Difference between revisions of "Flow Record Fields"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Kevin Wilkie (Talk | contribs) (Created page with "customerid integer //Used to store the traffic group source identifier device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records e...") |
Kevin Wilkie (Talk | contribs) |
||
Line 1: | Line 1: | ||
− | customerid integer //Used to store the traffic group source identifier | + | customerid integer //Used to store the traffic group source identifier |
− | device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records | + | device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records |
− | engineid integer //Used to store the traffic group destination identifier | + | engineid integer //Used to store the traffic group destination identifier |
− | srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record | + | srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record |
− | dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record | + | dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record |
− | nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record | + | nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record |
− | inif integer //SNMP ifindex of the input interface that seen the traffic for this flow | + | inif integer //SNMP ifindex of the input interface that seen the traffic for this flow |
− | outif integer //SNMP ifindex of the output interface that seen the traffic for this flow | + | outif integer //SNMP ifindex of the output interface that seen the traffic for this flow |
− | pkts bigint //Number of packets transmitted in this flow | + | pkts bigint //Number of packets transmitted in this flow |
− | bytes bigint //Number of octets/bytes transmitted in this flow | + | bytes bigint //Number of octets/bytes transmitted in this flow |
− | firstseen bigint //Millisecond timestamp of when this flow started | + | firstseen bigint //Millisecond timestamp of when this flow started |
− | duration bigint //Millisecond duration of this flow | + | duration bigint //Millisecond duration of this flow |
− | srcport integer //Source port number for traffic in this flow record | + | srcport integer //Source port number for traffic in this flow record |
− | dstport integer //Destination port number for traffic in this flow record | + | dstport integer //Destination port number for traffic in this flow record |
− | flags integer //TCP Flags as an Integer value | + | flags integer //TCP Flags as an Integer value |
− | proto integer //IP Protocol number for this flow record | + | proto integer //IP Protocol number for this flow record |
− | tos integer //IP TOS/COS value for this flow record | + | tos integer //IP TOS/COS value for this flow record |
− | appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number | + | appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number |
− | srcas integer //Source AS number used for this flow | + | srcas integer //Source AS number used for this flow |
− | dstas integer //Destination AS number used for this flow | + | dstas integer //Destination AS number used for this flow |
− | userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources | + | userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources |
− | userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources | + | userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources |
− | srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources | + | srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources |
− | dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources | + | dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources |
− | postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems) | + | postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems) |
− | spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope | + | spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope |
− | url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data | + | url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data |
− | fwextcode integer //Additional field used to identify traffic (from Cisco NSEL) | + | fwextcode integer //Additional field used to identify traffic (from Cisco NSEL) |
− | fwevent integer //Additional field used to identify events(from Cisco NSEL) | + | fwevent integer //Additional field used to identify events(from Cisco NSEL) |
Revision as of 10:44, 31 August 2018
customerid integer //Used to store the traffic group source identifier device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records engineid integer //Used to store the traffic group destination identifier srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record inif integer //SNMP ifindex of the input interface that seen the traffic for this flow outif integer //SNMP ifindex of the output interface that seen the traffic for this flow pkts bigint //Number of packets transmitted in this flow bytes bigint //Number of octets/bytes transmitted in this flow firstseen bigint //Millisecond timestamp of when this flow started duration bigint //Millisecond duration of this flow srcport integer //Source port number for traffic in this flow record dstport integer //Destination port number for traffic in this flow record flags integer //TCP Flags as an Integer value proto integer //IP Protocol number for this flow record tos integer //IP TOS/COS value for this flow record appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number srcas integer //Source AS number used for this flow dstas integer //Destination AS number used for this flow userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems) spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data fwextcode integer //Additional field used to identify traffic (from Cisco NSEL) fwevent integer //Additional field used to identify events(from Cisco NSEL)