Difference between revisions of "Event Record Fields"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
Line 1: Line 1:
{| class="wikitable" style="text-align: center; color: green;"
+
{| class="wikitable" style="text-align: left;"
|customerid  
+
|'''Record Field'''
 +
|'''Type''' 
 +
|'''Description'''
 +
|-
 +
|'''id'''
 +
|-
 +
|'''customerid'''
 
|integer  
 
|integer  
|Used to store the traffic group source identifier
+
|The traffic group source identifier
 
|-
 
|-
|device
+
|'''device'''
 
|numeric(39,0)
 
|numeric(39,0)
|Store the numeric IPV6 address of the device sending us the flowsyslog records
+
|The numeric IPV6 address of the device sending us the flowsyslog records
 
|-
 
|-
| engineid
+
|'''firstseen'''
| integer
+
| Used to store the traffic group destination identifier
+
|-
+
| srcadd
+
| numeric(39,0)
+
| Store the numeric IPV6 address of the source for the traffic in this record
+
|-
+
| dstadd
+
| numeric(39,0)
+
| Store the numeric IPV6 address of the destination for the traffic in this record
+
|-
+
| nexthop
+
| numeric(39,0)
+
| Store the numeric IPV6 address of the nexthop for the traffic in this record
+
|-
+
| inif
+
| integer
+
| SNMP ifindex of the input interface that seen the traffic for this flow
+
|-
+
| outif
+
| integer
+
| SNMP ifindex of the output interface that seen the traffic for this flow
+
|-
+
| pkts
+
 
| bigint
 
| bigint
| Number of packets transmitted in this flow
+
| Millisecond timestamp of when this flow started
 
|-
 
|-
| bytes
+
|'''eventtype'''
| bigint
+
| Number of octetsbytes transmitted in this flow
+
 
|-
 
|-
| firstseen
+
|'''eventsrctype'''
| bigint
+
| Millisecond timestamp of when this flow started
+
 
|-
 
|-
| duration
+
|'''eventsrc'''
| bigint
+
| Millisecond duration of this flow
+
 
|-
 
|-
| srcport
+
|'''message'''
| integer
+
| Source port number for traffic in this flow record
+
 
|-
 
|-
| dstport
+
|'''datatype'''
| integer
+
| Destination port number for traffic in this flow record
+
 
|-
 
|-
| flags
+
|'''data'''
| integer
+
| TCP Flags as an Integer value
+
 
|-
 
|-
| proto
+
|'''datasource'''
| integer
+
| IP Protocol number for this flow record
+
 
|-
 
|-
| tos
+
|'''confidence'''
| integer
+
| IP TOSCOS value for this flow record
+
 
|-
 
|-
| appid
+
|'''severity'''
| integer
+
| Flowsec assigned application id, out of this box this would be the lowest of srcdst port number
+
 
|-
 
|-
| srcas
+
|'''category'''
| integer
+
| Source AS number used for this flow
+
 
|-
 
|-
| dstas
+
|'''target'''
| integer
+
| Destination AS number used for this flow
+
 
|-
 
|-
| userid
+
|'''country_src'''
| text
+
| COLLATE pg_catalog."default" User ID for this flow, may be as sent or inferred from other sources
+
 
|-
 
|-
| userdomain
+
|'''division_src'''
| text
+
| COLLATE pg_catalog."default" User Domain for this flow, may be as sent or inferred from other sources
+
 
|-
 
|-
| srcmac
+
|'''latit_src'''
| bigint
+
| Source MAC address (java long value), either as supplied or inferred from other sources
+
|-
+
| dstmac
+
| bigint
+
| Destination MAC address (java long value), either as supplied or inferred from other sources
+
 
|-
 
|-
| postureid
+
|'''longd_src'''
| integer
+
| Marking to indicate this flow is of interest (due to blacklist or profiling problems)
+
 
|-
 
|-
| spare
+
|'''country_dst'''
| integer
+
| Used to store the first packet response value. -1=unset, -2=no response in scope
+
 
|-
 
|-
| url
+
|'''division_dst'''
| text
+
| COLLATE pg_catalog."default" Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
+
 
|-
 
|-
| fwextcode
+
|'''latit_dst'''
| integer
+
| Additional field used to identify traffic (from Cisco NSEL)
+
 
|-
 
|-
| fwevent
+
|'''longd_dst'''
| integer
+
| Additional field used to identify events(from Cisco NSEL)
+
 
|}
 
|}

Revision as of 14:10, 22 November 2018

Record Field Type Description
id
customerid integer The traffic group source identifier
device numeric(39,0) The numeric IPV6 address of the device sending us the flowsyslog records
firstseen bigint Millisecond timestamp of when this flow started
eventtype
eventsrctype
eventsrc
message
datatype
data
datasource
confidence
severity
category
target
country_src
division_src
latit_src
longd_src
country_dst
division_dst
latit_dst
longd_dst
Retrieved from "https://gigaflowsupport.viavisolutions.com/index.php?title=Event_Record_Fields&oldid=963"