Traffic log CSV Export Bytes Column

Reply
Highlighted
L2 Linker

Traffic log CSV Export Bytes Column

Hello everybody,

Software Version 3.0.5

when we make an CSV export for the traffic logs,
we have three columns with Bytes, called

- Bytes
- Bytes Send
- Bytes Received

All three columns have for the same row the same Byte values.
So, what is it for!

I thought there must be different values!

Can sombody explain this, or is there a fix in another release!?

Kind regards
Christian

Tags (3)
L4 Transporter

Re: Traffic log CSV Export Bytes Column

Good Job Christian :smileyhappy:

This is an inconsistency in csv.

There is actually only one byte count and that is the total number of bytes. Right now we actually do not differentiate between the bytes received and bytes sent.....it's just one bucket of total bytes.

This is not yet addressed in a future version.

You can illiminate the bytes sent and bytes received collumn from the csv file as a soft work around.

If you would like to pursue this further, it definitely needs to come through support.

Thanks for alerting us of this.

L2 Linker

Re: Traffic log CSV Export Bytes Column

swhyte wrote:

There is actually only one byte count and that is the total number of bytes. Right now we actually do not differentiate between the bytes received and bytes sent.....it's just one bucket of total bytes.

This is not yet addressed in a future version.

Differentiating bytes sent vs received is of interest to us too - not just in CSV, but also in traffic logs, reports, etc.  It appears that the 4.0.x code stream still does not differentiate.

Any idea if differentiating sent vs rcvd is forthcoming in a future release or if it has even been submitted as an enhancement request by anyone?

Palo Alto Networks Guru

Re: Traffic log CSV Export Bytes Column

Bytes in/out will be available in 4.1 on all platforms but the PA-4000 series. 

L2 Linker

Re: Traffic log CSV Export Bytes Column

jfitz-gerald wrote:

Bytes in/out will be available in 4.1 on all platforms but the PA-4000 series. 

That's great news! But why not on the PA-4000s?

Not applicable

Re: Traffic log CSV Export Bytes Column

Has bytes in/out been made available in 4.1.2 for the PA-4000 series?

L2 Linker

Re: Traffic log CSV Export Bytes Column

jfitz-gerald wrote:

Bytes in/out will be available in 4.1 on all platforms but the PA-4000 series. 

Bytes in/out do appear to be in 4.1.1 on our PA-5050s... except that the values are incorrect: the bytes-in and bytes-out fields always have the same value.

There are now three bytes-related fields in PANOS logs: Bytes, Bytes Sent and Bytes Received. Every log has the same equation for the various values:

Bytes Sent = Bytes Received = 1/2 Bytes 

I checked the release notes for 4.1.2, but there is no reference to a fix for this issue, nor a known outstanding issue.

L2 Linker

Re: Traffic log CSV Export Bytes Column

I opened a case on this very issue in February 2013.  The response: The PA-4000 series hardware does not support bidirectional counters. At this time, we do not see any change in a future software release.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!