Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sensor statistics

From the CSPM Sensor Statistics window, there are several statistics categories whose definition elude me:

Number Of Src Objects:

Number Of Dst Objects:

Number Of Dual Objects:

Number Of Quad Objects:

If anyone has information on these counters, I'd appreciate knowing some more about them.

Any ideas on when they are meaningful?


Cisco Employee

Re: sensor statistics

These are primarily used for our internal developers.

They are counting the number fo each type of Object in memory.

Each signature is based off a kind of key.

For signatures with a single source address, but mutliple destination addresses then the key is the source address and a Src Object is created to analyze traffic for that signature. Example: Network Sweep

The opposite is trued for Dst Objects. Example: Flood

The Dual Objects is used by signatures which are basd on multiple connections between 2 machines. Example: Single Host Port Sweeps

The Quad Object is used when the signature is also based on connections to specific ports. Example: tftp download of the passwd file

There is also Stream Objects for signatures requiring TCP Streams for their analysis. Example: Most of the HTTP sigs.

These are not normally of concern to the user, until there is a problem and our engineering team requests the numbers. In general the higher the numbers, the more memory being consumed for storage of the Objects. Engineering uses these numbers to determine if customer problems may be related to memory.