What does the Number of Bytes in the Traffic Log represent?

What does the Number of Bytes in the Traffic Log represent?

8240
Created On 09/26/18 13:55 PM - Last Updated 02/07/19 23:39 PM


Resolution

Question:

What does the Number of Bytes in the Traffic Log represent?

 

Answer:

The byte count represents the total amount of bytes sent and received for the session payload, excluding Layer4, Layer3 and Layer2 overheads.

 

2016-04-13_log-bytes.pngView of the logs, look at the farthest right column with the byte count. Click to make larger.

Follow up Questions:

Q:

I have a lot of packets that have 0 bytes (in the Deny policy)... What does it mean? 

 

A:

If it lists "end" then the session is recorded After the session has been closed. And usually is accurate with the bytes count. If "start" is listed, then this is a log entry at session start, which has no traffic passed yet. Which could result in the byte count being 0.

2016-05-13_16-07-18.pngLog detail showing the session type. End indicating the logs are written after the session has ended.

owner: panagent

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm2LCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language