Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Application Volume Tracking Overview

    The application volume tracking (AVT) feature uses application identification and the Profiler to collect application statistics aggregated at 15-minute and 1-hour intervals. The AVT database stores up to four sets of each interval at a time (four 15-minute intervals and four 1-hour intervals). After it has accumulated four intervals, it begins dropping the oldest interval as it collects a new one.

    The AVT process writes data files to the following directories:

    • /usr/idp/device/var/stat/1hour
    • /usr/idp/device/var/stat/15min

    The data is collected and parsed for reporting in NSM or IDP Reporter.

    Table 1 describes the columns of data in AVT records for each session.

    Table 1: Application Volume Tracking Data

    Data Field


    Session ID

    Unique ID for the session.

    Source IP address

    IP address for the host that initiated the session.

    Source port

    The port number for the source host.

    Destination IP address

    IP address for the destination server.

    Destination port

    The port number of the destination host.


    VLAN ID (if any).


    The IP protocol: TCP, UDP, or ICMP.

    Application ID

    The application identified by the application identification feature. Extended applications (also called nested applications) are reported separately from HTTP results. A 0 indicates the application was not identified.


    Throughput in bytes for sessions during the interval. AVT tracks both server-to-client and client-to-server bytes.


    Number of packets for sessions during the interval. AVT tracks both server-to-client and client-to-server packets.

    Table 2 lists documentation references for AVT log viewing tools.

    Table 2: Application Volume Tracking Log Viewing Tools

    AVT Log Viewing Tools


    NSM Profiler Viewer > Application Profiler tab (logs)

    NSM Report (reports)

    IDP Series Administration Guide

    IDP Reporter

    IDP Reporter User’s Guide

    Note: To avoid issues with reports, we highly recommend that you synchronize the network clocks for all devices to the same NTP server. For example, the network clocks for all IDP Series devices and NSM clients should be synchronized to the NTP server specified in the NSM configuration.

    Published: 2011-02-08