Skip to main content
McAfee Enterprise MVISION Cloud

Using properties in rules to log performance information

You can insert performance logging properties into logging rules to let performance information be logged. For each type of performance information that is shown on the dashboard, a logging property is available.

For example, the dashboard shows the average time it takes to resolve host names by looking up names on a DNS server. The property Timer.ResolveHostNameViaDNS corresponds to this information. The value of the property is the time consumed for looking up a host name in a request that was processed on an appliance. The time is measured in milliseconds.

Other performance logging properties are Timer.HandleConnect ToServer for measuring the time needed to connect to external servers or Timer.TimeConsumedByRule Engine or the time the rule engine consumes for processing when a request is received on an appliance.

All properties that make dashboard performance information available for logging have the element Timer at the beginning of their names.

Measuring processing time for a transaction

The time that is measured and made available by a property for logging performance information shown on the dashboard is the time needed for a particular activity, for example, connecting to external servers, as long as processing for an individual request is continued throughout the relevant processing cycles.

Processing one individual request throughout the relevant cycles is considered one transaction.

It is not required for a transaction to include all three cycles (request, response, and embedded objects).

For example, if a user sends a request for a web page that falls into a blocked category, a block message is returned to this user, the request is not forwarded to the web server in question, and processing does not enter the response cycle.

Then the transaction includes only the request cycle, the response cycle is not relevant in this case.

Rule for logging performance information

An Access Log exists by default on an appliance with log files into which a log entry is written whenever a transaction has been completed for a request. This log is an appropriate device for recording performance information.

Writing log entries into the log files of the Access Log is performed by a logging rule. This rule uses one event to create a log file entry and another to write this entry into a log file.

Name
Write access.log
Criteria     Action     Events
Always –>    Continue – Set User-Defined.logLine = DateTime.ToWebReporterString
                        + “””
                        + ...
                        FileSystemLogging.WriteLogEntry (User-Defined.logLine)<Access Log Configuration>

A log entry is composed of several elements, each of which adds a particular piece of information, for example, the date and time when a request was received on the appliance. By adding an element providing performance information to the entry you can let this information be logged.

To log performance information, for example, on the processing time consumed by DNS lookups, you need to add the following two elements:

  • + Number.ToString (Timer.ResolveHostNameViaDNS)
  • + “””

Since the log entry is a string, the numerical value for the processing time must be converted to string format before it can be logged.

This is done by the Number.ToString property, which takes the Timer.ResolveHostNameViaDNS property as a parameter.

  • Was this article helpful?