Difference between revisions of "Flow Record Fields"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
m (Niall moved page Reference/flowfields to Flow Record Fields without leaving a redirect)
Line 1: Line 1:
customerid integer //Used to store the traffic group source identifier
+
customerid integer Used to store the traffic group source identifier
device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records
+
device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records
engineid integer //Used to store the traffic group destination identifier
+
engineid integer //Used to store the traffic group destination identifier
srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record
+
srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record
dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record
+
dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record
nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record
+
nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record
inif integer //SNMP ifindex of the input interface that seen the traffic for this flow
+
inif integer //SNMP ifindex of the input interface that seen the traffic for this flow
outif integer //SNMP ifindex of the output interface that seen the traffic for this flow
+
outif integer //SNMP ifindex of the output interface that seen the traffic for this flow
pkts bigint //Number of packets transmitted in this flow
+
pkts bigint //Number of packets transmitted in this flow
bytes bigint //Number of octets/bytes transmitted in this flow
+
bytes bigint //Number of octets/bytes transmitted in this flow
firstseen bigint //Millisecond timestamp of when this flow started
+
firstseen bigint //Millisecond timestamp of when this flow started
duration bigint //Millisecond duration of this flow
+
duration bigint //Millisecond duration of this flow
srcport integer //Source port number for traffic in this flow record
+
srcport integer //Source port number for traffic in this flow record
dstport integer //Destination port number for traffic in this flow record
+
dstport integer //Destination port number for traffic in this flow record
flags integer //TCP Flags as an Integer value
+
flags integer //TCP Flags as an Integer value
proto integer //IP Protocol number for this flow record
+
proto integer //IP Protocol number for this flow record
tos integer //IP TOS/COS value for this flow record
+
tos integer //IP TOS/COS value for this flow record
appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
+
appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
srcas integer //Source AS number used for this flow
+
srcas integer //Source AS number used for this flow
dstas integer //Destination AS number used for this flow
+
dstas integer //Destination AS number used for this flow
userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
+
userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
+
userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources
+
srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources
dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources
+
dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources
postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
+
postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
 
  spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope
 
  spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope
 
  url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
 
  url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
 
  fwextcode integer //Additional field used to identify traffic (from Cisco NSEL)
 
  fwextcode integer //Additional field used to identify traffic (from Cisco NSEL)
 
  fwevent integer //Additional field used to identify events(from Cisco NSEL)
 
  fwevent integer //Additional field used to identify events(from Cisco NSEL)

Revision as of 12:15, 22 November 2018

customerid integer Used to store the traffic group source identifier device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records engineid integer //Used to store the traffic group destination identifier srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record inif integer //SNMP ifindex of the input interface that seen the traffic for this flow outif integer //SNMP ifindex of the output interface that seen the traffic for this flow pkts bigint //Number of packets transmitted in this flow bytes bigint //Number of octets/bytes transmitted in this flow firstseen bigint //Millisecond timestamp of when this flow started duration bigint //Millisecond duration of this flow srcport integer //Source port number for traffic in this flow record dstport integer //Destination port number for traffic in this flow record flags integer //TCP Flags as an Integer value proto integer //IP Protocol number for this flow record tos integer //IP TOS/COS value for this flow record appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number srcas integer //Source AS number used for this flow dstas integer //Destination AS number used for this flow userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)

spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope
url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
fwextcode integer //Additional field used to identify traffic (from Cisco NSEL)
fwevent integer //Additional field used to identify events(from Cisco NSEL)