Traffic log CSV Export Bytes Column
cancel
Showing results for 
Search instead for 
Did you mean: 

Traffic log CSV Export Bytes Column

L2 Linker

Hello everybody,

Software Version 3.0.5

when we make an CSV export for the traffic logs,
we have three columns with Bytes, called

- Bytes
- Bytes Send
- Bytes Received

All three columns have for the same row the same Byte values.
So, what is it for!

I thought there must be different values!

Can sombody explain this, or is there a fix in another release!?

Kind regards
Christian

1 ACCEPTED SOLUTION

Accepted Solutions

L4 Transporter

Good Job Christian :smileyhappy:

This is an inconsistency in csv.

There is actually only one byte count and that is the total number of bytes. Right now we actually do not differentiate between the bytes received and bytes sent.....it's just one bucket of total bytes.

This is not yet addressed in a future version.

You can illiminate the bytes sent and bytes received collumn from the csv file as a soft work around.

If you would like to pursue this further, it definitely needs to come through support.

Thanks for alerting us of this.

View solution in original post

7 REPLIES 7

L4 Transporter

Good Job Christian :smileyhappy:

This is an inconsistency in csv.

There is actually only one byte count and that is the total number of bytes. Right now we actually do not differentiate between the bytes received and bytes sent.....it's just one bucket of total bytes.

This is not yet addressed in a future version.

You can illiminate the bytes sent and bytes received collumn from the csv file as a soft work around.

If you would like to pursue this further, it definitely needs to come through support.

Thanks for alerting us of this.

View solution in original post

swhyte wrote:

There is actually only one byte count and that is the total number of bytes. Right now we actually do not differentiate between the bytes received and bytes sent.....it's just one bucket of total bytes.

This is not yet addressed in a future version.

Differentiating bytes sent vs received is of interest to us too - not just in CSV, but also in traffic logs, reports, etc.  It appears that the 4.0.x code stream still does not differentiate.

Any idea if differentiating sent vs rcvd is forthcoming in a future release or if it has even been submitted as an enhancement request by anyone?

Palo Alto Networks Guru

Bytes in/out will be available in 4.1 on all platforms but the PA-4000 series. 

jfitz-gerald wrote:

Bytes in/out will be available in 4.1 on all platforms but the PA-4000 series. 

That's great news! But why not on the PA-4000s?

Has bytes in/out been made available in 4.1.2 for the PA-4000 series?

jfitz-gerald wrote:

Bytes in/out will be available in 4.1 on all platforms but the PA-4000 series. 

Bytes in/out do appear to be in 4.1.1 on our PA-5050s... except that the values are incorrect: the bytes-in and bytes-out fields always have the same value.

There are now three bytes-related fields in PANOS logs: Bytes, Bytes Sent and Bytes Received. Every log has the same equation for the various values:

Bytes Sent = Bytes Received = 1/2 Bytes 

I checked the release notes for 4.1.2, but there is no reference to a fix for this issue, nor a known outstanding issue.

I opened a case on this very issue in February 2013.  The response: The PA-4000 series hardware does not support bidirectional counters. At this time, we do not see any change in a future software release.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!