Difference between revisions of "Flow Record Fields"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
Line 1: Line 1:
 +
All GigaFlow flow records contain 29 fields or table columns. In the '''myipfix''' database associated with the GigaFlow installation, the '''netflow''' tables contain all flow records. These are:
 +
 
{| class="wikitable" style="text-align: left;"
 
{| class="wikitable" style="text-align: left;"
 
|'''Record Field'''  
 
|'''Record Field'''  

Revision as of 16:39, 22 November 2018

All GigaFlow flow records contain 29 fields or table columns. In the myipfix database associated with the GigaFlow installation, the netflow tables contain all flow records. These are:

Record Field Type Description
customerid integer The traffic group source identifier
device numeric(39,0) The numeric IPV6 address of the device sending us the flowsyslog records
engineid integer Used to store the traffic group destination identifier
srcadd numeric(39,0) Store the numeric IPV6 address of the source for the traffic in this record
dstadd numeric(39,0) Store the numeric IPV6 address of the destination for the traffic in this record
nexthop numeric(39,0) Store the numeric IPV6 address of the nexthop for the traffic in this record
inif integer SNMP ifindex of the input interface that seen the traffic for this flow
outif integer SNMP ifindex of the output interface that seen the traffic for this flow
pkts bigint Number of packets transmitted in this flow
bytes bigint Number of octetsbytes transmitted in this flow
firstseen bigint Millisecond timestamp of when this flow started
duration bigint Millisecond duration of this flow
srcport integer Source port number for traffic in this flow record
dstport integer Destination port number for traffic in this flow record
flags integer TCP Flags as an Integer value
proto integer IP Protocol number for this flow record
tos integer IP TOSCOS value for this flow record
appid integer Flowsec assigned application id, out of this box this would be the lowest of srcdst port number
srcas integer Source AS number used for this flow
dstas integer Destination AS number used for this flow
userid text COLLATE pg_catalog."default" User ID for this flow, may be as sent or inferred from other sources
userdomain text COLLATE pg_catalog."default" User Domain for this flow, may be as sent or inferred from other sources
srcmac bigint Source MAC address (java long value), either as supplied or inferred from other sources
dstmac bigint Destination MAC address (java long value), either as supplied or inferred from other sources
postureid integer Marking to indicate this flow is of interest (due to blacklist or profiling problems)
spare integer Used to store the first packet response value. -1=unset, -2=no response in scope
url text COLLATE pg_catalog."default" Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
fwextcode integer Additional field used to identify traffic (from Cisco NSEL)
fwevent integer Additional field used to identify events(from Cisco NSEL)