fastdpi_stat.log

The file is placed in the directory: /var/log/dpi/fastdpi_stat.log

This log contains statistics on traffic processed and blocked by VAS Experts DPI, on memory and processor load (file stat.log).


            Image 1

Information is presented as follows (see Image 1, Image 2):

  • Memory used:
    1 – date and time of data accessing,
    2 – memory type,
    3 – information volume.
  • CPU load:
    4 – general load,
    5 – load by cores.
  • Statistics on VAS Experts DPI interfaces:
    6 – full statistics on received packets/bytes, blocked packets on all interfaces,
    7 - full statistics on received packets/bytes, blocked packets on the dna0 interface, here:
    • Rcvd: [2372621 pkts][381635326 bytes][0 pkts dropped] – received packets/bytes
    • Send: [4457954 pkts][4526709192 bytes] – transmitted packets/bytes
    • Esnd: [0 err_pkts][0.00 %] - errors occurred while sending packets
    • Drop: [0 pkts][0 bytes] – blocked packets/bytes
    • Pthr: [0 pkts][0 bytes] – the number of packets/bytes passing without analysis and processing
    • Emit: [0 pkts][0 bytes] – packets formed by VAS Experts DPI
    • Eemt: [0 err_pkts][0.00 %] - errors that occurred when sending packets generated by VAS Experts DPI

8 – actual statistics on received packets/bytes, blocked packets on dna0 interface,
9 – full statistics on the number of captured, processed, sent packets/sec (see Image 2), e.g. [Captured 1.47 pkt/sec][Processed 1.47 pkt/sec][Send 0.00 pkt/sec].
IPv4_thread_slave=#1 or 0 – flow statistics (0 or 1) – flow number.

         Image 2
  • Protocol statistics:
    • Statistics by IP:
      10 – current flows number, here
      IPv4_total : allocate=1708/3008000 – parameter is set in /etc/dpi/fastdpi.conf:
      mem_tracking_flow (e.g.=3008000)
      3008000 – total / 1708 – taken
    • Blocking counters:
      url/lock=341/5 ( 0,0 )( 1,1,0,98879 )
      ssl/lock=47/0 ( 21,457 )( 0,69,69,196647 )
      chnprc=0
      ccheck/ip_check/lock=2954/503/76
      url/lock – URL checked/blocked
    • ( 0,0 ) :
      first 0 – number of URLs that could not be parsed
      second 0 – number of packets with partial URLs (URL in several packets)
      ( 1,1,0,98879 ) :
      1 – parsers used
      1 – parsers were used in total
      0 – how many parsers are not involved after use
      98879 –

how many parsers can be created

  • ssl/lock – similarly to URL, but for cname
    chnprc=0 – parser change http ←→ htpps
    ccheck/ip_check/lock – 2954/503/76 statistics on check by IP/port
  • 2954 – were to check by IP
    503 – how many times the check was actually performed
    76 – packets blocked
  • Firewall statistics – 11.
  • Netflow statistics – 12,

In version 9.4.1 statistics on packet sizes have been expanded, Jumbo Frames have been added
[STAT ][2020/09/09-13:44:33:322801] Packet size (abs/delta, in %):

                       <=64       <=128       <=256       <=512      <=1024      <=2048      <=4096      <=8192     >8192
      subs->inet:   0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0
      inet->subs:   0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0     0.0/0.0