Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/filt <filter number>/report
Filter Report Menu
You can configure Alteon to send an event log based on the traffic handled by a specific filter or virtual service. Alteon sends the log through the data port to a group of syslog servers. Traffic event logs are sent in ArcSight Common Event Log (CEF) format.
A traffic event policy defines which events Alteon logs, and to which group of syslog servers Alteon sends the event log. You can associate a traffic event log policy to filters or virtual services.
Note: Traffic event logging impacts performance. To reduce the performance impact, use sampling and/or disable or limit the number of events per second per severity (Normal or Exception).
To view the application-oriented traffic events dashboard via Cyber Controller (or APSolute Vision 4.x), perform the following steps:
1. Set up Cyber Controller (or APSolute Vision 4.x) to receive Alteon traffic events as follows:
a. Install an ADC analytics license. Traffic event-related services will start a few minutes after installing the license.
b. Configure the interface to receive Alteon events using the “net ip set” command. The interface can be the Cyber Controller (or APSolute Vision 4.x) management port or a dedicated port, except G4 which should not be used for traffic events.
c. Define the traffic events listening port. Radware recommends using the default 5140 port as it already enabled by default.
To use a different listening port:
*Log in to the Cyber Controller (or APSolute Vision 4.x) command line interface as a root user.
*Open the /etc/td-agent/td-agent.conf and edit the line that indicates “port”. Only ports 1024-65535 are supported.
*Run the td-agent restart service.
*Open the listening port in the Cyber Controller (or APSolute Vision 4.x) firewall using the “net firewall open-port” command.
d. Verify that the relevant services are started. Make sure that the td-agent is running when invoking the “system vision-server status” command.
2. Set up Alteons to send traffic events. Perform the following for each Alteon device:
a. Make sure that you have a valid perform-subscription or secure-subscription license.
b. Globally enable the traffic event log at /cfg/slb/trevnt/on.
c. Configure remote logging at /cfg/slb/rlogging as follows:
*Set the syslog server IP address to the required Cyber Controller (or APSolute Vision 4.x) interfaces (Client NAT must be defined for this server).
*Use the TCP protocol (TLS is currently not supported).
*Set the syslog port to the listening port defined in Cyber Controller (or APSolute Vision 4.x).
d. Configure your traffic event policy at /cfg/slb/trevnt/trevpol as follows:
*Enable Unified Event. (Cyber Controller (or APSolute Vision 4.x)n supports only the Unified Event type.)
*Associate the remote logging to the traffic event policy.
*If required, adjust the number of events per second sent per each event severity to reduce the performance impact and/or DB capacity utilization.
You can use the request per second chart available in the Application dashboard to identify the average number of requests that this application handles.
Note that Cyber Controller (or APSolute Vision 4.x) accepts up to 1000 events per second in total from all the applications.
*Associate the traffic event policy to the required virtual services.
3. Make sure that the date and time are accurate in Alteon, Cyber Controller (or APSolute Vision 4.x), and your client PC.
 
[Filter Report Menu]
inspect - SSL Inspection reporting Menu
report - Set counter based reporting for this filter
trevpol - Set Traffic Event Log policy for the filter
cur - Display filter report configuration
 
Filter Report Menu Options (/cfg/slb/filt <filter number>/report) 
Command Syntax and Usage
inspect
 
Displays the Filter Inspect Report menu. To view this menu, see
report disable|enable
 
Specifies whether to include this filter in the counter-based reporting report.
Default: enable
trevpol [<Traffic Event Log Policy>|none]
 
Specifies the traffic event log policy for this filter.
You can configure Alteon to send a traffic related log event for traffic matching this filter. Alteon sends the log as a syslog message through the data port to a group of syslog servers over UDP.
A traffic event policy defines which events Alteon logs, and to which group of syslog servers Alteon sends the event log.
Note: Traffic event logging may impact performance.
For more information, see /cfg/slb/trevnt Traffic Event Log Menu.
cur
 
Displays the current filter report configuration.