.3.6.1.4.1.15397.2.1.133.3
Free swap
OID: 1.3.6.1.4.1.15397.2.1.133.5
Interface bytes received
OID: 1.3.6.1.4.1.15397.2.1.133.9
369
Interface bytes sent
OID: 1.3.6.1.4.1.15397.2.1.133.10
System disk size
OID: 1.3.6.1.4.1.15397.2.1.133.8
System disk usage
OID: 1.3.6.1.4.1.15397.2.1.133.7
Total RAM
OID: 1.3.6.1.4.1.15397.2.1.133.2
Total swap
OID: 1.3.6.1.4.1.15397.2.1.133.4
Uptime
OID: 1.3.6.1.4.1.15397.2.1.133.6
C.48. TCPv4
Connection create attempts
This is the number of TCPv4 connection attempts. Some of these might get refused by filtering rules or connection
protection.
OID: 1.3.6.1.4.1.15397.2.1.48.4
Connections created
This is the number of TCPv4 connections actually created.
OID: 1.3.6.1.4.1.15397.2.1.48.5
Connections reopened
OID: 1.3.6.1.4.1.15397.2.1.48.44
Failed RTT Calibration

This is the number of times RTT calibration for a TCPv4 connection has failed.
OID: 1.3.6.1.4.1.15397.2.1.48.47
Goodput bytes
This is the number of application (L4 payload) bytes received.
OID: 1.3.6.1.4.1.15397.2.1.48.15
Goodput packets
This is the number of application (L4 payload) packets received.
OID: 1.3.6.1.4.1.15397.2.1.48.14
Packet allocation failures

This is the number of allocation failures. Allocation failures on this level will stop the TCP reordering from working properly.
370
OID: 1.3.6.1.4.1.15397.2.1.48.19

This is the number of TCPv4 packets refused by the low level filter.
OID: 1.3.6.1.4.1.15397.2.1.48.29
Packets with Time Stamp Option
OID: 1.3.6.1.4.1.15397.2.1.48.45
Packets with corrupt options

This is the number of TCPv4 packets received with corrupted TCP options.
OID: 1.3.6.1.4.1.15397.2.1.48.25
RX bytes
This is the number of TCPv4 bytes received.
OID: 1.3.6.1.4.1.15397.2.1.48.2
RX packets
This is the number of TCPv4 packets received.
OID: 1.3.6.1.4.1.15397.2.1.48.1
Refused (broadcast)
This is the number of broadcasted TCPv4 packets that are dropped.
OID: 1.3.6.1.4.1.15397.2.1.48.8
Refused (offset)
This is the number of packets where the payload indicated is larger than the packet size are dropped.
OID: 1.3.6.1.4.1.15397.2.1.48.9
Refused (ruleset)
This is the number of packets refused by the ruleset.
OID: 1.3.6.1.4.1.15397.2.1.48.6
Refused (short)
This is the number of packets refused because they are invalidly short.
OID: 1.3.6.1.4.1.15397.2.1.48.7
Rejected packets
This is the number of packets rejected by reject actions in filtering.
OID: 1.3.6.1.4.1.15397.2.1.48.10
SYN packets for existing connections

This is the number of SYN packets received for connections that PacketLogic considers to already exist.
OID: 1.3.6.1.4.1.15397.2.1.48.32
Segment allocation failures
OID: 1.3.6.1.4.1.15397.2.1.48.33
Successfull RTT Calibration

This is the number of time RTT calibration for a TCPv4 connection has succeeded.
371
OID: 1.3.6.1.4.1.15397.2.1.48.46
Untracked bytes
OID: 1.3.6.1.4.1.15397.2.1.48.24
Untracked bytes (goodput)
OID: 1.3.6.1.4.1.15397.2.1.48.23
Untracked packets
OID: 1.3.6.1.4.1.15397.2.1.48.13
C.49. TCPv6
Connection create attempts
OID: 1.3.6.1.4.1.15397.2.1.127.4
Connections created
OID: 1.3.6.1.4.1.15397.2.1.127.5
Connections reopened
OID: 1.3.6.1.4.1.15397.2.1.127.44
Failed RTT Calibration

This is the number of times RTT calibration for a TCPv6 connection has failed.
OID: 1.3.6.1.4.1.15397.2.1.127.47
Goodput bytes
OID: 1.3.6.1.4.1.15397.2.1.127.15
Goodput packets
OID: 1.3.6.1.4.1.15397.2.1.127.14
Packet allocation failures
OID: 1.3.6.1.4.1.15397.2.1.127.19
OID: 1.3.6.1.4.1.15397.2.1.127.29
Packets with Time Stamp Option
OID: 1.3.6.1.4.1.15397.2.1.127.45
Packets with corrupt options
OID: 1.3.6.1.4.1.15397.2.1.127.25
RX bytes
OID: 1.3.6.1.4.1.15397.2.1.127.2
372
RX packets
OID: 1.3.6.1.4.1.15397.2.1.127.1
Refused (broadcast)
OID: 1.3.6.1.4.1.15397.2.1.127.8
Refused (offset)
OID: 1.3.6.1.4.1.15397.2.1.127.9
Refused (ruleset)
OID: 1.3.6.1.4.1.15397.2.1.127.6
Refused (short)
OID: 1.3.6.1.4.1.15397.2.1.127.7
Rejected packets
OID: 1.3.6.1.4.1.15397.2.1.127.10
SYN packets for existing connections
OID: 1.3.6.1.4.1.15397.2.1.127.32
Segment allocation failures
OID: 1.3.6.1.4.1.15397.2.1.127.33
Successfull RTT Calibration

This is the number of time RTT calibration for a TCPv6 connection has succeeded.
OID: 1.3.6.1.4.1.15397.2.1.127.46
Untracked bytes
OID: 1.3.6.1.4.1.15397.2.1.127.24
Untracked bytes (goodput)
OID: 1.3.6.1.4.1.15397.2.1.127.23
Untracked packets
OID: 1.3.6.1.4.1.15397.2.1.127.13
C.50. Teredo
RX data
OID: 1.3.6.1.4.1.15397.2.1.128.3
RX packets
OID: 1.3.6.1.4.1.15397.2.1.128.2
373
C.51. Tunnel
Context allocation failures
OID: 1.3.6.1.4.1.15397.2.1.130.12
Contexts used
OID: 1.3.6.1.4.1.15397.2.1.130.11
C.52. UDPv4
RX bytes
OID: 1.3.6.1.4.1.15397.2.1.51.2
RX packets
OID: 1.3.6.1.4.1.15397.2.1.51.1
Refused (ruleset)
OID: 1.3.6.1.4.1.15397.2.1.51.3
Refused (short)
OID: 1.3.6.1.4.1.15397.2.1.51.4
C.53. UDPv6
RX bytes
OID: 1.3.6.1.4.1.15397.2.1.52.2
RX packets
OID: 1.3.6.1.4.1.15397.2.1.52.1
Refused (ruleset)
OID: 1.3.6.1.4.1.15397.2.1.52.3
Refused (short)
OID: 1.3.6.1.4.1.15397.2.1.52.4
C.54. Web Liveview

Number of http connections
374
OID: 1.3.6.1.4.1.15397.2.1.144.2
Number of http file requests received
OID: 1.3.6.1.4.1.15397.2.1.144.7
Number of http upgrade requests received
OID: 1.3.6.1.4.1.15397.2.1.144.8
Number of netobject/serviceobject updates received
OID: 1.3.6.1.4.1.15397.2.1.144.6
Number of view updates received
OID: 1.3.6.1.4.1.15397.2.1.144.5
Number of views
OID: 1.3.6.1.4.1.15397.2.1.144.4
Number of web sockets
OID: 1.3.6.1.4.1.15397.2.1.144.3
String cache usage
OID: 1.3.6.1.4.1.15397.2.1.144.9
Uptime
OID: 1.3.6.1.4.1.15397.2.1.144.1
C.55. Debug values

IPv4 Type packets
OID: 1.3.6.1.4.1.15397.2.1.154.4
IPv6 Type packets
OID: 1.3.6.1.4.1.15397.2.1.154.5
Bytes sent in connection updates
OID: 1.3.6.1.4.1.15397.2.1.56.45
Bytes sent in connection updates (push updates)
OID: 1.3.6.1.4.1.15397.2.1.56.46
Connections without timer
OID: 1.3.6.1.4.1.15397.2.1.56.27
Destroyed established
OID: 1.3.6.1.4.1.15397.2.1.56.25
375
Failed lookups
OID: 1.3.6.1.4.1.15397.2.1.56.15
Filtered out updates
OID: 1.3.6.1.4.1.15397.2.1.56.47
Lookups
OID: 1.3.6.1.4.1.15397.2.1.56.10
Made established
OID: 1.3.6.1.4.1.15397.2.1.56.11
Made unestablished
OID: 1.3.6.1.4.1.15397.2.1.56.24
TTL timeouts
OID: 1.3.6.1.4.1.15397.2.1.56.13
Updates sent
OID: 1.3.6.1.4.1.15397.2.1.56.12
Updates sent (push updates))
OID: 1.3.6.1.4.1.15397.2.1.56.44
Updates with invalid ruleset
OID: 1.3.6.1.4.1.15397.2.1.56.26
Connection not found
OID: 1.3.6.1.4.1.15397.2.1.60.16
Corrupt packet received
OID: 1.3.6.1.4.1.15397.2.1.60.15
Out of sync - collision
OID: 1.3.6.1.4.1.15397.2.1.60.12
Out of sync - missed rcv/late collision

This is the number of connections set as out of sync due to gaps in the message sequence. This is caused by packet
loss on the flowsync connection.
OID: 1.3.6.1.4.1.15397.2.1.60.11
Peer PLOS clock difference (ms)
OID: 1.3.6.1.4.1.15397.2.1.60.63
Proxy receive error (corrupt packet)
OID: 1.3.6.1.4.1.15397.2.1.60.56
376
Proxy receive error (unknown connection type)
OID: 1.3.6.1.4.1.15397.2.1.60.55
Proxy receive error (unknown connection)
OID: 1.3.6.1.4.1.15397.2.1.60.54
Proxy send error (transformation failed)
OID: 1.3.6.1.4.1.15397.2.1.60.51
Tunnel referenced in seen not found
OID: 1.3.6.1.4.1.15397.2.1.60.46
Update packet overflow
OID: 1.3.6.1.4.1.15397.2.1.60.14
Dropped packets (IPv6 disabled)
OID: 1.3.6.1.4.1.15397.2.1.125.65
Dropped packets (No matching divert rule)
OID: 1.3.6.1.4.1.15397.2.1.125.67
Dropped packets (connection dropped)
OID: 1.3.6.1.4.1.15397.2.1.125.64
Dropped packets (received on real channel, connsync tunnel active)
OID: 1.3.6.1.4.1.15397.2.1.125.66
Dropped packets (unspecificed error)
OID: 1.3.6.1.4.1.15397.2.1.125.68
Proxy asym local egress error packet (already diverted)
OID: 1.3.6.1.4.1.15397.2.1.125.38
Proxy asym local egress error packet (divert channel not operational)
OID: 1.3.6.1.4.1.15397.2.1.125.37
Proxy asym local egress error packet (no matching divert rule)
OID: 1.3.6.1.4.1.15397.2.1.125.36
Proxy asym local egress error packet (packet transmit)
OID: 1.3.6.1.4.1.15397.2.1.125.39
Proxy asym notifications receive error (corrupt packet)
OID: 1.3.6.1.4.1.15397.2.1.125.51
Proxy asym notifications receive error (established but already diverted)
OID: 1.3.6.1.4.1.15397.2.1.125.52
377
Proxy asym notifications receive error (host allocation failure)
OID: 1.3.6.1.4.1.15397.2.1.125.69
Proxy asym notifications receive error (no matching divert rule)
OID: 1.3.6.1.4.1.15397.2.1.125.50
Proxy asym notifications received (established)
OID: 1.3.6.1.4.1.15397.2.1.125.47
Proxy asym notifications sent (established)
OID: 1.3.6.1.4.1.15397.2.1.125.43
Proxy asym remote ingress error (corrupt packet)
OID: 1.3.6.1.4.1.15397.2.1.125.32
Proxy asym remote ingress error (no divert proxy present)
OID: 1.3.6.1.4.1.15397.2.1.125.59
Proxy asym remote ingress error (no matching divert rule)
OID: 1.3.6.1.4.1.15397.2.1.125.31
Proxy asym remote ingress error (unsupported protocol)
OID: 1.3.6.1.4.1.15397.2.1.125.33
Proxy buffered packets dropped (resources)
OID: 1.3.6.1.4.1.15397.2.1.125.58
Proxy connections failed (allocate packet buffer)
OID: 1.3.6.1.4.1.15397.2.1.125.53
Proxy connections failed (apply L2)
OID: 1.3.6.1.4.1.15397.2.1.125.24
Proxy connections failed (asymmetric)
OID: 1.3.6.1.4.1.15397.2.1.125.22
Proxy connections failed (inject failed)
OID: 1.3.6.1.4.1.15397.2.1.125.70
Proxy connections failed (out of proxies)
OID: 1.3.6.1.4.1.15397.2.1.125.23
Proxy connections failed (timeout)
OID: 1.3.6.1.4.1.15397.2.1.125.56
Proxy connections failed (too many channels)
OID: 1.3.6.1.4.1.15397.2.1.125.21
378
Proxy connections failed (transmit packet buffer)
OID: 1.3.6.1.4.1.15397.2.1.125.54
Proxy connections failed (unexpected packet received)
OID: 1.3.6.1.4.1.15397.2.1.125.55
Proxy connections failed (unexpected packet received, SYN/ACK reply expected)
OID: 1.3.6.1.4.1.15397.2.1.125.60
Proxy connections failed (unexpected packet received, own SYN expected)
OID: 1.3.6.1.4.1.15397.2.1.125.61
Proxy connections failed (unexpected packet received, own SYN/ACK expected)
OID: 1.3.6.1.4.1.15397.2.1.125.62
Proxy connections failed (unexpected packet received, own final ACK expected)
OID: 1.3.6.1.4.1.15397.2.1.125.63
Proxy connections ignored (too late matching due to new ruleset)
OID: 1.3.6.1.4.1.15397.2.1.125.72
Too small L2-headers
OID: 1.3.6.1.4.1.15397.2.1.125.26
Analyzed bytes
OID: 1.3.6.1.4.1.15397.2.1.24.12
Analyzer packet checks
OID: 1.3.6.1.4.1.15397.2.1.24.11
Buckets used in taint store
OID: 1.3.6.1.4.1.15397.2.1.24.49
Buffer clears because of incoming sync states
OID: 1.3.6.1.4.1.15397.2.1.24.70
Child allocation failures
OID: 1.3.6.1.4.1.15397.2.1.24.4
Connections with queued packets
OID: 1.3.6.1.4.1.15397.2.1.24.64
Cutoffs (stuck in Being Analyzed)
OID: 1.3.6.1.4.1.15397.2.1.24.62
Cutoffs (stuck without action)
OID: 1.3.6.1.4.1.15397.2.1.24.63
379
Dequeued packets
OID: 1.3.6.1.4.1.15397.2.1.24.66
Dynamic reoptimizations.
OID: 1.3.6.1.4.1.15397.2.1.24.60
Key-Value store entries added.
OID: 1.3.6.1.4.1.15397.2.1.24.57
Key-Value store entries that were passed to the sync handler.
OID: 1.3.6.1.4.1.15397.2.1.24.76
Key-Value store lookup hits.
OID: 1.3.6.1.4.1.15397.2.1.24.58
Key-Value store lookup misses.
OID: 1.3.6.1.4.1.15397.2.1.24.59
LRU child allocations
OID: 1.3.6.1.4.1.15397.2.1.24.3
Number of automatic accepts
OID: 1.3.6.1.4.1.15397.2.1.24.21
Number of bytes grab code has been executed earlier
OID: 1.3.6.1.4.1.15397.2.1.24.71
Number of full run packets
OID: 1.3.6.1.4.1.15397.2.1.24.24
Number of slice state structures used
OID: 1.3.6.1.4.1.15397.2.1.24.27
Orphaned childconnections
OID: 1.3.6.1.4.1.15397.2.1.24.18
Packet queue length
OID: 1.3.6.1.4.1.15397.2.1.24.67
Property allocation failures (128)
OID: 1.3.6.1.4.1.15397.2.1.24.74
OID: 1.3.6.1.4.1.15397.2.1.24.55
OID: 1.3.6.1.4.1.15397.2.1.24.7
380
OID: 1.3.6.1.4.1.15397.2.1.24.5
Queue allocation failures
OID: 1.3.6.1.4.1.15397.2.1.24.69
Queued packets (time spent)
OID: 1.3.6.1.4.1.15397.2.1.24.68
Queued packets (too long segment chains)
OID: 1.3.6.1.4.1.15397.2.1.24.65
Skipped bytes
OID: 1.3.6.1.4.1.15397.2.1.24.13
Truncated overlong packets
OID: 1.3.6.1.4.1.15397.2.1.24.61
UCAP: Allocated packet queues
OID: 1.3.6.1.4.1.15397.2.1.24.50
UCAP: Connections sent to userspace
OID: 1.3.6.1.4.1.15397.2.1.24.52
UCAP: Overflows in packet queues
OID: 1.3.6.1.4.1.15397.2.1.24.53
UCAP: Packets held in packet queues
OID: 1.3.6.1.4.1.15397.2.1.24.51
Virtual services range steps
OID: 1.3.6.1.4.1.15397.2.1.24.46
Virtual services range tests
OID: 1.3.6.1.4.1.15397.2.1.24.45
Virtual services regex steps
OID: 1.3.6.1.4.1.15397.2.1.24.48
Virtual services regex tests
OID: 1.3.6.1.4.1.15397.2.1.24.47
Analyzer allocated but could not retrieve state from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.8
Analyzer heuristic flag access from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.9
381
Analyzer heuristic flag invalid access from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.10
Analyzer state properties allocated from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.6
Analyzer state properties failed to allocate from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.7
Bincode local config lookup failure
OID: 1.3.6.1.4.1.15397.2.1.25.16
Bincode local config lookup success
OID: 1.3.6.1.4.1.15397.2.1.25.15
Key-Value store entries that were passed to the sync handler from bincode.
OID: 1.3.6.1.4.1.15397.2.1.25.17
String table lookup failures from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.14
Total packet bytes access from bincode
OID: 1.3.6.1.4.1.15397.2.1.25.13
Ruleset evaluations
OID: 1.3.6.1.4.1.15397.2.1.80.6
0xffff Type packets
OID: 1.3.6.1.4.1.15397.2.1.131.10
Ethernet type packets
OID: 1.3.6.1.4.1.15397.2.1.131.14
Ethernet unknown type packets
OID: 1.3.6.1.4.1.15397.2.1.131.15
GRE Packets with unknown version
OID: 1.3.6.1.4.1.15397.2.1.131.4
GRE packets with depricated route flag
OID: 1.3.6.1.4.1.15397.2.1.131.7
GRE packets with unkown type
OID: 1.3.6.1.4.1.15397.2.1.131.6
IPv4 Type packets
OID: 1.3.6.1.4.1.15397.2.1.131.8
382
IPv6 Type packets
OID: 1.3.6.1.4.1.15397.2.1.131.9
PPP Type Packets
OID: 1.3.6.1.4.1.15397.2.1.131.12
PPP Type Packets with Unknown Protocol
OID: 1.3.6.1.4.1.15397.2.1.131.13
PPTP Packets
OID: 1.3.6.1.4.1.15397.2.1.131.11
Too Short GRE Packets
OID: 1.3.6.1.4.1.15397.2.1.131.5
Create PDP Context Request Packets
OID: 1.3.6.1.4.1.15397.2.1.129.5
Create PDP Context Response Packets
OID: 1.3.6.1.4.1.15397.2.1.129.6
Delete PDP Context Request Packets
OID: 1.3.6.1.4.1.15397.2.1.129.7
Delete PDP Context Response Packets
OID: 1.3.6.1.4.1.15397.2.1.129.8
Echo Request Packets
OID: 1.3.6.1.4.1.15397.2.1.129.13
Echo Response Packets
OID: 1.3.6.1.4.1.15397.2.1.129.14
Error Indication
OID: 1.3.6.1.4.1.15397.2.1.129.9
G-PDU Packets
OID: 1.3.6.1.4.1.15397.2.1.129.4
SGSN Context Request
OID: 1.3.6.1.4.1.15397.2.1.129.15
SGSN Context Response
OID: 1.3.6.1.4.1.15397.2.1.129.16
Unkown GTP Type
OID: 1.3.6.1.4.1.15397.2.1.129.10
383
Update PDP Context Request Packets
OID: 1.3.6.1.4.1.15397.2.1.129.11
Update PDP Context Response Packets
OID: 1.3.6.1.4.1.15397.2.1.129.12
Add connection SC failures

This is the number of calls to `pl_host_stats_add_connection` that did not match any configured session context rows.
This will lead to the affected connections being unaccounted for in host stats.
OID: 1.3.6.1.4.1.15397.2.1.146.13
Volume filtered
OID: 1.3.6.1.4.1.15397.2.1.146.11
Volume sent
OID: 1.3.6.1.4.1.15397.2.1.146.10
Fragment ids
OID: 1.3.6.1.4.1.15397.2.1.32.10
Packet fragments
This is the number of received fragments.
OID: 1.3.6.1.4.1.15397.2.1.32.7
Fragment ids
OID: 1.3.6.1.4.1.15397.2.1.126.10
Fragments in Fragments
OID: 1.3.6.1.4.1.15397.2.1.126.32
Packet fragments
OID: 1.3.6.1.4.1.15397.2.1.126.7
Dimension lookup failures
OID: 1.3.6.1.4.1.15397.2.1.145.51
Dimension lookups
OID: 1.3.6.1.4.1.15397.2.1.145.50
Score: Accumulator row keys allocated
OID: 1.3.6.1.4.1.15397.2.1.145.77
Score: Accumulator row keys free
OID: 1.3.6.1.4.1.15397.2.1.145.79
Score: Accumulator row keys used
OID: 1.3.6.1.4.1.15397.2.1.145.78
384
Score: Accumulator row stats allocated
OID: 1.3.6.1.4.1.15397.2.1.145.80
Score: Accumulator row stats free
OID: 1.3.6.1.4.1.15397.2.1.145.82
Score: Accumulator row stats used
OID: 1.3.6.1.4.1.15397.2.1.145.81
Score: CSV files on disk
OID: 1.3.6.1.4.1.15397.2.1.145.87
Score: CSV rows dropped
OID: 1.3.6.1.4.1.15397.2.1.145.86
Score: Rows Skipped, Empty Subscriber
OID: 1.3.6.1.4.1.15397.2.1.145.69
Score: Volume received
OID: 1.3.6.1.4.1.15397.2.1.145.52
Traffic: Accumulator row keys allocated
OID: 1.3.6.1.4.1.15397.2.1.145.9
Traffic: Accumulator row keys free
OID: 1.3.6.1.4.1.15397.2.1.145.11
Traffic: Accumulator row keys used
OID: 1.3.6.1.4.1.15397.2.1.145.10
Traffic: Accumulator row stats allocated
OID: 1.3.6.1.4.1.15397.2.1.145.72
Traffic: Accumulator row stats free
OID: 1.3.6.1.4.1.15397.2.1.145.74
Traffic: Accumulator row stats used
OID: 1.3.6.1.4.1.15397.2.1.145.73
Traffic: CSV files on disk
OID: 1.3.6.1.4.1.15397.2.1.145.88
Traffic: CSV rows dropped
OID: 1.3.6.1.4.1.15397.2.1.145.85
Traffic: Rows Skipped, Empty Subscriber
OID: 1.3.6.1.4.1.15397.2.1.145.68
385
Port Visible Devices
OID: 1.3.6.1.4.1.15397.2.1.153.12
Timestamp Visible Devices
OID: 1.3.6.1.4.1.15397.2.1.153.7
Connection update batches
OID: 1.3.6.1.4.1.15397.2.1.134.38
Dynamic IP lookups
OID: 1.3.6.1.4.1.15397.2.1.134.26
Dynamic netobject IPs in visible netobjects
OID: 1.3.6.1.4.1.15397.2.1.134.28
Dynamic netobject items in visible netobjects
OID: 1.3.6.1.4.1.15397.2.1.134.27
Host post-processing time (ms)
OID: 1.3.6.1.4.1.15397.2.1.134.31
Host stats: Volume received
OID: 1.3.6.1.4.1.15397.2.1.134.42
Host stats: Volume sent
OID: 1.3.6.1.4.1.15397.2.1.134.43
Host stats: records received
OID: 1.3.6.1.4.1.15397.2.1.134.33
Hostname allocations
The number of hostnames allocated.
OID: 1.3.6.1.4.1.15397.2.1.134.19
Matching views recalculations
OID: 1.3.6.1.4.1.15397.2.1.134.24
ShapingObject array allocations

The number of ShapingObject arrays allocated.
OID: 1.3.6.1.4.1.15397.2.1.134.49
View value recalculations
OID: 1.3.6.1.4.1.15397.2.1.134.25
Visible NetObjects post-processing time (ms)
OID: 1.3.6.1.4.1.15397.2.1.134.32
386
Visible NetObjects pre-proccessing time (ms)
OID: 1.3.6.1.4.1.15397.2.1.134.30
CPU power save
OID: 1.3.6.1.4.1.15397.2.1.135.57
FPGA firmware build external
OID: 1.3.6.1.4.1.15397.2.1.135.95
FPGA firmware build internal
OID: 1.3.6.1.4.1.15397.2.1.135.94
FPGA firmware version external
OID: 1.3.6.1.4.1.15397.2.1.135.85
FPGA firmware version internal
OID: 1.3.6.1.4.1.15397.2.1.135.84
Heartbeat packets lost (Fabric 1)
OID: 1.3.6.1.4.1.15397.2.1.135.60
Heartbeat packets lost (Fabric 2)
OID: 1.3.6.1.4.1.15397.2.1.135.61
Invalid port external

This is the number of packets with invalid ports on the external channel interface
OID: 1.3.6.1.4.1.15397.2.1.135.148
Invalid port internal

This is the number of packets with invalid ports on the internal channel interface
OID: 1.3.6.1.4.1.15397.2.1.135.147
Least loaded fp thread blacklisted buckets

This is the number of blacklisted buckets mapped to the least loaded flow processor thread.
OID: 1.3.6.1.4.1.15397.2.1.135.107
Least loaded fp thread buckets

This is the number of buckets mapped to the least loaded flow processor thread.
OID: 1.3.6.1.4.1.15397.2.1.135.106
Least loaded fp thread most loaded bucket packets

This is the number of packets sent from the most loaded bucket to the least loaded flow processor thread.
OID: 1.3.6.1.4.1.15397.2.1.135.108
Least loaded fp thread packets

This is the number of packets sent to the least loaded flow processor thread.
OID: 1.3.6.1.4.1.15397.2.1.135.105
387
Most loaded fp thread blacklisted buckets

This is the number of blacklisted buckets mapped to the most loaded flow processor thread.
OID: 1.3.6.1.4.1.15397.2.1.135.103
Most loaded fp thread buckets

This is the number of buckets mapped to the most loaded flow processor thread.
OID: 1.3.6.1.4.1.15397.2.1.135.102
Most loaded fp thread most loaded bucket packets

This is the number of packets sent from the most loaded bucket to the most loaded flow processor thread.
OID: 1.3.6.1.4.1.15397.2.1.135.104
Most loaded fp thread packets

This is the number of packets sent to the most loaded flow processor thread.
OID: 1.3.6.1.4.1.15397.2.1.135.101
Out of poll slots
OID: 1.3.6.1.4.1.15397.2.1.135.65
Responding flow processors (Fabric 1)
OID: 1.3.6.1.4.1.15397.2.1.135.58
Responding flow processors (Fabric 2)
OID: 1.3.6.1.4.1.15397.2.1.135.59
TX direct external not allowed
OID: 1.3.6.1.4.1.15397.2.1.135.64
TX direct internal not allowed
OID: 1.3.6.1.4.1.15397.2.1.135.63
Unknown ethertype external

This is the number of packets with unknown ethertypes on the external channel interface
OID: 1.3.6.1.4.1.15397.2.1.135.146
Unknown ethertype internal

This is the number of packets with unknown ethertypes on the internal channel interface
OID: 1.3.6.1.4.1.15397.2.1.135.145
Corrupt packet received
OID: 1.3.6.1.4.1.15397.2.1.61.1
Natsync message over connsync not sent
OID: 1.3.6.1.4.1.15397.2.1.61.4
Natsync remove messages received from other natsync peers
OID: 1.3.6.1.4.1.15397.2.1.61.8
388
Natsync remove messages sent to natsync peers
OID: 1.3.6.1.4.1.15397.2.1.61.6
Natsync sync messages received from other natsync peers
OID: 1.3.6.1.4.1.15397.2.1.61.7
Natsync sync messages sent to natsync peers
OID: 1.3.6.1.4.1.15397.2.1.61.5
CPU Wakeups
OID: 1.3.6.1.4.1.15397.2.1.8.29
CPU irqs
OID: 1.3.6.1.4.1.15397.2.1.8.28
CPU power save
OID: 1.3.6.1.4.1.15397.2.1.8.25
Context allocation failures
OID: 1.3.6.1.4.1.15397.2.1.8.32
Context allocations
OID: 1.3.6.1.4.1.15397.2.1.8.31
Context switches
OID: 1.3.6.1.4.1.15397.2.1.8.33
Contexts in use
OID: 1.3.6.1.4.1.15397.2.1.8.30
DMA-allocated packets
OID: 1.3.6.1.4.1.15397.2.1.8.13
Load balancer drops
OID: 1.3.6.1.4.1.15397.2.1.8.22
Load balancer queue length
OID: 1.3.6.1.4.1.15397.2.1.8.24
Max watchdog delay
OID: 1.3.6.1.4.1.15397.2.1.8.34
NIC RX drops
OID: 1.3.6.1.4.1.15397.2.1.8.23
Steal time ticks between updates (avg)

How much time (in time ticks) passed between hypervisor steal events, averaged over connection update interval.
389
OID: 1.3.6.1.4.1.15397.2.1.8.37
TX packets not allowed
OID: 1.3.6.1.4.1.15397.2.1.8.26
(ext) Number of packets from blacklisted peers
OID: 1.3.6.1.4.1.15397.2.1.123.35
Ignored out of order updates
OID: 1.3.6.1.4.1.15397.2.1.123.19
Ignored updates (generation wrap)
OID: 1.3.6.1.4.1.15397.2.1.123.20
Compiled Rules: Number of filter rules in compiled ruleset
OID: 1.3.6.1.4.1.15397.2.1.147.32
Compiled Rules: Number of shaping rules in compiled ruleset
OID: 1.3.6.1.4.1.15397.2.1.147.33
Compiled Rules: Number of stats rules in compiled ruleset
OID: 1.3.6.1.4.1.15397.2.1.147.34
Config Rules: Number of filter rules in ruleset config
OID: 1.3.6.1.4.1.15397.2.1.147.12
Config Rules: Number of shaping rules in ruleset config
OID: 1.3.6.1.4.1.15397.2.1.147.13
Config Rules: Number of stats rules in ruleset config
OID: 1.3.6.1.4.1.15397.2.1.147.14
Ruleset calcjob: Largest number of calc jobs. Gets reset on each ruleset recompile
OID: 1.3.6.1.4.1.15397.2.1.147.54
Ruleset calcjob: Number of calc jobs
OID: 1.3.6.1.4.1.15397.2.1.147.53
Ruleset calcjob: Sum of static and dynamic IPv4 prefixes to consider for compile
OID: 1.3.6.1.4.1.15397.2.1.147.51
Ruleset calcjob: Sum of static and dynamic IPv6 prefixes to consider for compile
OID: 1.3.6.1.4.1.15397.2.1.147.52
Ruleset prefixes: Largest bitmask size seen
OID: 1.3.6.1.4.1.15397.2.1.147.67
SplitBy Shaping: Number of cloned shaping objects created
390
OID: 1.3.6.1.4.1.15397.2.1.147.22
SplitBy Shaping: Number of shaping rules after splitby
OID: 1.3.6.1.4.1.15397.2.1.147.21
Oper REMOVEORPHANS: Orphan dynamic netobject items removed

This is the number of dynamic NetObject items removed because their parent NetObject was removed and a call was
made to remove orphan items.
OID: 1.3.6.1.4.1.15397.2.1.121.43
Oper SET: Dynamic netobject items ADDED during set operations

This is the number of dynamic NetObject items that have been added as a result of a set operation.
OID: 1.3.6.1.4.1.15397.2.1.121.27
Oper SET: Dynamic netobject items REMOVED during set operations

This is the number of dynamic NetObject items that have been removed as a result of a set operation.
OID: 1.3.6.1.4.1.15397.2.1.121.28
Oper SET: Dynamic netobject items REPLACED during set operations
OID: 1.3.6.1.4.1.15397.2.1.121.64
Oper SET: Dynamic netobject items UNCHANGED during set operations

This is the number of dynamic NetObject items that are in NetObjects affected by set operations but left unchanged.
OID: 1.3.6.1.4.1.15397.2.1.121.29
Oper SET_END: Dynamic netobject items REMOVED during set_end operations due to being touched
in previous set operations
OID: 1.3.6.1.4.1.15397.2.1.121.65
BGP: Path lookups
OID: 1.3.6.1.4.1.15397.2.1.64.12
Flow ContentLogic statechanges
OID: 1.3.6.1.4.1.15397.2.1.64.52
Flow ruleset recalcs from bgp
OID: 1.3.6.1.4.1.15397.2.1.64.34
Flow ruleset recalcs from state
OID: 1.3.6.1.4.1.15397.2.1.64.35
Flow ruleset recalcs from time
OID: 1.3.6.1.4.1.15397.2.1.64.33
Flow ruleset recalcs from version
OID: 1.3.6.1.4.1.15397.2.1.64.32
Flow ruleset statechanges
391
OID: 1.3.6.1.4.1.15397.2.1.64.27
Flow ruleset statechanges (Session context)
OID: 1.3.6.1.4.1.15397.2.1.64.68
Flow ruleset statechanges (aspath)
OID: 1.3.6.1.4.1.15397.2.1.64.31
Flow ruleset statechanges (flags)
OID: 1.3.6.1.4.1.15397.2.1.64.30
Flow ruleset statechanges (hop limit)

Number of hop limit updates across all connections.
OID: 1.3.6.1.4.1.15397.2.1.64.69
Flow ruleset statechanges (linklevel)
OID: 1.3.6.1.4.1.15397.2.1.64.39
Flow ruleset statechanges (prop)
OID: 1.3.6.1.4.1.15397.2.1.64.28
Flow ruleset statechanges (service)
OID: 1.3.6.1.4.1.15397.2.1.64.29
NatCfg: Dynamic natcfg parsing failures
OID: 1.3.6.1.4.1.15397.2.1.64.48
NatCfg: Lookup of non-existing dynamic natcfg
OID: 1.3.6.1.4.1.15397.2.1.64.49
NatCfg: Number of static natcfg entries from ruleset
OID: 1.3.6.1.4.1.15397.2.1.64.45
Ruleset: 1 FW rules loaded
OID: 1.3.6.1.4.1.15397.2.1.64.5
Ruleset: 2 Shaping rules loaded
OID: 1.3.6.1.4.1.15397.2.1.64.6
Ruleset: 3 Statistics rules loaded
OID: 1.3.6.1.4.1.15397.2.1.64.24
Rows on freelist
OID: 1.3.6.1.4.1.15397.2.1.150.12
Delayed Polls
OID: 1.3.6.1.4.1.15397.2.1.88.75
392
Dequeue calls
OID: 1.3.6.1.4.1.15397.2.1.88.41
Directly sent bytes (prio 0)
OID: 1.3.6.1.4.1.15397.2.1.88.69
Enqueue Failures
OID: 1.3.6.1.4.1.15397.2.1.88.77
Enqueue attemps on CPU0
OID: 1.3.6.1.4.1.15397.2.1.88.82
Object checks
OID: 1.3.6.1.4.1.15397.2.1.88.17
Objects processed in splitobjects timer func
OID: 1.3.6.1.4.1.15397.2.1.88.81
Queuing drops (other prio)
OID: 1.3.6.1.4.1.15397.2.1.88.63
Queuing drops (prio 1)
OID: 1.3.6.1.4.1.15397.2.1.88.54
OID: 1.3.6.1.4.1.15397.2.1.88.55
OID: 1.3.6.1.4.1.15397.2.1.88.56
OID: 1.3.6.1.4.1.15397.2.1.88.57
OID: 1.3.6.1.4.1.15397.2.1.88.58
OID: 1.3.6.1.4.1.15397.2.1.88.59
OID: 1.3.6.1.4.1.15397.2.1.88.60
OID: 1.3.6.1.4.1.15397.2.1.88.61
OID: 1.3.6.1.4.1.15397.2.1.88.62
393
Rule sets
OID: 1.3.6.1.4.1.15397.2.1.88.10
Skipped qsync updates (no xfer)
OID: 1.3.6.1.4.1.15397.2.1.88.71
Unresponsive Connections Detected
OID: 1.3.6.1.4.1.15397.2.1.88.76
Number of subscribers in table
OID: 1.3.6.1.4.1.15397.2.1.124.6
Connection Bytes Accounted In

This is the number of incoming bytes transferred to PLSD. The conditions in statistics rules determine which connections
are accounted for (bytes are sent to PLSD). Data for all connections that match one or more statistics rule is sent to PLSD.
The bytes of a connection that matches more than one statistics rule will be accounted for only once.
OID: 1.3.6.1.4.1.15397.2.1.136.39
Connection Bytes Accounted Out

This is the number of outgoing bytes transferred to PLSD. The conditions in statistics rules determine which connections
are accounted for (bytes are sent to PLSD). Data for all connections that match one or more statistics rule is sent to PLSD.
The bytes of a connection that matches more than one statistics rule will be accounted for only once.
OID: 1.3.6.1.4.1.15397.2.1.136.40
Connection Bytes Unaccounted In, Dataset unavailable
OID: 1.3.6.1.4.1.15397.2.1.136.95
Connection Bytes Unaccounted In, No Matching Rules
OID: 1.3.6.1.4.1.15397.2.1.136.68
Connection Bytes Unaccounted Out, Dataset unavailable
OID: 1.3.6.1.4.1.15397.2.1.136.96
Connection Bytes Unaccounted Out, No Matching Rules
OID: 1.3.6.1.4.1.15397.2.1.136.69
Connection Properties count

This is the number of properties for all connections. For example, if 1000 connections match a statistics distribution using
3 properties, the count will be 3000.
OID: 1.3.6.1.4.1.15397.2.1.136.37
Connection update batch process time
OID: 1.3.6.1.4.1.15397.2.1.136.70
Connection updates (1 per connection)
OID: 1.3.6.1.4.1.15397.2.1.136.60
394
OID: 1.3.6.1.4.1.15397.2.1.136.61
OID: 1.3.6.1.4.1.15397.2.1.136.62
OID: 1.3.6.1.4.1.15397.2.1.136.63
Connection updates (5 or more per connection)
OID: 1.3.6.1.4.1.15397.2.1.136.64
Connection updates with unsupported hostnames
OID: 1.3.6.1.4.1.15397.2.1.136.97
Corrupted value paths
OID: 1.3.6.1.4.1.15397.2.1.136.43
Dataset, Subscribers
OID: 1.3.6.1.4.1.15397.2.1.136.44
Dataset, Subscribers aggregate
OID: 1.3.6.1.4.1.15397.2.1.136.46
Dataset, Subscribers sent
OID: 1.3.6.1.4.1.15397.2.1.136.45
Dataset, Value graph datapoints

This is the number of graph datapoints that are collected in all of the values in the dataset.
OID: 1.3.6.1.4.1.15397.2.1.136.88
Dataset, Value graphs

This is the number of values in the dataset that are collecting graph data.
OID: 1.3.6.1.4.1.15397.2.1.136.87
Dynamic IP lookups
OID: 1.3.6.1.4.1.15397.2.1.136.58
Dynamic Netobject Adds
OID: 1.3.6.1.4.1.15397.2.1.136.56
Dynamic Netobject Removes
OID: 1.3.6.1.4.1.15397.2.1.136.57
Hosts
This is the number of hosts in the hosts table of the statistics daemon.
OID: 1.3.6.1.4.1.15397.2.1.136.16
Memory usage (RAM)
395
OID: 1.3.6.1.4.1.15397.2.1.136.35
Memory usage (Virtual)
OID: 1.3.6.1.4.1.15397.2.1.136.34
Messages
OID: 1.3.6.1.4.1.15397.2.1.136.49
Messages, Connections
OID: 1.3.6.1.4.1.15397.2.1.136.50
Messages, Hosts
OID: 1.3.6.1.4.1.15397.2.1.136.52
Messages, Netobjects
OID: 1.3.6.1.4.1.15397.2.1.136.51
Session Context Row Add Messages
OID: 1.3.6.1.4.1.15397.2.1.136.89
Session Context Row Remove Messages
OID: 1.3.6.1.4.1.15397.2.1.136.90
Session Context: Row removes received before Row Added
OID: 1.3.6.1.4.1.15397.2.1.136.102
String Cache, Hashed strings
OID: 1.3.6.1.4.1.15397.2.1.136.103
String Cache, Size
OID: 1.3.6.1.4.1.15397.2.1.136.53
String Cache, Usage
OID: 1.3.6.1.4.1.15397.2.1.136.54
Threshold filtered, Bytes In
OID: 1.3.6.1.4.1.15397.2.1.136.66
Threshold filtered, Bytes Out
OID: 1.3.6.1.4.1.15397.2.1.136.67
Dataset Values read
OID: 1.3.6.1.4.1.15397.2.1.137.31
Dataset values, New Global collisions

This is the number of new entries in the global collisions file created when the last dataset was written to the statistics
file system.
396
OID: 1.3.6.1.4.1.15397.2.1.137.10
Dataset, New Subscribers
OID: 1.3.6.1.4.1.15397.2.1.137.47
Dataset, Size (decompressed)
OID: 1.3.6.1.4.1.15397.2.1.137.35
Dataset, Subscriber count
OID: 1.3.6.1.4.1.15397.2.1.137.30
Dataset, Time for Daily Index file I/O

This is the time spent on file I/O on the daily index for the last data et written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.16
Dataset, Time for Globals file I/O

This is the time spent on file I/O on the global index for the last dataset written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.15
Dataset, Time for Graph file I/O

This is the time spent on file I/O on graph files for the last dataset written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.18
Dataset, Time for Totals file I/O

This is the time spent on file I/O on totals files for the last dataset written to the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.17
Dataset, Time for counting subitems and subscribers
OID: 1.3.6.1.4.1.15397.2.1.137.49
Dataset, Time for loading
OID: 1.3.6.1.4.1.15397.2.1.137.48
Statisticsfs current globals, Open date
OID: 1.3.6.1.4.1.15397.2.1.137.36
Statisticsfs, Daily Totals file blocks

This is the number of blocks used for totals data in the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.22
Statisticsfs, Graphs files
OID: 1.3.6.1.4.1.15397.2.1.137.44
Statisticsfs, Graphs files updated
OID: 1.3.6.1.4.1.15397.2.1.137.46
Statisticsfs, Totals files
OID: 1.3.6.1.4.1.15397.2.1.137.43
397
Statisticsfs, Totals files updated
OID: 1.3.6.1.4.1.15397.2.1.137.45
Statisticsfs, Values (Global Collisions)

This is the number of entries in the global collisions file in the statistics file system.
OID: 1.3.6.1.4.1.15397.2.1.137.20
Statwriter, Peak memory usage
OID: 1.3.6.1.4.1.15397.2.1.137.29
Context switches
OID: 1.3.6.1.4.1.15397.2.1.133.14
Interface packets received
OID: 1.3.6.1.4.1.15397.2.1.133.11
Interface packets sent
OID: 1.3.6.1.4.1.15397.2.1.133.12
Interrupts
OID: 1.3.6.1.4.1.15397.2.1.133.13
UDP Drops
OID: 1.3.6.1.4.1.15397.2.1.133.17
UDP Rx Queue
OID: 1.3.6.1.4.1.15397.2.1.133.16
UDP Tx Queue
OID: 1.3.6.1.4.1.15397.2.1.133.15
Congestion Window Reduced Packets
OID: 1.3.6.1.4.1.15397.2.1.48.41
Connections with segments
OID: 1.3.6.1.4.1.15397.2.1.48.27
Dequeued segments
OID: 1.3.6.1.4.1.15397.2.1.48.35
Discarded segments
OID: 1.3.6.1.4.1.15397.2.1.48.36
Enqueued segments
OID: 1.3.6.1.4.1.15397.2.1.48.34
Explicit Congestion Notification Echo Packets
398
OID: 1.3.6.1.4.1.15397.2.1.48.42
Ignored segments
OID: 1.3.6.1.4.1.15397.2.1.48.18
Out of window packets (ignored)
OID: 1.3.6.1.4.1.15397.2.1.48.28
Out-of-sync bytes
OID: 1.3.6.1.4.1.15397.2.1.48.39
Out-of-sync connections
OID: 1.3.6.1.4.1.15397.2.1.48.12
Out-of-sync packets
OID: 1.3.6.1.4.1.15397.2.1.48.38
Packets without payload
OID: 1.3.6.1.4.1.15397.2.1.48.37
Retransmitted packets
OID: 1.3.6.1.4.1.15397.2.1.48.40
Saved segments
OID: 1.3.6.1.4.1.15397.2.1.48.16
Saved segments with payload
OID: 1.3.6.1.4.1.15397.2.1.48.17
Segments that failed to dequeue due invalid TFO state
OID: 1.3.6.1.4.1.15397.2.1.48.50
Segments that failed to dequeue due to DRDL skip state becoming out of sync
OID: 1.3.6.1.4.1.15397.2.1.48.49
Segments that failed to dequeue due to invalid TCP sequences
OID: 1.3.6.1.4.1.15397.2.1.48.48
Simultaneous Open
OID: 1.3.6.1.4.1.15397.2.1.48.43
Congestion Window Reduced Packets
OID: 1.3.6.1.4.1.15397.2.1.127.41
Connections with segments
OID: 1.3.6.1.4.1.15397.2.1.127.27
Dequeued segments
399
OID: 1.3.6.1.4.1.15397.2.1.127.35
Discarded segments
OID: 1.3.6.1.4.1.15397.2.1.127.36
Enqueued segments
OID: 1.3.6.1.4.1.15397.2.1.127.34
Explicit Congestion Notification Echo Packets
OID: 1.3.6.1.4.1.15397.2.1.127.42
Ignored segments
OID: 1.3.6.1.4.1.15397.2.1.127.18
Out of window packets (ignored)
OID: 1.3.6.1.4.1.15397.2.1.127.28
Out-of-sync bytes
OID: 1.3.6.1.4.1.15397.2.1.127.39
Out-of-sync connections
OID: 1.3.6.1.4.1.15397.2.1.127.12
Out-of-sync packets
OID: 1.3.6.1.4.1.15397.2.1.127.38
Packets with corrupt conn
OID: 1.3.6.1.4.1.15397.2.1.127.26
Packets without payload
OID: 1.3.6.1.4.1.15397.2.1.127.37
Retransmitted packets
OID: 1.3.6.1.4.1.15397.2.1.127.40
Saved segments
OID: 1.3.6.1.4.1.15397.2.1.127.16
Saved segments with payload
OID: 1.3.6.1.4.1.15397.2.1.127.17
Segments that failed to dequeue due invalid TFO state
OID: 1.3.6.1.4.1.15397.2.1.127.50
Segments that failed to dequeue due to DRDL skip state becoming out of sync
OID: 1.3.6.1.4.1.15397.2.1.127.49
Segments that failed to dequeue due to invalid TCP sequences
400
OID: 1.3.6.1.4.1.15397.2.1.127.48
Simultaneous Open
OID: 1.3.6.1.4.1.15397.2.1.127.43
Authentication headers
OID: 1.3.6.1.4.1.15397.2.1.128.5
Origin indication headers
OID: 1.3.6.1.4.1.15397.2.1.128.4
Teredo packets inside fragments
OID: 1.3.6.1.4.1.15397.2.1.128.6
CAPWAP Tunnel Contexts
OID: 1.3.6.1.4.1.15397.2.1.130.14
EtherIP Tunnel Contexts
OID: 1.3.6.1.4.1.15397.2.1.130.15
GRE Tunnel Contexts
OID: 1.3.6.1.4.1.15397.2.1.130.5
GTP Tunnel Contexts
OID: 1.3.6.1.4.1.15397.2.1.130.2
Generic Tunnel Contexts
OID: 1.3.6.1.4.1.15397.2.1.130.8
L2TP Tunnel Contexts
OID: 1.3.6.1.4.1.15397.2.1.130.10
L2TP paired Tunnel Contexts
OID: 1.3.6.1.4.1.15397.2.1.130.13
Packets For Known Tunnels
OID: 1.3.6.1.4.1.15397.2.1.130.9
Packets For Unknown Tunnels
OID: 1.3.6.1.4.1.15397.2.1.130.6
Teredo Tunnel Contexts
OID: 1.3.6.1.4.1.15397.2.1.130.4
Tunnels With Duplicate Keys
OID: 1.3.6.1.4.1.15397.2.1.130.7
401
C.56. Default alerts

C.56.1. Introduction
This section describes the default alert levels and resulting SNMP traps from the PacketLogic system.
Note
SNMP traps are created and sent only if a trap receiver is configured in the CLI. The default alert levels are
those automatically defined by the system. This section does not cover alert levels that are changed or added
compared to the default.
Trap OID: pl2TrapSystemStatsAlert64 (1.3.6.1.4.1.15397.2.8.0.4)

Variable binding pl2TrapOid: Packet Processing/Packets left in pool (1.3.6.1.4.1.15397.2.1.8.10)
Threshold: Value < 11000
Description: This is PL's internal packet pool. If it goes below 10000, then TCP reordering will not work and DRDL will not be
as accurate. If it goes below 5000 then IP defragmentation will not work and fragmented packets will be dropped.
Severity: Major
Action: Raise PACKET_POOL_SIZE or review traffic load.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Trap OID: pl2TrapSystemStatsAlert (1.3.6.1.4.1.15397.2.8.0.3)
Variable binding pl2TrapOid: Packet Processing/Overload mode (1.3.6.1.4.1.15397.2.1.8.27)
Threshold: Value > 0
Description: The overload protection has been enabled. A value of 1 means that DRDL has been disabled, and a value of
2 means that the system is also in blind forward mode.
Severity: Major
Action: Review system load
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Drdl/Number of buffer allocation failures (1.3.6.1.4.1.15397.2.1.24.23)
Description: This is DRDL's internal temporary buffer space. If it runs out of buffers then properties extracted by DRDL will
not be accurate.
Severity: Major
Action: Review system load
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Drdl/Number of slice state structure allocation failures (1.3.6.1.4.1.15397.2.1.24.28)
Description: The pool for structures to keep state while analyzing a connection has been depleted. Connections will not be
properly identified.
Severity: Major
Action: Review the System Configuration value DRDL_SLICE_STATE_STRUCTURES.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Drdl/Analyzer properties that could not be set (1.3.6.1.4.1.15397.2.1.24.30)
Description: The pool(s) for service property strings has been depleted. Properties may not be correctly set when this occurs,
affecting rules matching PropertyObject conditions.
Severity: Major
Action: Review the System Configuration values SERVICE_PROP_POOLSIZE_32, SERVICE_PROP_POOLSIZE_128,
SERVICE_PROP_POOLSIZE_256, and SERVICE_PROP_POOLSIZE_2048.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Drdl/Connection tainting data structure usage (1.3.6.1.4.1.15397.2.1.24.54)
402

Description: The data structure keeping conection taint information has reached a usage level where there is an increased
risk of false positives.
Severity: Major
Action: Review the System Configuration value DRDL_TAINT_STORE_SIZE.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ethernet/Not stored link-level header (oversized) (1.3.6.1.4.1.15397.2.1.28.32)
Description: Link-level headers has not been stored because of their length.
Severity: Major
Action: Review system configuration value (LLHDR_CACHE_HEADER_SIZE) to ensure they are aligned with the traffic the
system analyzes.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ethernet/Not stored link-level header (out of entries) (1.3.6.1.4.1.15397.2.1.28.33)
Description: Link-level headers has not been stored because of lack of resources.
Severity: Major
Action: Review system configuration value (LLHDR_CACHE_ENTRIES) to ensure they are aligned with the intended load on
the system.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Connection/Attempts refused (resources) (1.3.6.1.4.1.15397.2.1.56.6)
Description: Connection attempts have been refused due to lack of available resources.
Severity: Major
Action: Review system configuration values (for example MAX_CONNECTIONS) to ensure they are aligned with the intended
load on the system.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Connection/Attempts refused (rewrite failure) (1.3.6.1.4.1.15397.2.1.56.43)
Description: Connection attempts have been refused due to rewrite failure.
Severity: Major
Action: Check values in the Rewrite zone.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/Ruleset problem: Too many matching statistics rules
(1.3.6.1.4.1.15397.2.1.64.26)
Threshold: Rate > 0
Description: There are connections matching too many statistics rules. Packets for these connections will not be correctly
accounted by all matching statistics rules when this occurs.
Severity: Major
Action: Reduce the number of statistics rules matching the same traffic, or raise the System Configuration value
STATISTICS_MAX_RULES_PER_CONNECTION.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/Netobject prefixes: Number of errors (1.3.6.1.4.1.15397.2.1.64.64)
Description: Engine has received a prefix which it can not handle. See engine log for more details
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/Subscriber: Storage in engine is full (1.3.6.1.4.1.15397.2.1.64.40)
403
Description: The maximum number of subscriber names in rules using 'Split by subscriber' shaping objects has been
exceeded.
Severity: Major
Action: Review the System Configuration value DYNAMIC_NETOBJECT_SUBSCRIBER_MAX.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/Subscriber: Parsing/handling errors in engine
(1.3.6.1.4.1.15397.2.1.64.58)
Description: Error while handling/parsing subscriber names in rules using 'Split by subscriber'. Are both userspace and engine
restarted after config change?
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/Subscriber: Split on unknown subscriber (1.3.6.1.4.1.15397.2.1.64.43)
Threshold: Rate > 0
Description: Split-by subscriber object added to connection with no subscriber added in the configured NetObject.
Severity: Minor
Action: Verify that ruleset is correct and provisioning of subscribers is working.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/Subscriber: Split on unknown sessioncontext
(1.3.6.1.4.1.15397.2.1.64.44)
Threshold: Rate > 0
Description: Split-by session context object added to connection with no matching session context. Verify that ruleset is
correct and provisioning of session contexts is working.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/Enrich: Storage in engine is full (1.3.6.1.4.1.15397.2.1.64.55)
Description: The maximum number of enrich entries has been exceeded. Review the System Configuration value
DYNAMIC_NETOBJECT_ENRICH_MAX.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/Enrich: Parsing/handling errors in engine (1.3.6.1.4.1.15397.2.1.64.56)
Description: Error while handling/parsing enrich data. Are both userspace and engine restarted after config change?
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Engine/NatCfg: Dynamic natcfg allocation failures (1.3.6.1.4.1.15397.2.1.64.47)
Description: The maximum number of dynamic NAT configs in rules using NAT has been exceeded.
Severity: Major
Action: Review the System Configuration value MAX_DYNAMIC_NATCFG_ENGINE.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Shaping/Out of packets drops (1.3.6.1.4.1.15397.2.1.88.15)
Description: Packet pool is exhausted. Shaping will not work.
Severity: Major
404
Action: Increase PACKET_POOL_SIZE or review traffic load.

Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Shaping/Too many dynamic objects (1.3.6.1.4.1.15397.2.1.88.25)
Description: The number of ShapingObjects has exceeded the maximum, probably due to a rule using split by Local Host
creating too many objects.
Severity: Major
Action: Review ruleset
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Shaping/Too many shaping objects matching a connection (1.3.6.1.4.1.15397.2.1.88.31)
Description: If more than SHAPING_OBJECTS_PER_CONN objects match a certain connection then those connections will
be dropped.
Severity: Major
Action: Review system configuration SHAPING_OBJECTS_PER_CONN and ruleset
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Shaping/Too many matching rules (1.3.6.1.4.1.15397.2.1.88.32)
Description: If more than SHAPING_MAX_RULES_PER_CONNECTION rules match a certain connection then those
connections will be dropped.
Severity: Major
Action: Review system configuration SHAPING_MAX_RULES_PER_CONNECTION and ruleset
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Interface/Hostname allocation failures (1.3.6.1.4.1.15397.2.1.120.13)
Description: The maximum number of connection hostnames has been exceeded.
Severity: Major
Action: Raise MAX_CONNECTION_HOSTNAMES to increase the maximum.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Dynamic Netobject/Dynamic prefixes: Storage for dynamic prefixes is full
(1.3.6.1.4.1.15397.2.1.121.1)
Description: The maximum number of dynamic prefixes has been exceeded. Raise DYNAMIC_NETOBJECT_PREFIXES_MAX
to increase the maximum.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Dynamic Netobject/Subscriber: Storage for unique subscriber names is full
(1.3.6.1.4.1.15397.2.1.121.19)
Description: The maximum number of unique subscriber names in the dynamic ruleset has been exceeded.
Severity: Major
Action: Raise DYNAMIC_NETOBJECT_SUBSCRIBER_MAX to increase the maximum.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Compiler/Ruleset compile: Compilation errors in last ruleset
(1.3.6.1.4.1.15397.2.1.147.4)
Description: There are errors in the ruleset compilation. Please review the message log.
Severity:
Action:
405
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5

Variable binding pl2TrapOid: Ruleset - Compiler/Ruleset compile: Compilation warnings in last ruleset
(1.3.6.1.4.1.15397.2.1.147.5)
Description: There are warnings in the ruleset compilation. Please review the message log.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Compiler/Ruleset prefixes error: Storage for compiled IPv4 prefixes is full
(1.3.6.1.4.1.15397.2.1.147.63)
Description: The maximum number of compiled IPv4 prefixes has been exceeded. Raise NETOBJECT_PREFIXES_MAX_IPV4
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Compiler/Ruleset prefixes error: Storage for compiled IPv6 prefixes is full
(1.3.6.1.4.1.15397.2.1.147.65)
Description: The maximum number of compiled IPv6 prefixes has been exceeded. Raise NETOBJECT_PREFIXES_MAX_IPV6
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Compiler/Ruleset prefixes error: Storage for compiled bitmask used by compiled
prefixes is full (1.3.6.1.4.1.15397.2.1.147.68)
Description: The maximum number of bitmask available for compiled prefixes has been exceeded. Raise
NETOBJECT_PREFIXES_MAX_BITMASKS to increase the maximum.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Ruleset - Compiler/Ruleset prefixes error: Number of bitmask that was too large for max
bitmask size (1.3.6.1.4.1.15397.2.1.147.69)
Description: The maximum size for a bitmask has been exceeded. Raise NETOBJECT_PREFIXES_MAX_BITMASKSIZE to
increase the maximum.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Queue Sync/(ext sendbuffer) Entries dropped due to full sendbuffer
(1.3.6.1.4.1.15397.2.1.123.17)
Description: Queue sync has failed to send updates due to insufficient space in send buffer.
Severity: Minor
Action: Review the System Configuration value EXT_QUEUESYNC_SEND_BUFFER_MEGS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Queue Sync/(ext) Short erronous packets received (1.3.6.1.4.1.15397.2.1.123.22)
Description: Queue has received short packets from peer.
406
Severity: Major
Action: Investigate network between PREs.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Queue Sync/(ext update) Update packets lost (1.3.6.1.4.1.15397.2.1.123.26)
Description: QSync is missing update packets from peer. Packet loss on the network between PREs!
Severity: Major
Action: Investigate network between PREs.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Queue Sync/(ext status) Version mismatch in status packets received
(1.3.6.1.4.1.15397.2.1.123.29)
Description: QSync has received a mismatch in version or unknown version in status packets from peer.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Queue Sync/(ext status) Invalid packets received (1.3.6.1.4.1.15397.2.1.123.30)
Description: QSync has received invalid status packets from peer.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Queue Sync/(ext status) Status packets lost (1.3.6.1.4.1.15397.2.1.123.31)
Description: QSync is missing status packets from peer.
Severity: Major
Action: Investigate packet loss on the network between PREs
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Queue Sync/(ext status) Status packets late/out of order (1.3.6.1.4.1.15397.2.1.123.32)
Description: QSync has received old/late/out of order status packets. Another newer status packet has already been
processed. Network is reordering/queueing UDP packets.
Severity: Major
Action: Investigate duplicate IP on network.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Queue Sync/(ext timeout) Number of timeouts of peer (1.3.6.1.4.1.15397.2.1.123.33)
Description: QSync has not received any packets from peer for timeout period. Peer is considered to be timed out.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Shaping Counter/Dropped shaping counter updates (1.3.6.1.4.1.15397.2.1.124.7)
Description: Shaping counters has failed to send updates to at least one client due to insufficient space in buffer.
Severity: Major
Action: Ensure that clients are not slow or blocked. Review the System Configuration value SHAPING_COUNTERS_MAX.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Tunnel/Context allocation failures (1.3.6.1.4.1.15397.2.1.130.12)
407
Description: The engine failed to decapsulate tunneled traffic due to resource problems.
Severity: Major
Action: Review the System Configuration value TUNNEL_CTXS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: L2TP/L2TP map: Storage in engine is FULL (1.3.6.1.4.1.15397.2.1.132.21)
Description: The maximum number of (outgoing, incoming)-pairs reached. Review the System Configuration value
TUNNEL_L2TPMAP_MAX
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Liveview/Hosts not created due to exhausted cache (1.3.6.1.4.1.15397.2.1.134.14)
Description: This is PacketLogicd's pool for local hosts. If it is exhausted accounting data for hosts and their netobjects will
not be created. This will also affect statistics. The pool is created using the config item HOST_NUM_HOSTS.
Severity: Major
Action: Review system configuration value HOST_NUM_HOSTS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Liveview/Max complexity among active views (1.3.6.1.4.1.15397.2.1.134.48)
Description: An active view was disabled due to being too complex.
Severity: Minor
Action: Review the view configuration.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Liveview/Messages with excess ShapingObject (1.3.6.1.4.1.15397.2.1.134.51)
Description: Too many ShapingObjects received by packetlogicd. ShapingObjects will not be displayed by LiveView
Severity: Minor
Action: Restart packetlogicd
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Statistics/Values not created, Cache exhausted (1.3.6.1.4.1.15397.2.1.136.6)
Description: Statistics value cache exhausted.
Severity: Major
Action: Review the System Configuration value PLS_MAX_VALUES.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Statistics/Values not created, Priority Threshold (1.3.6.1.4.1.15397.2.1.136.7)
Description: Statistics value cache close to exhaustion. Creation of normal priority values is halted.
Severity: Major
Action: Review the System Configuration value PLS_MAX_VALUES.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Statistics/Session Context Row Drops (1.3.6.1.4.1.15397.2.1.136.83)
Description: Session Context Rows are dropped. This could result in loss of Statistics based off Session Context
Severity: Major
Action: Review the System Configuration value PLS_SESSION_CONTEXT_MAX_ROWS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Statistics/Session Context Rows, Max Columns Exceeded (1.3.6.1.4.1.15397.2.1.136.100)
408

Description: Session Context Column data dropped for rows. This could result in loss of Statistics based off certain Session
Context Columns
Severity: Major
Action: Review the System Configuration value PLS_SESSION_CONTEXT_MAX_COLUMNS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Statistics Writer/Dataset Values Dropped (cache exhausted) (1.3.6.1.4.1.15397.2.1.137.5)
Description: Statwriter value cache exhausted.
Severity: Major
Action: Review the System Configuration value PLDB_STATISTICSFS_MAX_VALUES_DATASET.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Statistics Writer/Dataset Values Dropped (Global Index exhausted)
(1.3.6.1.4.1.15397.2.1.137.7)
Description: Statisticsfs global index table exhausted.
Severity: Major
Action: Review the System Configuration value PLDB_STATISTICSFS_MAX_VALUES.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Statistics Writer/Dataset Backlog Error count (1.3.6.1.4.1.15397.2.1.137.42)
Description: Errors were encountered while processing some datasets.
Severity: Major
Action: Contact Support to investigate.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: ContentLogic/Current table load ratio (1.3.6.1.4.1.15397.2.1.140.2)
Description: The current table load ratio. No more URLs can be loaded if it exceeds 70%. Review the System Configuration
value CONTENTLOGIC_TABLE_SIZE.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Mapping creation failure (resources) (1.3.6.1.4.1.15397.2.1.141.14)
Description: Too few mappings configured. This will cause rewrite failures.
Severity: Major
Action: Revise the number of configured mappings which is set by MAX(NAT_EIF_ENTRIES, (MAX_CONNECTIONS *
REDIRECT_HDR_PERCENT)).
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Mapping creation failure (no available ports in port blocks)
(1.3.6.1.4.1.15397.2.1.141.15)
Description: No available ports in port block. This will cause rewrite failures.
Severity: Major
Action: Revise the port block sizes by increasing the port block granularity, or by increasing the port block limit per subscriber.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Mapping creation failure - No rewrite address (1.3.6.1.4.1.15397.2.1.141.25)
Description: No rewrite address. This can happen if FPs were restarted and have not received the ruleset afterwards, or the
restarted FP has not received its logical id when creating the rewrite addresses.
409
Severity: Major
Action: Try reloading the ruleset.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Mapping creation failure - No available natcfg (PPTP) (1.3.6.1.4.1.15397.2.1.141.28)
Description: PPTP mappings can not be created using port blocks owned by other systems.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Mapping creation failure - No available natcfg (FTP) (1.3.6.1.4.1.15397.2.1.141.29)
Description: FTP mappings can not be created using port blocks owned by other systems.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Mapping creation failure - No available natcfg (RTSP)
(1.3.6.1.4.1.15397.2.1.141.30)
Description: RTSP mappings can not be created using port blocks owned by other systems.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation creation failure (no object, total) (1.3.6.1.4.1.15397.2.1.141.40)
Description: No rewrite object found. This will cause rewrite failures.
Severity: Major
Action: Revise the configuration of rewrite objects.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation creation failure (resources, total) (1.3.6.1.4.1.15397.2.1.141.41)
Description: Too few rewrite headers configured. This will cause rewrite failures.
Severity: Major
Action: Revise the number of configured rewrite headers which is set by the configuration values of MAX_CONNECTIONS *
REDIRECT_HDR_PERCENT.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation creation failure (incompatible L4 protocol, total)
(1.3.6.1.4.1.15397.2.1.141.42)
Description: Unsupported protocol for rewrite. This will cause rewrite failures. The supported protocols are TCP, UDP, ICMP
and GRE
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation creation failure (collision, total) (1.3.6.1.4.1.15397.2.1.141.43)
Description: Connection does already exist. This will cause rewrite failures.
Severity: Major
Action: Revise the network topology to make sure that NAT:ed packets are not sent through PRE a second time.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
410
Variable binding pl2TrapOid: Rewrite/Translation creation failure (No rewrite address, total) (1.3.6.1.4.1.15397.2.1.141.50)
Description: No rewrite address could not be found. The rewrite address may have been removed or reconfigured to belong
to another pool
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation creation failure (No mapping found, inbound)
(1.3.6.1.4.1.15397.2.1.141.73)
Description: Could not rewrite inbound packet since no mapping was found.
Severity: Major
Action: To allow forwarding of packets without mappings, enable configuration value NAT_EIF_FORWARD_UNKNOWN.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation creation failure (not allowed, inbound) (1.3.6.1.4.1.15397.2.1.141.74)
Description: Not allowed to use the mapping.
Severity: Major
Action: Revise the configuration value of NAT_EIF_ENABLED or the same pool configuration. An other reason could be that
the mapping is only allowed for single use such as ALG mappings
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Port block creation failures (resources) (1.3.6.1.4.1.15397.2.1.141.122)
Description: Failed to create port block. Too few configured port blocks.
Severity: Major
Action: Revise the number of port blocks by increasing the configuration value of NAT_PBA_NUM_PORTBLOCKS or revise
the port block granularity to produce less port blocks.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Port block creation failures (start > end) (1.3.6.1.4.1.15397.2.1.141.123)
Description: Failed to create port block due to faulty configuration of port block where the start port is higher than the end
port of the block. This should be reported as an error
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Port block creation failures (low and high) (1.3.6.1.4.1.15397.2.1.141.124)
Description: Failed to create port block due to faulty configuration of port block where the port block spans over both low
ports (0 < x < 1024) and high ports (1024 <= x <= 65535). This should be reported as an error
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Port block creation abortion (cache full) (1.3.6.1.4.1.15397.2.1.141.125)
Description: Failed to create port block. Port block pool cache full.
Severity: Major
Action: Revise the configuration value of NAT_PBA_NUM_PORTBLOCKS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Port block assignment failures (subscriber limit reached)
(1.3.6.1.4.1.15397.2.1.141.127)
411

Description: Failed to allocate port block to subscriber. The subscriber limit is reached.
Severity: Major
Action: Revise the configuration values of NAT_PBA_MAX_BLOCKS_LOW and NAT_PBA_MAX_BLOCKS_HIGH or per pool
configuration.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Port block assignment failures (cache empty) (1.3.6.1.4.1.15397.2.1.141.128)
Description: Failed to allocate port block to subscriber. Out of port blocks.
Severity: Major
Action: Revise the configuration values of NAT_PBA_MAX_BLOCKS_LOW and NAT_PBA_MAX_BLOCKS_HIGH or per pool
configuration.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Fragmented header ignored (GRE) (1.3.6.1.4.1.15397.2.1.141.181)
Description: Fragmented GRE packets are not supported for rewrite
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Fragmented header ignored (PPTP) (1.3.6.1.4.1.15397.2.1.141.182)
Description: Fragmented PPTP packets are not supported for rewrite
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation failed - max calls reached (PPTP) (1.3.6.1.4.1.15397.2.1.141.183)
Description: Maximum number of calls per PPTP session reached.
Severity: Major
Action: Revise the configuration value of NAT_ALG_PPTP_MAX_CALLS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation failed - max data connections reached (FTP)
(1.3.6.1.4.1.15397.2.1.141.184)
Description: Maximum number of open data connections per FTP session reached.
Severity: Major
Action: Revise the configuration value of NAT_ALG_FTP_MAX_DATA_CONNECTIONS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Translation failed - max stream channels reached (RTP)
(1.3.6.1.4.1.15397.2.1.141.185)
Description: Maximum number of open stream channels per RTSP session reached.
Severity: Major
Action: Revise the configuration value of NAT_ALG_RTSP_MAX_STREAM_CHANNELS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Rewrite/Src IP-address creation failures (1.3.6.1.4.1.15397.2.1.141.201)
Description: No src IP-addresses created. NAT_NUM_SRC_ADDRS is set to zero.
Severity: Major
Action: Revise the configuration value NAT_NUM_SRC_ADDRS.
412
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5

Variable binding pl2TrapOid: Rewrite/Too few src IP-addresses in loading pool. (1.3.6.1.4.1.15397.2.1.141.203)
Description: Too few src IP-addresses in a loading pool. This will cause rewrite failures (no rewrite address). Each pool needs
at least the amount set by NAT_DETERMINISTIC_MIN_POOL_SIZE.
Severity: Major
Action: Review system configuration value NAT_DETERMINISTIC_MIN_POOL_SIZE.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: NAT/Total usage of NAT pools (1.3.6.1.4.1.15397.2.1.142.10)
Description: The total number of NAT pools has exceeded the maximum number of NAT pools configurated.
Severity: Major
Action: Review the your number of NAT pools or System Configuration value NAT_PBA_MAX_POOLS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: NAT/Total usage of NAT IP addresses (1.3.6.1.4.1.15397.2.1.142.11)
Description: The total number of NAT IP addresses in CGN NetObjects has exceeded the maximum number of NAT IP
addresses.
Severity: Major
Action: Review the System Configuration value NAT_NUM_SRC_ADDRS or review your NAT IP pool sizes.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: NAT/Faulty pool configuration of low port blocks (1.3.6.1.4.1.15397.2.1.142.9)
Description: Ensure that NAT_PBA_GRANULARITY_LOW is non-zero if NAT_PBA_MAX_BLOCKS_LOW is greater than zero.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Insights/Traffic: Batches dropped (1.3.6.1.4.1.15397.2.1.145.59)
Description: Traffic batch dropped.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Insights/Score: Batches dropped (1.3.6.1.4.1.15397.2.1.145.61)
Description: Score batch dropped.
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Insights/Traffic: Current batch spilled to disk (1.3.6.1.4.1.15397.2.1.145.70)
Description: The current traffic batch has been spilled to disk.The system is unable to reach Insights storage or unable to
keep up with theload of transferring data. If this happens constantly the system will not beable to keep up with the load.
Severity: Major
Action: Review system load and connectivity.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Insights/Score: Current batch spilled to disk (1.3.6.1.4.1.15397.2.1.145.71)
413
Description: The current score batch has been spilled to disk.The system is unable to reach Insights storage or unable to
keep up with theload of transferring data. If this happens constantly the system will not beable to keep up with the load.
Severity: Major
Action: Review system load and connectivity.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Host Stats/Host stats host pool exhausted (1.3.6.1.4.1.15397.2.1.146.7)
Description: Host stats host pool exhausted.
Severity: Major
Action: Try increasing HOST_STATS_MAX_HOSTS.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Comm/CLIENT: Authentication failures (1.3.6.1.4.1.15397.2.1.148.6)
Description: User authentication failurs.
Severity: Major
Action: Verify that the correct user is added on the other system with the correct key, and that there is no ACL preventing
connections.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Comm/CLIENT: Host key verification failures (1.3.6.1.4.1.15397.2.1.148.7)
Description: Host key verification failed.
Severity: Major
Action: If the other system has been replaced or changed host key, clear the host key cache of this system in the CLI.
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Session Context - Engine/Too many sessions context entries matching single connection
(1.3.6.1.4.1.15397.2.1.150.4)
Description: Too many sessions context entries matching single connection
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
Variable binding pl2TrapOid: Line Sharing/Host pool is depleted (1.3.6.1.4.1.15397.2.1.153.14)
Description: Host pool is depleted. Check LS_HOST_POOL_SIZE
Severity:
Action:
Clear trap OID: 1.3.6.1.4.1.15397.2.8.0.5
414
Appendix D. Keyboard shortcuts
This section lists all keyboard shortcuts available in the PacketLogic client interface. Note that there are platform-specific variations
to keyboard shortcuts. For example, in Mac OS X the Apple key is used consistently instead of the Ctrl key. In cases where
there are specific platform-dependant variations on keyboard shortcuts, they are listed below.
D.1. General shortcuts

For all dialogs where a Cancel button exists, the Esc key is a shortcut for the Cancel button.
D.2. Main interface

In the main interface, the following keyboard shortcuts are available:
Ctrl+M
Open the System Manager
Ctrl+Alt+R
Reconnect
Ctrl+Shift+W
Close Window
Ctrl+Q
Quit
Ctrl+Shift+C
Quick connect
For all list views, the following keyboard shortcuts are available:
Down
Move selection down.
Up
Move selection up.
Left or -
Close one expanded level.
Right or +
Expand one level.
Enter
Open selected item (corresponds to double-click).
Del or Backspace (Mac)

Removes the selected item (when applicable).
Space
Toggles checkboxes checked/unchecked.
F2
Opens a dialog to rename the selected item. Enter sets the new name, Esc cancels.
415
To open a general-purpose search field in any list view or statistics bar chart view, press \textbf{Ctrl+F} or simply start typing
the search string.
When the search field is open, the following keyboard shortcuts are available:
Esc
Close the search field.
F3 or Ctrl+G
Go to the next match.
Shift+F3
Go to the previous match.
D.3. Backup Manager

The following keyboard shortcuts are available in the Backup Manager:
Ctrl+N
Create a new backup.
Ctrl+W
Close the Backup Manager.
D.4. File Manager

The following keyboard shortcuts are available in the File Manager:
Ctrl+W
Close the File Manager.
Del
Delete the selected file.
D.5. Log Viewer

The following keyboard shortcuts are available in the Log Viewer:
Ctrl+S
Save the selected log file on the local file system.
Ctrl+W
Close the Log Viewer.
Ctrl+C
Copy the selected text to the clipboard.
Ctrl+A
Select all text in the displayed log file.
416
Ctrl+F
Search the logs for a text string.
D.6. System Manager

Esc
Closes the System Manager.
D.7. Objects & Rules Editor

The following keyboard shortcuts are available in the Objects & Rules Editor:
Ctrl+N
Add a new object.
Ctrl+I
Add a new item in the current object.
Ctrl+S
Save the edited ruleset.
Ctrl+W
Close the Objects & Rules Editor.
Ctrl+X
Cut the selected object, rule, or item.
Ctrl+C
Copy the selected object, rule, or item.
Ctrl+V
Paste the most recently cut or copied object, rule, or item.
Ctrl+Up
Move the selected filtering rule up in the list.
Ctrl+Down
Move the selected filtering rule down in the list.
Right
Add the selected service or Shaping Object to the list.
Left
Remove the selected service or Shaping Object from the list.
When selecting date ranges in TimeObjects, the following keyboard shortcuts are available:
Esc
Closes the date range selection without selecting a date.
Enter
Sets the selected date range.
For objects where there are advanced options available, Space and Enter toggles showing/hiding the advanced options.
417
D.8. System Configuration Editor

The following keyboard shortcuts are available in the System Configuration Editor:
Ctrl+S
Save the current configuration.
Ctrl+W
Close the System Configuration Editor.
D.9. User Editor

The following keyboard shortcuts are available in the User Editor:
Ctrl+N
Add a new user.
Ctrl+S
Save the edited user configuration.
Ctrl+W
Close the User Editor.
Ctrl+X
Cut the selected user.
Ctrl+C
Copy the selected user.
Ctrl+V
Paste the user last cut or copied.
Del
Delete the selected user.
Ctrl+P
Change password for the selected user.
D.10. Tech Support

The following keyboard shortcuts are available in the Tech Support (IRC client):
Ctrl+W
Close the window.
D.11. Resource Manager

The following keyboard shortcuts are available in the Resource Manager:
418
Ctrl+D
Display debug information for the resources.
D.12. Statistics Viewer

The following keyboard shortcuts are available in the Statistics Viewer:
Ctrl+W
Close the current tab.
Ctrl+F
Find (in bar chart).
Alt+Up
Go up one level in the object path.
Alt+Home
Go to the root level in the object path.
Ctrl+L
Focus the Location Field.
Ctrl+Left
View the previous date interval.
Ctrl+Right
View the next date interval.
Ctrl+B
Switch to Bar Chart.
Ctrl+I
Switch to Pie Chart.
Ctrl+T
Switch to Throughput Chart.
Ctrl+P
Print the current statistics view.
Ctrl+D
Add a bookmark.
Down or PageDown
Go down one page in a multi-page statistics view.
Up or PageUp
Go up one page in a multi-page statistics view.
Home
Go to the first page in a multi-page statistics view.
End
Go to the last page in a multi-page statistics view.
Alt+Left (Linux), Apple+[ (Mac)

Go back in history in the Statistics Viewer.
419
Alt+Right (Linux), Apple+] (Mac)

Go forward in history in the Statistics Viewer.
D.13. Bookmark Manager

The following keyboard shortcuts are available in the Bookmark Manager:
Ctrl+W
Close the Bookmark Manager.
Ctrl+X
Cut the selected bookmark.
Ctrl+C
Copy the selected bookmark.
Ctrl+V
Paste the bookmark last cut or copied.
D.14. Calendar Tool

The following keyboard shortcuts are available in the Calendar Tool:
Left
Move the date selection to the left.
Right
Move the date selection to the right.
Up
Move the date selection up.
Down
Move the date selection down.
PageUp
Go forward one month.
PageDown
Go back one month.
D.15. LiveView
The following keyboard shortcuts are available in the LiveView part:
Ctrl+Shift+P
Pause/unpause (stop/start updating)
Ctrl+Shift+G
Open the Go to Host dialog, where an IP address can be entered to go directly to the connections for that host.
420
Ctrl+D
Display debugging zones in System Diagnostics.
Ctrl+W
Close the current view.
421
422
Index
ICMP ports (low), 267
Incoming, 113
Incoming Avg Latency, 251, 259
Incoming bps, 255
A Incoming Bytes, 247
Aggregation, 43, 196 Incoming concurrent connections, 258
Attributes, 123 Incoming concurrent connections (Peak), 249
Incoming Connections, 248
B Incoming CPS, 257
Backup and restore, 158 Incoming link speed, 263
Backup Manager (Client), 74 Incoming Link Utilization, 263
Bandwidth, 148 Incoming Packet Drops, 254, 262
Incoming Packet Retransmissions, 254, 262
C Incoming Packets, 250, 258
Centralized management, 148 Incoming Quality (External), 252, 260
Channel Editor, 51 Incoming Quality (Internal), 252, 259
Channel statistics graph fields, 264 Incoming Quality of Experience, 253, 261
Channel statistics total fields, 263 Incoming Quality Packets, 254, 261
Chassis processor(PL15000/PL20000), 132 Incoming Shaping Dropped Bytes, 248, 256
Client, 7, 85 Incoming Shaping Dropped Packets, 250, 258
Client-server, 113 Incoming Unestablished Connections, 249
Command line mode, 84 Insights Data Storage, 216, 216, 217, 218
Concepts, 111, 171, 215 Internal Avg Handshake RTT, 253, 261
Connection logging, 241, 244 IPFIX collector, 227
Connection quality measurement, 115 IPFIX elements, enterprise-specific elements, 232
Connection search, 244 IPFIX elements, standard, 231
Connection Search (Client), 82 IPFIX export, 226, 226
Connections, 248 IPFIX export configuration, 228
CPS, 256 IPFIX fields, 230
IPFIX flow, 237
D IPFIX sampling, 239
Database daemon, 133 IPFIX template, 226
Database daemon (Statistics), 134 IPFIXObject editor, 44
Depth, 174
Distribution, 40, 173 K
Key concepts, 111, 171, 215
E
Edit menu (Client), 23 L
Engine, 132 Limits, 42
External Avg Handshake RTT, 253, 261 Link configuration, 185, 185
Links (Statistics), 184
F Local, 113
Features, 111, 171, 215 Log Levels Editor, 61
Fields, 39, 177 Log Viewer, 80
File Manager, 78
File menu (Client), 22 M
FLICKA, 136 Monitoring, 151
H N
Handshake RTT, 117 NAT statistics, 193, 266
Help menu (client), 29 NetObject Attributes, 123
NetObjects, 122
I
ICMP port allocation failures (high), 268 O
ICMP port allocation failures (low), 267 Object root, 174
ICMP ports (high), 267 Objects, 122
423
Index
Objects & Rules Editor, 30 RX Speed, 265

Outgoing, 113
Outgoing Avg Latency, 251, 259 S
Outgoing bps, 255 ServiceObjects, 123
Outgoing Bytes, 247 Session Context, 190
Outgoing concurrent connections, 258 Software architecture, 131
Outgoing concurrent connections (Peak), 250 Statistical data flow, 130
Outgoing Connections, 249 Statistics daemon, 136
Outgoing CPS, 257 Statistics rule editor, 49
Outgoing link speed, 263 Statistics rules, 112
Outgoing Link Utilization, 263 Statistics ruleset templates, 198
Outgoing Packet Drops, 254, 262 Statistics View (Client), 15
Outgoing Packet Retransmissions, 255, 262 StatisticsObject, 112, 172
Outgoing Packets, 251, 259 StatisticsObject editor, 38
Outgoing Quality (External), 252, 260 Sub-Item Count, 251, 259, 268
Outgoing Quality (Internal), 252, 260 Sub-item Count, 268
Outgoing Quality of Experience, 253, 261 Subscriber identity integrity, 127
Outgoing Quality Packets, 254, 262 Subscriber obfuscation, 127
Outgoing Shaping Dropped Bytes, 248, 256 System Configuration Editor, 68
Outgoing Shaping Dropped Packets, 250, 258 System Manager, 12
Outgoing translation failures (incompatible L4 protocol), 268,
268
Outgoing Unestablished Connections, 249 T
T1 - No PSM, 200
T12 - ContentLogic, 201
P T2 - Subscriber awareness, 200
PacketLogic Daemon, 133 T7 - BGP, 201
Peak (Statistics), 207 TCP port allocation failures (high), 267
Peak analysis, 194, 207 TCP port allocation failures (low), 266
Peering, statistics reader, 205 TCP ports (high), 266
Performance considerations, 147 TCP ports (low), 266
PIC deployment, 129 Terminology, 5
PIC system, 129 Thresholds, 208
PLD, 133 Tools menu (Client), 27
PLDBD, 133 Total bps, 256
PLRCD, 132 Total Bytes, 247
PLSD, 136 Traffic analysis, 113
Port blocks (high), 266 Traffic categorization, 120
Port blocks (low), 266 Traffic statistics graph fields, 255
Preferences, 70 Traffic statistics total fields, 247
Proxy, 148 Triggers - Host Trigger Editor (Client), 63
Proxying System Diagnostics, 150 TX Bytes, 264
TX Drops, 264, 266
Q TX Errors, 264, 265
QoE, 115 TX Packets, 263, 265
TX Speed, 265
R
Reaper (PL15000/PL20000), 132 U
Remote, 113 UDP port allocation failures (high), 267
Resource copy, 150 UDP port allocation failures (low), 267
Resource Manager, 76 UDP ports (high), 267
Resources, 134 UDP ports (low), 267
Ruleset compiler daemon, 132 Unestablished Connections, 248
RX Bytes, 264 Unestablished CPS, 256
RX Drops, 264, 265 Unestablished Incoming CPS, 257
RX Errors, 264, 265 Unestablished Outgoing CPS, 257
RX Packets, 263, 265 Usage analysis, 194
424
Index
User Editor (Client), 57
V
Value paths, 177
Value types, 179
Values, 177
View menu (Statistics), 25
425
426

Packetlogic 20 30 00 Intelligence Center Product Guide

Uploaded by

Copyright:

Available Formats

You might also like

Packetlogic 20 30 00 Intelligence Center Product Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Packetlogic 20 30 00 Intelligence Center Product Guide

Uploaded by

Copyright:

Available Formats

PacketLogic Intelligence Center

3.21. Connection Protection Trigger Editor window ......................................................................................... 66

5.4.1. Connection quality measurement ............................................................................................... 115

6.3.8. Verifying statistics .................................................................................................................... 145

7.10. Averages based on usage analysis .................................................................................................... 194

10.4.1. Standard IPFIX elements ......................................................................................................... 231

C.14.GRE ............................................................................................................................................... 312

D.13. Bookmark Manager .......................................................................................................................... 420

1.1. Document scope

1.2. Related documents

PacketLogic Real-Time Enforcement Product Guide

PacketLogic Subscriber Manager Product Guide

PacketLogic Hardware Guide

PacketLogic CLI Reference Guide

1.3. Software and firmware download

1.4. Typographical conventions

A tip gives supplementary information providing alternative methods to complete a task.

An important note gives important information that is essential to complete a task.

A caution means risk of data loss.

A warning means risk of personal injury or damage to equipment.

2.1. About PacketLogic

2.1.1. Basic data flow

2. Analyze the packet to determine the following:

3. Enforce all rules to which the packet's connection applies.

2.2. About PacketLogic Intelligence Center

2.3. Interfaces overview

Command-Line Interface (CLI)

• Section 4.1, “PacketLogic Client”

• Chapter 3, PacketLogic Client user interface

• Section 4.2, “CLI”

• PacketLogic CLI Reference Guide

• Section 4.3, “SQL”

• Section 6.8, “Monitoring PacketLogic”

Named dynamic item

MiB, GiB, TiB (mebibyte, gibibyte, and tebibyte)

• Section 6.2.1, “Engine”

• Section 7.5, “Value paths”

• Section 7.5.2, “Value types”

• Section 2.3, “Interfaces overview”

3.1. PacketLogic Client window

Interface element Description

Contains tools for managing the system.

Displays the tree structure for navigating the PacketLogic system.

Displays the following information about the PacketLogic system:

• Version: The currently running PacketLogic firmware version.

Interface element Description

• Username: The user that is logged on to PacketLogic.

Tabs for navigating the PacketLogic views.

Objects & Rules Editor

• Open Without Stealing Resource

• Steal Resource And Open

• Open Read Only

Host Trigger Editor

Connection Protection Trigger Editor

Interface element Description

• Chapter 3, PacketLogic Client user interface

• Appendix D, Keyboard shortcuts

• Section 3.2, “System Manager window”