# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. cisco_waas_tcp_proxy_4_0 = { plugin_version = "1.7" # 2007-09-27 - 1.0 - KBB - Initial creation # 2007-10-09 - 1.1 - KBB - Split latency field into six fields # 2008-01-10 - 1.2 - KBB - Added concurrent_connections numeric field and customized report # for maximum concurrent connections. Also grouped reports. # 2008-02-12 - 1.3 - KBB - Efficiency improvement for above change # 2008-03-28 - 1.4 - KBB - Further improvements to above change. # 2008-06-12 - 1.5 - KBB - Added operation field for easy filtering on BP or OT. # 2009-03-21 - 1.6 - KBB - Changed name from cisco_waas_tcp_proxy, since the new cisco_waas_tcp_proxy # supports only 4.1. # 2010-10-04 - 1.7 - MSG - Edited info lines. info.1.manufacturer = "Cisco" info.1.device = "WAAS TCP Proxy 4.0" info.1.version = "4.0" # The name of the log format log.format.format_label = "Cisco Wide Area Application Services (WAAS) TCP Proxy (v4.0) Log Format" log.miscellaneous.log_data_type = "tcp_proxy" log.miscellaneous.log_format_type = "proxy_server" # The log is in this format if any of the first ten lines match this regular expression #Fri Jun 16 19:17:46 2006:OT:780:END:EXTERNAL CLIENT:10.99.99.99:4886:10.99.99.98:1026:00.0d.60.83.ea.60:LZ DRE:LZ DRE:LZ DRE:1966:2134:1839:1718: 0.070(2): 0.216(4): 0.721(3): 0.073(5): 0.139(3): 0.139(3):5:0: log.format.autodetect_regular_expression = '^[A-Za-z]{3} [A-Za-z]{3} [0-9 ][0-9] [0-9]{2}:[0-9]{2}:[0-9]{2} [0-9]{4}:(OT|BP):[0-9]+' log.format.date_format = "d/mmm/yyyy" log.format.time_format = "hh:mm:ss" # Don't retire the "open" count log.format.collected_entry_lifespan = 0 # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log fields log.fields = { date = "" time = "" action = "" pass_through_reason = "" connection_id = "" connection_type = "" operation = "" source_ip = "" source_port = "" destination_ip = "" destination_port = "" wae_peer_id = "" wae_ip = "" our_policy = "" peer_policy = "" final_policy = "" non_optimized_bytes_read = "" optimized_bytes_written = "" optimized_bytes_read = "" non_optimized_bytes_written = "" #latency = "" non_optimized_read_queue_latency = "" non_optimized_dre_latency = "" non_optimized_write_queue_latency = "" optimized_read_queue_latency = "" optimized_dre_latency = "" optimized_write_queue_latency = "" tcp_rst_reason = "" #bytes_passed_through = "" # always zero duration = "" concurrent_connections = "" open = "" } # log.fields # Log Parsing Filters log.parsing_filters.parse = ` v.line = current_log_line(); v.wae_ip = ''; if (matches_regular_expression(current_log_pathname(), '_([0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1,3}\\\\.[0-9]{1,3})_')) then ( v.wae_ip = $1; ); #Mon Jul 3 18:52:53 2006:OT:1345:START:INTERNAL SERVER:10.99.99.99:4050:10.99.99.98:40294:00.0d.60.83.ea.60:LZ DRE:LZ DRE:LZ DRE:0:0:0:0: 0.000(0): 0.000(0): 0.000(0): 0.000(0): 0.000(0): 0.000(0):0:0: #Fri Jun 16 22:00:07 2006:OT:1873:START:EXTERNAL SERVER:10.80.241.10:443:10.80.250.67:58745:00.0d.60.83.ea.60: : : :0:0:0:0: 0.000(0): 0.000(0): 0.000(0): 0.000(0): 0.000(0): 0.000(0):0:0: #Fri Jun 16 19:17:46 2006:OT:780:END:EXTERNAL CLIENT:10.80.79.202:4886:10.80.250.98:1026:00.0d.60.83.ea.60:LZ DRE:LZ DRE:LZ DRE:1966:2134:1839:1718: 0.070(2): 0.216(4): 0.721(3): 0.073(5): 0.139(3): 0.139(3):5:0: #Fri Jun 16 23:00:16 2006:BP:10.99.99.99:54752:10.99.99.98:443:NO_PEER: OPT: if (matches_regular_expression(v.line, '^[A-Za-z]{3} ([A-Za-z]{3}) +([0-9]{1,2}) ([0-9]{2}:[0-9]{2}:[0-9]{2}) ([0-9]{4}):(OT|BP):(.*)$')) then ( set_collected_field('', 'date', $2 . '/' . $1 . '/' . $4); set_collected_field('', 'time', $3); v.op = $5; v.line = $6; # For pass-through connections: # # :BP::::::: # #Fri Jun 16 23:00:16 2006:BP:10.99.99.99:54752:10.99.99.98:443:NO_PEER: OPT: if ((v.op eq 'BP') and matches_regular_expression(v.line, '^([0-9.]+):([0-9]+):([0-9.]+):([0-9]+):([^:]*):[^:]*:$')) then ( set_collected_field('', 'wae_ip', v.wae_ip); set_collected_field('', 'source_ip', $1); set_collected_field('', 'source_port', $2); set_collected_field('', 'destination_ip', $3); set_collected_field('', 'destination_port', $4); set_collected_field('', 'pass_through_reason', $5); set_collected_field('', 'operation', v.op); # Save open connections for the device set_collected_field('', 'concurrent_connections', get_collected_field(v.wae_ip, 'concurrent_connections')); accept_collected_entry('', false); ); # For optimized connection start: # # :OT::START::::::::::0:0:0:0: 0.000(0): \ # 0.000(0): 0.000(0): 0.000(0): 0.000(0): 0.000(0):0:0: # # For optimized connection stop: # # :OT::END::::::::::::::<6 internal measurements - various latencies>::: # #Mon Jul 3 18:52:53 2006:OT:1345:START:INTERNAL SERVER:10.99.99.99:4050:10.99.99.98:40294:00.0d.60.83.ea.60:LZ DRE:LZ DRE:LZ DRE:0:0:0:0: 0.000(0): 0.000(0): 0.000(0): 0.000(0): 0.000(0): 0.000(0):0:0: else if (matches_regular_expression(v.line, '([0-9]+):(START|END):([^:]+):([0-9.]+):([0-9]+):([0-9.]+):([0-9]+):([0-9a-f.]+):([^:]*):([^:]*):([^:]*):([0-9]+):([0-9]+):([0-9]+):([0-9]+): +([0-9.()]+): +([0-9.()]+): +([0-9.()]+): +([0-9.()]+): +([0-9.()]+): +([0-9.()]+):([0-9]+):([0-9]+):$')) then ( v.key = $1 . "_" . v.wae_ip; v.action = $2; set_collected_field(v.key, 'action', v.action); set_collected_field(v.key, 'wae_ip', v.wae_ip); set_collected_field(v.key, 'connection_id', v.key); set_collected_field(v.key, 'connection_type', $3); set_collected_field(v.key, 'source_ip', $4); set_collected_field(v.key, 'source_port', $5); set_collected_field(v.key, 'destination_ip', $6); set_collected_field(v.key, 'destination_port', $7); set_collected_field(v.key, 'wae_peer_id', $8); set_collected_field(v.key, 'our_policy', $9); set_collected_field(v.key, 'peer_policy', $10); set_collected_field(v.key, 'final_policy', $11); set_collected_field(v.key, 'non_optimized_bytes_read', $12); set_collected_field(v.key, 'optimized_bytes_written', $13); set_collected_field(v.key, 'optimized_bytes_read', $14); set_collected_field(v.key, 'non_optimized_bytes_written', $15); #set_collected_field(v.key, 'latency', # $16 . " " . $17 . " " . $18 . " " . $19 . " " . $20 . " " . $21); set_collected_field(v.key, 'non_optimized_read_queue_latency', $16); set_collected_field(v.key, 'non_optimized_dre_latency', $17); set_collected_field(v.key, 'non_optimized_write_queue_latency', $18); set_collected_field(v.key, 'optimized_read_queue_latency', $19); set_collected_field(v.key, 'optimized_dre_latency', $20); set_collected_field(v.key, 'optimized_write_queue_latency', $21); set_collected_field(v.key, 'tcp_rst_reason', $22); #set_collected_field(v.key, 'bytes_passed_through', $23); set_collected_field(v.key, 'operation', v.op); if (v.action eq 'START') then ( # Save the start time set_collected_field(v.key, 'date', get_collected_field('', 'date')); set_collected_field(v.key, 'time', get_collected_field('', 'time')); # Count open connections for the device #set_collected_field(v.key, 'open', 'yes'); # use start_time_epoc set_collected_field(v.wae_ip, 'concurrent_connections', get_collected_field(v.wae_ip, 'concurrent_connections') + 1); # Accepting on open to collect more times for maximum_conncurrent_connections report accept_collected_entry(v.key, true); ); else ( # This is an END event # Calculate the duration if we know about the START event. int start_time_epoc = date_time_to_epoc(get_collected_field(v.key, 'date_time')); if (start_time_epoc > 0) then ( int end_time_epoc = date_time_to_epoc(get_collected_field('', 'date_time')); set_collected_field(v.key, 'duration', 0.0 + (end_time_epoc - start_time_epoc)); ); # Now that we're accepting on open, store the end time with the close set_collected_field(v.key, 'date', get_collected_field('', 'date')); set_collected_field(v.key, 'time', get_collected_field('', 'time')); # Save open connections for the device set_collected_field(v.key, 'concurrent_connections', get_collected_field(v.wae_ip, 'concurrent_connections')); # Don't decrement if the open did not happen within the log data. #if (get_collected_field(v.key, 'open') eq 'yes') then ( if (start_time_epoc > 0) then ( set_collected_field(v.wae_ip, 'concurrent_connections', get_collected_field(v.wae_ip, 'concurrent_connections') - 1); ); accept_collected_entry(v.key, false); ); ); ); ` # Database fields database.fields = { date_time.suppress_bottom = 6 day_of_week = "" hour_of_day = "" action = "" pass_through_reason = "" connection_id = "" connection_type = "" operation = "" source_ip = "" source_port = "" destination_ip = "" destination_port = "" wae_peer_id = "" wae_ip = "" our_policy = "" peer_policy = "" final_policy = "" #latency = "" non_optimized_read_queue_latency = "" non_optimized_dre_latency = "" non_optimized_write_queue_latency = "" optimized_read_queue_latency = "" optimized_dre_latency = "" optimized_write_queue_latency = "" tcp_rst_reason = "" } # database.fields database.numerical_fields = { events = { default = true requires_log_field = false entries_field = true } # events duration = { type = float display_format_type = duration_compact } # duration #bytes_passed_through = { # type = "float" # display_format_type = "bandwidth" #} non_optimized_bytes_read = { type = "float" display_format_type = "bandwidth" } optimized_bytes_written = { type = "float" display_format_type = "bandwidth" } optimized_bytes_read = { type = "float" display_format_type = "bandwidth" } non_optimized_bytes_written = { type = "float" display_format_type = "bandwidth" } concurrent_connections = { default = "true" aggregation_method = "max" } } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { # Specify the reports menu manually manual_reports_menu = true # How the reports should be grouped in the report menu report_groups = { overview.type = "overview" date_time_group = { items = { date_time = { label = "$lang_stats.miscellaneous.years_months_days" only_bottom_level_items = false } days = { label = "$lang_stats.miscellaneous.days" database_field_name = "date_time" } day_of_week = "" hour_of_day = "" } } # date_time_group source_group = { items = { source_ip = "" source_port = "" } # items } # source_group destination_group = { items = { destination_ip = "" destination_port = "" } # items } # destination_group connections_group = { items = { #maximum_concurrent_connections = { # database_field_name = "date_time" # label = "$lang_stats.field_labels.maximum_concurrent_connections" #} maximum_concurrent_connections = { database_field_name = "date_time" label = "$lang_stats.field_labels.maximum_concurrent_connections" #show_header_bar = "true" columns = { 0 = { #data_type = "string" display_format_type = "date_time" field_name = "date_time" #header_label = "{=capitalize(database.fields.date_time.label)=}" main_column = "true" #type = "string" #visible = "true" } # 0 1 = { #data_type = "int" #display_format_type = "integer" field_name = "concurrent_connections" #header_label = "{=capitalize(database.fields.concurrent_connections.label)=}" show_bar_column = "true" show_graph = "true" #show_number_column = "true" #show_percent_column = "false" #type = "number" #visible = "true" } # 1 } # columns #disabled = "false" ending_row = "60" graphs = { bar_line_graph = { x_axis_length = "744" y_axis_height = "150" } # bar_line_graph graph_type = "line" } # graphs #omit_parenthesized_items = "true" #omit_table = "false" only_bottom_level_items = "false" show_averages_row = "false" show_header_bar = "false" show_omitted_items_row = "false" show_totals_row = "false" sort_by = "concurrent_connections" sort_direction = "descending" #starting_row = "1" #type = "table" } connection_id = "" connection_type = "" operation = "" } # items } # connections_group policies_group = { items = { our_policy = "" peer_policy = "" final_policy = "" } # items } # policies_group results_group = { items = { non_optimized_read_queue_latency = "" non_optimized_dre_latency = "" non_optimized_write_queue_latency = "" optimized_read_queue_latency = "" optimized_dre_latency = "" optimized_write_queue_latency = "" tcp_rst_reason = "" pass_through_reason = "" } # items } # results_group other_group = { items = { wae_peer_id = "" wae_ip = "" action = "" } # items } # other_group log_detail = true single_page_summary = true } # report_groups # final_step = ` # #include "templates.admin.profiles.setup_reports_util"; # #string profile = "profiles." . volatile.new_profile_name; #string bar_line_graphs = profile . ".statistics.graphs.bar_line_graph"; # ## Create the standard reports #add_standard_reports(profile); # #set_node_value(bar_line_graphs . ".show_remainder", "false"); # ##echo("end of final_step"); #` } # create_profile_wizard_options } # cisco_waas_tcp_proxy_4_0