Flow Record Fields

From Observer GigaFlow Support | VIAVI Solutions Inc.
Revision as of 12:16, 22 November 2018 by Niall (Talk | contribs)

Jump to: navigation, search
  1. customerid integer Used to store the traffic group source identifier
  2. device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records
  3. engineid integer //Used to store the traffic group destination identifier
  4. srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record
  5. dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record
  6. nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record
  7. inif integer //SNMP ifindex of the input interface that seen the traffic for this flow
  8. outif integer //SNMP ifindex of the output interface that seen the traffic for this flow
  9. pkts bigint //Number of packets transmitted in this flow
  10. bytes bigint //Number of octets/bytes transmitted in this flow
  11. firstseen bigint //Millisecond timestamp of when this flow started
  12. duration bigint //Millisecond duration of this flow
  13. srcport integer //Source port number for traffic in this flow record
  14. dstport integer //Destination port number for traffic in this flow record
  15. flags integer //TCP Flags as an Integer value
  16. proto integer //IP Protocol number for this flow record
  17. tos integer //IP TOS/COS value for this flow record
  18. appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
  19. srcas integer //Source AS number used for this flow
  20. dstas integer //Destination AS number used for this flow
  21. userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
  22. userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
  23. srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources
  24. dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources
  25. postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
  26. spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope
  27. url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
  28. fwextcode integer //Additional field used to identify traffic (from Cisco NSEL)
  29. fwevent integer //Additional field used to identify events(from Cisco NSEL)