Difference between revisions of "Flow Record Fields"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Line 1: | Line 1: | ||
− | # customerid integer Used to store the traffic group source identifier | + | # '''customerid''' integer Used to store the traffic group source identifier |
− | # device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records | + | # '''device''' numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records |
− | # engineid integer //Used to store the traffic group destination identifier | + | # '''engineid''' integer //Used to store the traffic group destination identifier |
− | # srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record | + | # '''srcadd''' numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record |
− | # dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record | + | # '''dstadd''' numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record |
− | # nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record | + | # '''nexthop''' numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record |
− | # inif integer //SNMP ifindex of the input interface that seen the traffic for this flow | + | # '''inif''' |
− | # outif integer //SNMP ifindex of the output interface that seen the traffic for this flow | + | integer //SNMP ifindex of the input interface that seen the traffic for this flow |
− | # pkts bigint //Number of packets transmitted in this flow | + | # '''outif integer //SNMP ifindex of the output interface that seen the traffic for this flow |
− | # bytes bigint //Number of octets/bytes transmitted in this flow | + | # '''pkts bigint //Number of packets transmitted in this flow |
− | # firstseen bigint //Millisecond timestamp of when this flow started | + | # '''bytes bigint //Number of octets/bytes transmitted in this flow |
− | # duration bigint //Millisecond duration of this flow | + | # '''firstseen bigint //Millisecond timestamp of when this flow started |
− | # srcport integer //Source port number for traffic in this flow record | + | # '''duration bigint //Millisecond duration of this flow |
− | # dstport integer //Destination port number for traffic in this flow record | + | # '''srcport integer //Source port number for traffic in this flow record |
− | # flags integer //TCP Flags as an Integer value | + | # '''dstport integer //Destination port number for traffic in this flow record |
− | # proto integer //IP Protocol number for this flow record | + | # '''flags integer //TCP Flags as an Integer value |
− | # tos integer //IP TOS/COS value for this flow record | + | # '''proto integer //IP Protocol number for this flow record |
− | # appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number | + | # '''tos integer //IP TOS/COS value for this flow record |
− | # srcas integer //Source AS number used for this flow | + | # '''appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number |
− | # dstas integer //Destination AS number used for this flow | + | # '''srcas integer //Source AS number used for this flow |
− | # userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources | + | # '''dstas integer //Destination AS number used for this flow |
− | # userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources | + | # '''userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources |
− | # srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources | + | # '''userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources |
− | # dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources | + | # '''srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources |
− | # postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems) | + | # '''dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources |
+ | # '''postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems) | ||
# spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope | # spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope | ||
# url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data | # url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data | ||
# fwextcode integer //Additional field used to identify traffic (from Cisco NSEL) | # fwextcode integer //Additional field used to identify traffic (from Cisco NSEL) | ||
# fwevent integer //Additional field used to identify events(from Cisco NSEL) | # fwevent integer //Additional field used to identify events(from Cisco NSEL) |
Revision as of 12:17, 22 November 2018
- customerid integer Used to store the traffic group source identifier
- device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records
- engineid integer //Used to store the traffic group destination identifier
- srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record
- dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record
- nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record
- inif
integer //SNMP ifindex of the input interface that seen the traffic for this flow
- outif integer //SNMP ifindex of the output interface that seen the traffic for this flow
- pkts bigint //Number of packets transmitted in this flow
- bytes bigint //Number of octets/bytes transmitted in this flow
- firstseen bigint //Millisecond timestamp of when this flow started
- duration bigint //Millisecond duration of this flow
- srcport integer //Source port number for traffic in this flow record
- dstport integer //Destination port number for traffic in this flow record
- flags integer //TCP Flags as an Integer value
- proto integer //IP Protocol number for this flow record
- tos integer //IP TOS/COS value for this flow record
- appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
- srcas integer //Source AS number used for this flow
- dstas integer //Destination AS number used for this flow
- userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
- userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
- srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources
- dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources
- postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
- spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope
- url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
- fwextcode integer //Additional field used to identify traffic (from Cisco NSEL)
- fwevent integer //Additional field used to identify events(from Cisco NSEL)