SHD Logs format

Erik Dahle · ‎03-21-2013

Hi,

I'm pushing several logs from Ironport into splunk, including System Health Daemon logs.

This makes it easy to monitor the current status of the proxies.

Most of the entries in the log are quite easy to understand, but I'm uncertain of one field "Band".

Is that supposed to be the average bandwith in kbps the last minute?

Which interfaces are measured?

Does it measure Client to Proxy traffic, Proxy to Server traffic, or both?

Example of output:

Thu Mar 21 12:21:40 2013 Info: Status: CPULd 6.2 DskUtil 80.3 RAMUtil 9.8 Reqs 125 Band 6919 Latency 829 CacheHit 37 CliConn 4206 SrvConn 891 MemBuf 0 SwpPgOut 1113535 ProxLd 2.7 webcatld 0.0 WbrsLd 0.0 LogLd 2.7 RptLd 4.5 WebrootLd 0.0 SophosLd 0.0 McafeeLd 0.0

Thu Mar 21 12:22:40 2013 Info: Status: CPULd 7.2 DskUtil 81.9 RAMUtil 9.8 Reqs 163 Band 11231 Latency 550 CacheHit 58 CliConn 4281 SrvConn 849 MemBuf 0 SwpPgOut 1113582 ProxLd 4.3 webcatld 0.0 WbrsLd 5.3 LogLd 3.7 RptLd 2.7 WebrootLd 0.0 SophosLd 0.0 McafeeLd 0.0

Erik Kaiser · ‎03-25-2013

Hi Erik,

Band refers to WSA -> destination URL. I will have to find out what the interval is as far as how often it takes a sampeling of the bandwidth.

Sincerely,

Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator

Erik Dahle · ‎04-02-2013

Thank you,

The sampling is once a minute.

So now I only need to figure out what the number represents. I guess it is average kbit/s?

Another thing, it would be awesome if I also could see the traffic from clients to the proxy, so I could measure the caching efficiency.

Or is there a way I could do that already?