Difference between revisions of "Flow Record Fields"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Line 4: | Line 4: | ||
|'''Description''' | |'''Description''' | ||
|- | |- | ||
− | |customerid | + | |'''customerid''' |
|integer | |integer | ||
|The traffic group source identifier | |The traffic group source identifier | ||
|- | |- | ||
− | |device | + | |'''device''' |
|numeric(39,0) | |numeric(39,0) | ||
|The numeric IPV6 address of the device sending us the flowsyslog records | |The numeric IPV6 address of the device sending us the flowsyslog records | ||
|- | |- | ||
− | | engineid | + | | '''engineid''' |
| integer | | integer | ||
| Used to store the traffic group destination identifier | | Used to store the traffic group destination identifier | ||
|- | |- | ||
− | | srcadd | + | | '''srcadd''' |
| numeric(39,0) | | numeric(39,0) | ||
| Store the numeric IPV6 address of the source for the traffic in this record | | Store the numeric IPV6 address of the source for the traffic in this record | ||
|- | |- | ||
− | | dstadd | + | | '''dstadd''' |
| numeric(39,0) | | numeric(39,0) | ||
| Store the numeric IPV6 address of the destination for the traffic in this record | | Store the numeric IPV6 address of the destination for the traffic in this record | ||
|- | |- | ||
− | | nexthop | + | | '''nexthop''' |
| numeric(39,0) | | numeric(39,0) | ||
| Store the numeric IPV6 address of the nexthop for the traffic in this record | | Store the numeric IPV6 address of the nexthop for the traffic in this record | ||
|- | |- | ||
− | | inif | + | | '''inif''' |
| integer | | integer | ||
| SNMP ifindex of the input interface that seen the traffic for this flow | | SNMP ifindex of the input interface that seen the traffic for this flow | ||
|- | |- | ||
− | | outif | + | | '''outif''' |
| integer | | integer | ||
| SNMP ifindex of the output interface that seen the traffic for this flow | | SNMP ifindex of the output interface that seen the traffic for this flow | ||
|- | |- | ||
− | | pkts | + | | '''pkts''' |
| bigint | | bigint | ||
| Number of packets transmitted in this flow | | Number of packets transmitted in this flow | ||
|- | |- | ||
− | | bytes | + | | '''bytes''' |
| bigint | | bigint | ||
| Number of octetsbytes transmitted in this flow | | Number of octetsbytes transmitted in this flow | ||
|- | |- | ||
− | | firstseen | + | | '''firstseen''' |
| bigint | | bigint | ||
| Millisecond timestamp of when this flow started | | Millisecond timestamp of when this flow started | ||
|- | |- | ||
− | | duration | + | | '''duration''' |
| bigint | | bigint | ||
| Millisecond duration of this flow | | Millisecond duration of this flow | ||
|- | |- | ||
− | | srcport | + | | '''srcport''' |
| integer | | integer | ||
| Source port number for traffic in this flow record | | Source port number for traffic in this flow record | ||
|- | |- | ||
− | | dstport | + | | '''dstport''' |
| integer | | integer | ||
| Destination port number for traffic in this flow record | | Destination port number for traffic in this flow record | ||
|- | |- | ||
− | | flags | + | | '''flags''' |
| integer | | integer | ||
| TCP Flags as an Integer value | | TCP Flags as an Integer value | ||
|- | |- | ||
− | | proto | + | | '''proto''' |
| integer | | integer | ||
| IP Protocol number for this flow record | | IP Protocol number for this flow record | ||
|- | |- | ||
− | | tos | + | | '''tos''' |
| integer | | integer | ||
| IP TOSCOS value for this flow record | | IP TOSCOS value for this flow record | ||
|- | |- | ||
− | | appid | + | | '''appid''' |
| integer | | integer | ||
| Flowsec assigned application id, out of this box this would be the lowest of srcdst port number | | Flowsec assigned application id, out of this box this would be the lowest of srcdst port number | ||
|- | |- | ||
− | | srcas | + | | '''srcas''' |
| integer | | integer | ||
| Source AS number used for this flow | | Source AS number used for this flow | ||
|- | |- | ||
− | | dstas | + | | '''dstas''' |
| integer | | integer | ||
| Destination AS number used for this flow | | Destination AS number used for this flow | ||
|- | |- | ||
− | | userid | + | | '''userid''' |
| text | | text | ||
| COLLATE pg_catalog."default" User ID for this flow, may be as sent or inferred from other sources | | COLLATE pg_catalog."default" User ID for this flow, may be as sent or inferred from other sources | ||
|- | |- | ||
− | | userdomain | + | | '''userdomain''' |
| text | | text | ||
| COLLATE pg_catalog."default" User Domain for this flow, may be as sent or inferred from other sources | | COLLATE pg_catalog."default" User Domain for this flow, may be as sent or inferred from other sources | ||
|- | |- | ||
− | | srcmac | + | | '''srcmac''' |
| bigint | | bigint | ||
| Source MAC address (java long value), either as supplied or inferred from other sources | | Source MAC address (java long value), either as supplied or inferred from other sources | ||
|- | |- | ||
− | | dstmac | + | | '''dstmac''' |
| bigint | | bigint | ||
| Destination MAC address (java long value), either as supplied or inferred from other sources | | Destination MAC address (java long value), either as supplied or inferred from other sources | ||
|- | |- | ||
− | | postureid | + | | '''postureid |
| integer | | integer | ||
| Marking to indicate this flow is of interest (due to blacklist or profiling problems) | | Marking to indicate this flow is of interest (due to blacklist or profiling problems) | ||
|- | |- | ||
− | | spare | + | | '''spare''' |
| integer | | integer | ||
| Used to store the first packet response value. -1=unset, -2=no response in scope | | Used to store the first packet response value. -1=unset, -2=no response in scope | ||
|- | |- | ||
− | | url | + | | '''url''' |
| text | | text | ||
| COLLATE pg_catalog."default" Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data | | COLLATE pg_catalog."default" Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data | ||
|- | |- | ||
− | | fwextcode | + | | '''fwextcode''' |
| integer | | integer | ||
| Additional field used to identify traffic (from Cisco NSEL) | | Additional field used to identify traffic (from Cisco NSEL) | ||
|- | |- | ||
− | | fwevent | + | | '''fwevent''' |
| integer | | integer | ||
| Additional field used to identify events(from Cisco NSEL) | | Additional field used to identify events(from Cisco NSEL) | ||
|} | |} |
Revision as of 14:13, 22 November 2018
Record Field | Type | Description |
customerid | integer | The traffic group source identifier |
device | numeric(39,0) | The numeric IPV6 address of the device sending us the flowsyslog records |
engineid | integer | Used to store the traffic group destination identifier |
srcadd | numeric(39,0) | Store the numeric IPV6 address of the source for the traffic in this record |
dstadd | numeric(39,0) | Store the numeric IPV6 address of the destination for the traffic in this record |
nexthop | numeric(39,0) | Store the numeric IPV6 address of the nexthop for the traffic in this record |
inif | integer | SNMP ifindex of the input interface that seen the traffic for this flow |
outif | integer | SNMP ifindex of the output interface that seen the traffic for this flow |
pkts | bigint | Number of packets transmitted in this flow |
bytes | bigint | Number of octetsbytes transmitted in this flow |
firstseen | bigint | Millisecond timestamp of when this flow started |
duration | bigint | Millisecond duration of this flow |
srcport | integer | Source port number for traffic in this flow record |
dstport | integer | Destination port number for traffic in this flow record |
flags | integer | TCP Flags as an Integer value |
proto | integer | IP Protocol number for this flow record |
tos | integer | IP TOSCOS value for this flow record |
appid | integer | Flowsec assigned application id, out of this box this would be the lowest of srcdst port number |
srcas | integer | Source AS number used for this flow |
dstas | integer | Destination AS number used for this flow |
userid | text | COLLATE pg_catalog."default" User ID for this flow, may be as sent or inferred from other sources |
userdomain | text | COLLATE pg_catalog."default" User Domain for this flow, may be as sent or inferred from other sources |
srcmac | bigint | Source MAC address (java long value), either as supplied or inferred from other sources |
dstmac | bigint | Destination MAC address (java long value), either as supplied or inferred from other sources |
postureid | integer | Marking to indicate this flow is of interest (due to blacklist or profiling problems) |
spare | integer | Used to store the first packet response value. -1=unset, -2=no response in scope |
url | text | COLLATE pg_catalog."default" Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data |
fwextcode | integer | Additional field used to identify traffic (from Cisco NSEL) |
fwevent | integer | Additional field used to identify events(from Cisco NSEL) |