Technical Documentation

Application Volume Tracking Overview

The application volume tracking (AVT) feature uses application identification and the Profiler to collect application statistics aggregated at 15-minute and 1-hour intervals. The AVT database stores up to four sets of each interval at a time (four 15-minute intervals and four 1-hour intervals). After it has accumulated four intervals, it begins dropping the oldest interval as it collects a new one.

The AVT process writes data files to the following directories:

  • /usr/idp/device/var/stat/1hour
  • /usr/idp/device/var/stat/15min

The data is collected and parsed for reporting in NSM, IDP Reporter, or Juniper Networks Application Usage Manager.

Table 1 describes the columns of data in AVT records for each session.

Table 1: Application Volume Tracking Data

Data Field

Description

Session ID

Unique ID for the session.

Source IP address

IP address for the host that initiated the session.

Source port

The port number for the source host.

Destination IP address

IP address for the destination server.

Destination port

The port number of the destination host.

VLAN ID

VLAN ID (if any).

Protocol

The IP protocol: TCP, UDP, or ICMP.

Application ID

The application identified by the application identification feature.

Bytes

Throughput in bytes for sessions during the interval. AVT tracks both server-to-client and client-to-server bytes.

Packets

Number of packets for sessions during the interval. AVT tracks both server-to-client and client-to-server packets.

Table 2 lists documentation references for AVT log viewing tools.

Table 2: Application Volume Tracking Log Viewing Tools

AVT Log Viewing Tools

Documentation

NSM Profiler Viewer > Application Profiler tab (logs)

NSM Report (reports)

IDP Administration Guide

IDP Reporter

IDP Reporter User’s Guide

Juniper Networks Application Usage Manager

Juniper Networks Application Usage Manager Installation and User’s Guide

Note: To avoid issues with reports, we highly recommend that you synchronize the network clocks for all devices to the same NTP server. For example, the network clocks for all IDP appliances and NSM clients should be synchronized to the NTP server specified in the NSM configuration.

Published: 2010-01-12