Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).attribute attribute { [ format { MM/DD/YY-HH:MM:SS | MM/DD/YYYY-HH:MM:SS | YYYY/MM/DD-HH:MM:SS | YYYYMMDDHHMMSS | seconds } ] [ localtime ] | [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] priority priority }
no attribute attribute [ { ip | tcp } { bytes | pkts } { downlink | uplink } ] [ priority priority ]
attribute must be one of the following:
|
|||||||
|
This attribute reports the total charge volume excluding bytes/packets dropped/retransmitted by ECS.
This behavior can be changed by configuring to allow dropped/retransmitted bytes/packets to be included in the net volume. See the edr sn-charge-volume command in the ACS Rulebase Configuration Mode Commands chapter.
|
|||||||
|
|||||||
|
sn-start-time and sn-end-time fields of flow end-condition EDRs cannot be used to determine the duration of the flow if intermediate EDRs are generated (rule-match or transaction-complete or any other intermediate EDR).
sn-start-time field in an EDR gives the time the first packet was received after the last EDR was generated. So, whenever an EDR is generated, this field is reset to the time the EDR gets generated. So the sn-start-time field in flow end-condition EDRs may not have the time of the first packet received on that flow. It will have the time at which the last EDR was generated or the first packet time if no EDR was generated for that flow.
sn-end-time field gives the time at which the last packet on the flow was received. Flow end-condition EDRs may not be generated immediately after receiving the last packet. For example, in case of session-end or timeout EDRs, last packet time and EDR generation time may be different.
sn-flow-start-time gives the time of the first packet of the flow (irrespective of whether intermediate EDRs were generated), and sn-flow-end-time gives the time when EDRs are generated at hagr, session-end, timeout or normal-end-signaling conditions. The values of these fields will be populated in EDRs only for hagr, session-end, timeout and normal-end-signaling EDRs.
|
|||||||
|
Also see, sn-flow-end-time.
|
|||||||
|
An integer value like in sn-app-protocol; for RTCP/RTP flows, the parent protocol may be RTSP or SIP; for GRE flows, the parent protocol will be PPTP, and so on.
|
|||||||
|
This attribute reports the unique sequence number (per sn-sequence-group and radius-nas-ip-address) of EDR identifier and linearly increasing in EDR file.
|
|||||||
|
This attribute reports the IP volume amount of downlink/uplink bytes of an RTSP flow and the RTP flows controlled by it, or Comma Separated Value (CSV) position priority of this field. If uplink or downlink is not specified it shows the total of both.
|
|||||||
priority priority
priority must be an integer from 1 through 65535. Up to 50 position priorities (across all attribute, event-label, and rule-variable) can be configured.
A particular field in EDR format can be entered multiple times at different priorities. While removing the EDR field using the no attribute command either you can remove all occurrences of a particular field by specifying the field name or a single occurrence by additionally specifying the optional priority keyword.
event_label must be an alphanumeric string of 1 through 63 characters.
priority priority
priority must be an integer from 1 through 65535.
rule_variable must be one of the following options:
|
•
|
bearer 3gpp: 3GPP bearer-related fields:
|
|
•
|
charging-id: Charging ID of the bearer flow
|
|
•
|
imei: IMEI or IMEISV (depending on the case) associated with the bearer flow. Only available in StarOS 8.1 and later releases.
|
|
•
|
imsi: Specific Mobile Station Identification number.
|
|
•
|
rat-type: RAT type associated with the bearer flow. Only available in StarOS 8.1 and later releases.
|
|
•
|
sgsn-address: SGSN associated with the bearer flow. Only available in StarOS 8.1 and later releases. For MIPv6 calls, sgsn-address field is populated with HSGW address.
|
|
•
|
user-location-information: User location information associated with the bearer flow. Only available in StarOS 8.1 and later releases.
|
|
•
|
bearer 3gpp2: 3GPP2 bearer-related fields:
|
|
•
|
always-on: 3GPP2 always on indicator
|
|
•
|
bsid: 3GPP2 BSID
|
|
•
|
esn: 3GPP2 ESN
|
|
•
|
ip-qos: 3GPP2 IP QoS
|
|
•
|
ip-technology: 3GPP2 IP technology
|
|
•
|
release-indicator: 3GPP2 release indicator
|
|
•
|
service-option: 3GPP2 service option
|
|
•
|
session-begin: 3GPP2 session begin indicator
|
|
•
|
session-continue: 3GPP2 session continue indicator
|
|
•
|
bearer ggsn-address: GGSN IP address field. For MIPv6 calls, ggsn-address field in EDR will be populated with PGW address.
|
|
•
|
dns: Domain Name System (DNS) related fields:
|
|
•
|
answer-name: DNS answer name. This depends upon query type.
|
|
•
|
previous-state: DNS previous state information
|
|
•
|
query-name: DNS query name
|
|
•
|
return-code: DNS query response code
|
|
•
|
state: DNS current state information
|
|
•
|
tid: DNS Transaction Identifier
|
|
•
|
file-transfer: File Transfer related fields:
|
|
•
|
chunk-number: Number of chunks
|
|
•
|
current-chunk-length: Length of current chunk
|
|
•
|
declared-chunk-length: Declared size of the chunk
|
|
•
|
declared-file-size: Declared size of the file
|
|
•
|
filename: Name of the file being transferred
|
|
•
|
previous-state: Previous state of session
|
|
•
|
state: Current state of session
|
|
•
|
transferred-file-size: Transferred size of the file
|
|
•
|
flow:Flow related fields:
|
|
•
|
tethered: Tethering detected on flow. Enables/disables tethering detection result field in EDRs sent to MUR.
|
|
•
|
ftp: File Transfer Protocol (FTP) related fields:
|
|
•
|
command name: Command sent
|
|
•
|
filename: File name being transferred in any of the FTP-related FTP command
|
|
•
|
pdu-length: FTP PDU length
|
|
•
|
|
•
|
previous-state: Previous state of FTP session
|
|
•
|
session-length: Total length of FTP session
|
|
•
|
state: Current state of FTP session
|
|
•
|
url: URL of file
|
|
•
|
user: User identifier
|
|
•
|
http: Hypertext Transport Protocol (HTTP) related fields:
|
|
•
|
ad-delivered: advertisement delivered using TPO text-with-click
|
|
•
|
ad-replaced: advertisement replaced with TPO 0-byte response
|
|
•
|
attribute-in-data: dynamic header field in application payload
|
|
•
|
attribute-in-url: dynamic header field in URL
|
|
•
|
compression-bytes-in: TPO compression bytes in
|
|
•
|
compression-bytes-out: TPO compression bytes out
|
|
•
|
|
•
|
dns-resolution-locally: TPO DNS resolution done locally
|
|
•
|
dns-resolution-remotely: TPO DNS resolution done remotely
|
|
•
|
header-length: HTTP header length
|
|
•
|
|
•
|
payload-length: Payload length
|
|
•
|
previous-state: Previous state of session
|
|
•
|
|
•
|
reply code: HTTP response
|
|
•
|
request method: HTTP request method
|
|
•
|
session-length: Total length of HTTP session
|
|
•
|
state: Current state of session
|
|
•
|
tpo-enabled: TPO enabled/disabled for HTTP
|
|
•
|
transaction-length: Total length of HTTP transaction
|
|
•
|
transfer-encoding: Transfer encoding
|
|
•
|
uri: Uniform Resource Identifier
|
|
•
|
url: Uniform Resource Locator
|
|
•
|
|
•
|
x-header: extension header
|
|
•
|
icmp: Internet Control Message Protocol (ICMP) related fields:
|
|
•
|
code: ICMP code
|
|
•
|
type: ICMP type
|
|
•
|
icmpv6: Internet Control Message Protocol Version 6 (ICMPv6) related fields:
|
|
•
|
code: ICMPv6 code
|
|
•
|
type: ICMPv6 type
|
|
•
|
imap: Internet Message Access Protocol (IMAP) related fields:
|
|
•
|
cc: IMAP e-mail CC field
|
|
•
|
command: IMAP command
|
|
•
|
|
•
|
date: IMAP e-mail Date field
|
|
•
|
final-reply: IMAP final reply
|
|
•
|
from: IMAP e-mail From field
|
|
•
|
mail-size: IMAP size of e-mail in RFC822 format
|
|
•
|
mailbox-size: IMAP number of e-mails in the mailbox
|
|
•
|
message-type: IMAP message type
|
|
•
|
previous-state: IMAP session previous state
|
|
•
|
session-length: IMAP session length
|
|
•
|
session-previous-state: IMAP session previous state
|
|
•
|
session-state: IMAP session state
|
|
•
|
state: IMAP state
|
|
•
|
subject: IMAP e-mail Subject field
|
|
•
|
to: IMAP e-mail To field
|
|
•
|
ip: Internet Protocol (IP) related fields:
|
|
•
|
dst-address: destination IP address
|
|
•
|
protocol: Protocol being transported by IP packet
|
|
•
|
server-ip-address: IP address of server. This field in EDR contains either the IPv4 or IPv6 address of the server for a particular flow (flow level). The maximum length of this field is 48 characters. For an IPv6 address, the maximum length is 45 characters; for an IPv4 address, the maximum length is 15 characters.
|
|
•
|
src-address: Source IP address
|
|
•
|
subscriber-ip-address: IP address of subscriber. This field in EDR contains either the IPv4 or IPv6 address of the client/subscriber for a particular call (subscriber level). The value of this field does not change for a particular call. The maximum length of this field is 48 characters. For an IPv6 address, the maximum length is 45 characters. For an IPv4 address, the maximum length is 15 characters.
|
|
•
|
total-length: Total length of packet, including payload
|
|
•
|
version: IP version
|
|
•
|
mms: Multimedia Message Service (MMS) related fields:
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
p2p protocol: Peer-to-peer protocol field.
|
|
•
|
pop3: Post Office Protocol version 3 (POP3) related fields:
|
|
•
|
command name: Command of POP3 session
|
|
•
|
mail-size: Mail size
|
|
•
|
pdu-length: Length of POP3 PDU
|
|
•
|
pdu-type: Type of packet
|
|
•
|
previous-state: Previous state of POP3 session
|
|
•
|
reply status: Reply for the POP3 command
|
|
•
|
session-length: Total length of POP3 session
|
|
•
|
state: Current state of POP3 session
|
|
•
|
user-name: User of POP3 session
|
|
•
|
rtcp: RTP Control Protocol (RTCP) related fields:
|
|
•
|
control-session-flow-id: Flow ID of the controlling RTSP/SIP session
|
|
•
|
jitter: RTCP interarrival jitter
|
|
•
|
rtsp-id: RTSP ID of the RTCP flow
|
|
•
|
uri: URI of the control protocol related to the RTCP flow
|
|
•
|
rtp: Real-time Transfer Protocol (RTP) related fields:
|
|
•
|
control-session-flow-id: Flow ID of the controlling RTSP/SIP session
|
|
•
|
pdu-length: Length of RTP PDU
|
|
•
|
rtsp-id: RTSP ID of the flow
|
|
•
|
session-length: Total length of RTP session
|
|
•
|
uri: URI of the control protocol related to the RTP flow
|
|
•
|
rtsp: Real Time Streaming Protocol (RTSP) related fields:
|
|
•
|
command-id: RTSP command ID
|
|
•
|
date: RTSP Date field
|
|
•
|
previous-state: RTSP previous state
|
|
•
|
request method 1: play method
|
|
•
|
request method 2: setup method
|
|
•
|
request method 3: pause method
|
|
•
|
request method 4: record method
|
|
•
|
request method 5: options method
|
|
•
|
request method 6: redirect method
|
|
•
|
request method 7: describe method
|
|
•
|
request method 8: announce method
|
|
•
|
request method 9: teardown method
|
|
•
|
request method 10: get-parameter method
|
|
•
|
request method 11: set-parameter method
|
|
•
|
rtp-uri: RTSP RTP-Info stream-uri field
|
|
•
|
session-id: RTSP session-id field
|
|
•
|
session-length: Total number of bytes passed through the RTSP data session
|
|
•
|
state: RTSP state
|
|
•
|
uri: RTSP uri field
|
|
•
|
user-agent: RTSP user-agent field
|
|
•
|
sdp: Session Description Protocol (SDP) related fields:
|
|
•
|
connection-ip-address: IP address in SDP connection field
|
|
•
|
media-audio-port: Port used for audio media
|
|
•
|
media-video-port: Port used for video media
|
|
•
|
secure-http: HTTPS related field.
|
|
•
|
sip: Session Initiation Protocol (SIP) related fields:
|
|
•
|
call-id: SIP call-id field
|
|
•
|
from: SIP From field
|
|
•
|
previous-state: SIP previous state
|
|
•
|
state: SIP state
|
|
•
|
to: SIP To field
|
|
•
|
uri: SIP URI field
|
|
•
|
smtp: Simple Mail Transfer Protocol (SMTP) related fields:
|
|
•
|
command name: Command of SMTP session
|
|
•
|
mail-size: Size of given mail
|
|
•
|
pdu-length: Length of SMTP PDU
|
|
•
|
previous-state: Previous state of SMTP session
|
|
•
|
recipient: SMTP e-mail Recipient field
|
|
•
|
reply status: Response for the SMTP command
|
|
•
|
sender: SMTP e-mail Sender field
|
|
•
|
session-length: Total length of SMTP session
|
|
•
|
state: Current state of SMTP session
|
|
•
|
tcp: Transmission Control Protocol (TCP) related fields:
|
|
•
|
dst-port: TCP destination port
|
|
•
|
duplicate: TCP retransmitted/duplicate packet
|
|
•
|
flag: Current packet TCP flag
|
|
•
|
os-signature: OS signature string for TCP flow. Enables/disables OS Signature field in EDRs sent to MUR.
|
|
•
|
out-of-order: TCP out of order packet analyzed
|
|
•
|
payload-length: TCP payload length
|
|
•
|
previous-state: Previous state of MS
|
|
•
|
src-port: TCP source port
|
|
•
|
state: Current state of MS
|
|
•
|
tpo-enabled: TPO enabled/disabled for TCP
|
|
•
|
traffic-type: Traffic type of flow (voice or non-voice depending upon flow type).
|
|
•
|
udp: User Datagram Protocol (UDP) related fields:
|
|
•
|
dst-port: UDP destination port
|
|
•
|
src-port: UDP source port
|
|
•
|
voip-duration: Duration of voice call, in seconds. For a flow in which voice call end is detected, output will be a non-zero value. For other flows it will be zero.
|
|
•
|
wsp: Wireless Session Protocol (WSP) related fields:
|
|
•
|
domain: WSP domain name
|
|
•
|
host: WSP host name
|
|
•
|
pdu-length: WSP PDU length
|
|
•
|
pdu-type: WSP PDU type
|
|
•
|
session-length: WSP total packet length
|
|
•
|
tid: WSP transaction identifier
|
|
•
|
total-length: WSP total packet length
|
|
•
|
url: WSP URL
|
|
•
|
user-agent: WSP user agent
|
|
•
|
wtp: Wireless Transaction Protocol (WTP) related fields:
|
|
•
|
gtr: Group Transmission Flag
|
|
•
|
pdu-length: PDU length of the WTP packet
|
|
•
|
pdu-type: WTP protocol data unit information
|
|
•
|
previous-state: WTP previous state information
|
|
•
|
state: WTP current state information
|
|
•
|
tid: WTP transaction identifier
|
|
•
|
transaction class: WTP transaction class
|
|
•
|
ttr: WTP Trailer Transmission flag
|
Important: For more information on protocol-based rules, see the ACS Ruledef Configuration Mode Commands chapter.priority priority
priority must be an integer from 1 through 65535.
Important: In this release, this keyword is only valid for the MMS protocol to and subject fields. rule-variable mms to priority priority [in-quotes] rule-variable mms subject priority priority [in-quotes]A particular field in an EDR format can be entered multiple times with different priorities. While removing the EDR field using the no rule-variable command you can remove all occurrences of a particular field by specifying the field name or a single occurrence by additionally specifying the optional priority keyword.
