Direct Firewall Log Forwarding
Using an external service to monitor the firewall enables you to receive alerts for important events, archived monitored information on systems with dedicated long-term storage, and integrate with third-party security monitoring tools.
Log storage on Palo Alto Networks firewalls is strictly allocated between different log and other storage types to ensure that no particular log is overrun by another. This allocation is user controlled.
Each storage area typically acts as circular logs in that, when filled, new entries will overwrite old ones. Space is cleared in blocks and messages added to the System log.
Before you can use Panorama or external systems to monitor the firewall, you must configure the firewall to forward its logs. Before forwarding to external services, the firewall automatically converts the logs to the necessary format: syslog messages, SNMP traps, or email notifications. Before you start this procedure, ensure that Panorama or the external server that will receive the log data already is set up.
External forwarding supports the following types of destinations:
1. SNMP traps
2. Syslog
3. Email
4. Panorama
All types (other than Panorama) support customization of the message format. A typical destination configuration follows:
Any log event redirection causes a copy of the log event to be forwarded as specified. It is logged on the firewall as usual.
There are two main methods to forward log events, depending on the log message type. Log events destined for the System, Config, and HIP Match log are redirected using Device > Log Settings to choose event destination for specific event types.
Event normally written to the Traffic, Threat, and WildFire Submission logs are routed via a Log Forwarding profile.
Log forwarding profiles are attached to individual firewall Security policies to enable forwarding of the events associated with the processing of the specific policy. This granularity allows administrators specific control of forwarding and the potential of different forwarding for policies of differing importance. All forwarded events are delivered as they are generated on the firewall.
A complete discussion of log forwarding configuration can be found on this link.
I've changed my Palto Alto firewall lab and used a router with eBGP running between the two WAN devices.
ISP1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ISP1(config)#interface fastethernet0/0
ISP1(config-if)#ip address 172.31.104.1 255.255.255.248
ISP1(config-if)#exit
ISP1(config)#ip route 0.0.0.0 0.0.0.0 f0/0
%Default route without gateway, if not a point-to-point interface, may impact performance // USE ONLY IN A LAB
ISP1(config)#router ?
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
lisp Locator/ID Separation Protocol
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
ISP1(config)#router bgp ?
<1-4294967295> Autonomous system number
<1.0-XX.YY> Autonomous system number
ISP1(config)#router bgp 101
ISP1(config-router)#?
Router configuration commands:
address-family Enter Address Family command mode
aggregate-address Configure BGP aggregate entries
auto-summary Enable automatic network number summarization
bgp BGP specific commands
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter networks in routing updates
exit Exit from routing protocol configuration mode
help Description of the interactive help system
maximum-paths Forward packets over multiple paths
neighbor Specify a neighbor router
network Specify a network to announce via BGP
no Negate a command or set its defaults
redistribute Redistribute information from another routing protocol
scope Enter scope command mode
snmp Modify snmp parameters
synchronization Perform IGP synchronization
table-map Map external entry attributes into routing table
template Enter template command mode
timers Adjust routing timers
ISP1(config-router)#neighbor ?
A.B.C.D Neighbor address
WORD Neighbor tag
X:X:X:X::X Neighbor IPv6 address
ISP1(config-router)#neighbor 172.31.104.2 ?
activate Enable the Address Family for this Neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
allowas-in Accept as-path with my AS present in it
capability Advertise capability to the peer
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check one-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected
networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
ha-mode high availability mode
inherit Inherit a template
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate next hop unchanged for iBGP paths to this
neighbor
password Set a password
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor
shutdown Administratively shut down this neighbor
slow-peer Configure slow-peer
soft-reconfiguration Per neighbor soft reconfiguration
soo Site-of-Origin extended community
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress suppressed
routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor
ISP1(config-router)#neighbor 172.31.104.2 remote-as ?
<1-4294967295> AS of remote neighbor
<1.0-XX.YY> AS of remote neighbor
ISP1(config-router)#neighbor 172.31.104.2 remote-as 400
The BGP neighbor remained remained Active (not good in BGP) since BGP isn't configured yet on the PAN firewall.
ISP1#show ip bgp summary
BGP router identifier 172.31.104.1, local AS number 101
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.31.104.2 4 400 0 0 1 0 0 never Active
ISP1#show ip bgp neighbors
BGP neighbor is 172.31.104.2, remote AS 400, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active // SHOULD SEE ESTABLISHED STATE
Neighbor sessions:
0 active, is not multisession capable (disabled)
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 0 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Total: 0 0
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 0, Advertise bit 0
Slow-peer detection is disabled
Slow-peer split-update-group dynamic is disabled
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0
Last detected as dynamic slow peer: never
Dynamic slow peer recovered: never
Address tracking is enabled, the RIB does have a route to 172.31.104.2
Connections established 0; dropped 0
Last reset never
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
No active TCP connection
ISP1#ping 172.31.104.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.104.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
A BGP adjacency was established in ISP1 router after BGP changes were made on the PAN firewall.
ISP1#
*Mar 25 01:22:28.603: %BGP-5-ADJCHANGE: neighbor 172.31.104.2 Up
ISP1#ping 172.31.104.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.104.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ISP1#show ip bgp summary
BGP router identifier 172.31.104.1, local AS number 101
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.31.104.2 4 400 14 14 1 0 0 00:05:06
ISP1#show ip bgp neighbors 172.31.104.2
BGP neighbor is 172.31.104.2, remote AS 400, external link
BGP version 4, remote router ID 172.31.104.2
BGP state = Established, up for 00:04:45
Last read 00:00:21, last write 00:00:04, hold time is 90, keepalive interval is 30 seconds
Neighbor sessions:
1 active, is not multisession capable (disabled)
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised
Address family IPv4 Unicast: advertised and received
Graceful Restart Capability: received
Remote Restart timer is 120 seconds
Address families advertised by peer:
IPv4 Unicast (was not preserved)
Multisession Capability:
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 1 1
Keepalives: 12 11
Route Refresh: 0 0
Total: 14 13
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Session: 172.31.104.2
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 3, Advertise bit 0
3 update-group member
NEXT_HOP is always this router
Slow-peer detection is disabled
Slow-peer split-update-group dynamic is disabled
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0
Last detected as dynamic slow peer: never
Dynamic slow peer recovered: never
Address tracking is enabled, the RIB does have a route to 172.31.104.2
Connections established 2; dropped 1
Last reset 00:04:45, due to User reset of session 1
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 172.31.104.1, Local port: 27134
Foreign host: 172.31.104.2, Foreign port: 179
Connection tableid (VRF): 0
Maximum output segment queue size: 50
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x541904):
Timer Starts Wakeups Next
Retrans 13 0 0x0
TimeWait 0 0 0x0
AckHold 13 11 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 1 0 0x58E5A4
DeadWait 0 0 0x0
Linger 0 0 0x0
ProcessQ 0 0 0x0
iss: 2246268819 snduna: 2246269124 sndnxt: 2246269124
irs: 1915778115 rcvnxt: 1915778397
sndwnd: 5840 scale: 0 maxrcvwnd: 16384
rcvwnd: 16103 scale: 0 delrcvwnd: 281
SRTT: 824 ms, RTTO: 2094 ms, RTV: 1270 ms, KRTT: 0 ms
minRTT: 0 ms, maxRTT: 1000 ms, ACK hold: 200 ms
Status Flags: active open
Option Flags: nagle, path mtu capable
IP Precedence value : 6
Datagrams (max data segment is 1460 bytes):
Rcvd: 25 (out of order: 0), with data: 13, total data bytes: 281
Sent: 28 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 14, total data bytes: 304
Packets received in fast path: 0, fast processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path: 0
Using an external service to monitor the firewall enables you to receive alerts for important events, archived monitored information on systems with dedicated long-term storage, and integrate with third-party security monitoring tools.
Log storage on Palo Alto Networks firewalls is strictly allocated between different log and other storage types to ensure that no particular log is overrun by another. This allocation is user controlled.
Each storage area typically acts as circular logs in that, when filled, new entries will overwrite old ones. Space is cleared in blocks and messages added to the System log.
Before you can use Panorama or external systems to monitor the firewall, you must configure the firewall to forward its logs. Before forwarding to external services, the firewall automatically converts the logs to the necessary format: syslog messages, SNMP traps, or email notifications. Before you start this procedure, ensure that Panorama or the external server that will receive the log data already is set up.
External forwarding supports the following types of destinations:
1. SNMP traps
2. Syslog
3. Email
4. Panorama
All types (other than Panorama) support customization of the message format. A typical destination configuration follows:
Any log event redirection causes a copy of the log event to be forwarded as specified. It is logged on the firewall as usual.
There are two main methods to forward log events, depending on the log message type. Log events destined for the System, Config, and HIP Match log are redirected using Device > Log Settings to choose event destination for specific event types.
Event normally written to the Traffic, Threat, and WildFire Submission logs are routed via a Log Forwarding profile.
Log forwarding profiles are attached to individual firewall Security policies to enable forwarding of the events associated with the processing of the specific policy. This granularity allows administrators specific control of forwarding and the potential of different forwarding for policies of differing importance. All forwarded events are delivered as they are generated on the firewall.
A complete discussion of log forwarding configuration can be found on this link.
I've changed my Palto Alto firewall lab and used a router with eBGP running between the two WAN devices.
ISP1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ISP1(config)#interface fastethernet0/0
ISP1(config-if)#ip address 172.31.104.1 255.255.255.248
ISP1(config-if)#exit
ISP1(config)#ip route 0.0.0.0 0.0.0.0 f0/0
%Default route without gateway, if not a point-to-point interface, may impact performance // USE ONLY IN A LAB
ISP1(config)#router ?
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
lisp Locator/ID Separation Protocol
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
ISP1(config)#router bgp ?
<1-4294967295> Autonomous system number
<1.0-XX.YY> Autonomous system number
ISP1(config)#router bgp 101
ISP1(config-router)#?
Router configuration commands:
address-family Enter Address Family command mode
aggregate-address Configure BGP aggregate entries
auto-summary Enable automatic network number summarization
bgp BGP specific commands
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter networks in routing updates
exit Exit from routing protocol configuration mode
help Description of the interactive help system
maximum-paths Forward packets over multiple paths
neighbor Specify a neighbor router
network Specify a network to announce via BGP
no Negate a command or set its defaults
redistribute Redistribute information from another routing protocol
scope Enter scope command mode
snmp Modify snmp parameters
synchronization Perform IGP synchronization
table-map Map external entry attributes into routing table
template Enter template command mode
timers Adjust routing timers
ISP1(config-router)#neighbor ?
A.B.C.D Neighbor address
WORD Neighbor tag
X:X:X:X::X Neighbor IPv6 address
ISP1(config-router)#neighbor 172.31.104.2 ?
activate Enable the Address Family for this Neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
allowas-in Accept as-path with my AS present in it
capability Advertise capability to the peer
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check one-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected
networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
ha-mode high availability mode
inherit Inherit a template
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate next hop unchanged for iBGP paths to this
neighbor
password Set a password
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor
shutdown Administratively shut down this neighbor
slow-peer Configure slow-peer
soft-reconfiguration Per neighbor soft reconfiguration
soo Site-of-Origin extended community
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress suppressed
routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor
ISP1(config-router)#neighbor 172.31.104.2 remote-as ?
<1-4294967295> AS of remote neighbor
<1.0-XX.YY> AS of remote neighbor
ISP1(config-router)#neighbor 172.31.104.2 remote-as 400
The BGP neighbor remained remained Active (not good in BGP) since BGP isn't configured yet on the PAN firewall.
ISP1#show ip bgp summary
BGP router identifier 172.31.104.1, local AS number 101
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.31.104.2 4 400 0 0 1 0 0 never Active
ISP1#show ip bgp neighbors
BGP neighbor is 172.31.104.2, remote AS 400, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active // SHOULD SEE ESTABLISHED STATE
Neighbor sessions:
0 active, is not multisession capable (disabled)
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 0 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Total: 0 0
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 0, Advertise bit 0
Slow-peer detection is disabled
Slow-peer split-update-group dynamic is disabled
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0
Last detected as dynamic slow peer: never
Dynamic slow peer recovered: never
Address tracking is enabled, the RIB does have a route to 172.31.104.2
Connections established 0; dropped 0
Last reset never
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
No active TCP connection
ISP1#ping 172.31.104.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.104.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Configure the PAN firewall ethernet1/1 to match the BGP network topology
under Network > Interfaces > click
ethernet1/1.
To configure BGP on the PAN firewall, go to Network >
Virtual Routers > click on the custom Virtual Router (LAB-VR).
Go to BGP tab on the left-hand side.
Tick Enable > type 172.31.104.2
(ethernet1/1 WAN IP address) under Router ID > type 400 under AS Number >
uncheck Reject Default Route > tick Install Route.
Leave the default settings under Advanced tab.
Go to Peer Group tab
> click Add.
Type a Name of the BGP
Peer Group (LAB-PEER) > tick Soft Reset with Stored Info (to dynamically update
the BGP routing table when Peer made routing changes on their network) > leave
the default Type of EBGP (since PAN firewall and ISP1 are in different AS) >
click Add under Peer.
Type a Name of the
Peer (ISP1) > leave the default of Enable > type 101 under Peer AS (remote
AS Number) > choose ethernet1.1 under Local Address Interface > choose
the IP address 172.31.104.2/29 on the drop-down option > type 172.31.104.1
under Peer Address IP > leave the other fields in default > click OK.
Click OK twice >
click Commit to apply the changes.
Notice there’s a Peer Count: 1 under BGP column after changes were Committed.
A BGP adjacency was established in ISP1 router after BGP changes were made on the PAN firewall.
*Mar 25 01:22:28.603: %BGP-5-ADJCHANGE: neighbor 172.31.104.2 Up
ISP1#ping 172.31.104.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.104.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ISP1#show ip bgp summary
BGP router identifier 172.31.104.1, local AS number 101
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.31.104.2 4 400 14 14 1 0 0 00:05:06
ISP1#show ip bgp neighbors 172.31.104.2
BGP neighbor is 172.31.104.2, remote AS 400, external link
BGP version 4, remote router ID 172.31.104.2
BGP state = Established, up for 00:04:45
Last read 00:00:21, last write 00:00:04, hold time is 90, keepalive interval is 30 seconds
Neighbor sessions:
1 active, is not multisession capable (disabled)
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised
Address family IPv4 Unicast: advertised and received
Graceful Restart Capability: received
Remote Restart timer is 120 seconds
Address families advertised by peer:
IPv4 Unicast (was not preserved)
Multisession Capability:
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 1 1
Keepalives: 12 11
Route Refresh: 0 0
Total: 14 13
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Session: 172.31.104.2
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 3, Advertise bit 0
3 update-group member
NEXT_HOP is always this router
Slow-peer detection is disabled
Slow-peer split-update-group dynamic is disabled
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0
Last detected as dynamic slow peer: never
Dynamic slow peer recovered: never
Address tracking is enabled, the RIB does have a route to 172.31.104.2
Connections established 2; dropped 1
Last reset 00:04:45, due to User reset of session 1
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 172.31.104.1, Local port: 27134
Foreign host: 172.31.104.2, Foreign port: 179
Connection tableid (VRF): 0
Maximum output segment queue size: 50
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x541904):
Timer Starts Wakeups Next
Retrans 13 0 0x0
TimeWait 0 0 0x0
AckHold 13 11 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 1 0 0x58E5A4
DeadWait 0 0 0x0
Linger 0 0 0x0
ProcessQ 0 0 0x0
iss: 2246268819 snduna: 2246269124 sndnxt: 2246269124
irs: 1915778115 rcvnxt: 1915778397
sndwnd: 5840 scale: 0 maxrcvwnd: 16384
rcvwnd: 16103 scale: 0 delrcvwnd: 281
SRTT: 824 ms, RTTO: 2094 ms, RTV: 1270 ms, KRTT: 0 ms
minRTT: 0 ms, maxRTT: 1000 ms, ACK hold: 200 ms
Status Flags: active open
Option Flags: nagle, path mtu capable
IP Precedence value : 6
Datagrams (max data segment is 1460 bytes):
Rcvd: 25 (out of order: 0), with data: 13, total data bytes: 281
Sent: 28 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 14, total data bytes: 304
Packets received in fast path: 0, fast processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path: 0
