Difference between revisions of "Flow Record Fields"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
Line 1: Line 1:
# customerid integer Used to store the traffic group source identifier
+
# '''customerid''' integer Used to store the traffic group source identifier
# device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records
+
# '''device''' numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records
# engineid integer //Used to store the traffic group destination identifier
+
# '''engineid''' integer //Used to store the traffic group destination identifier
# srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record
+
# '''srcadd''' numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record
# dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record
+
# '''dstadd''' numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record
# nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record
+
# '''nexthop''' numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record
# inif integer //SNMP ifindex of the input interface that seen the traffic for this flow
+
# '''inif'''
# outif integer //SNMP ifindex of the output interface that seen the traffic for this flow
+
integer //SNMP ifindex of the input interface that seen the traffic for this flow
# pkts bigint //Number of packets transmitted in this flow
+
# '''outif integer //SNMP ifindex of the output interface that seen the traffic for this flow
# bytes bigint //Number of octets/bytes transmitted in this flow
+
# '''pkts bigint //Number of packets transmitted in this flow
# firstseen bigint //Millisecond timestamp of when this flow started
+
# '''bytes bigint //Number of octets/bytes transmitted in this flow
# duration bigint //Millisecond duration of this flow
+
# '''firstseen bigint //Millisecond timestamp of when this flow started
# srcport integer //Source port number for traffic in this flow record
+
# '''duration bigint //Millisecond duration of this flow
# dstport integer //Destination port number for traffic in this flow record
+
# '''srcport integer //Source port number for traffic in this flow record
# flags integer //TCP Flags as an Integer value
+
# '''dstport integer //Destination port number for traffic in this flow record
# proto integer //IP Protocol number for this flow record
+
# '''flags integer //TCP Flags as an Integer value
# tos integer //IP TOS/COS value for this flow record
+
# '''proto integer //IP Protocol number for this flow record
# appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
+
# '''tos integer //IP TOS/COS value for this flow record
# srcas integer //Source AS number used for this flow
+
# '''appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
# dstas integer //Destination AS number used for this flow
+
# '''srcas integer //Source AS number used for this flow
# userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
+
# '''dstas integer //Destination AS number used for this flow
# userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
+
# '''userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
# srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources
+
# '''userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
# dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources
+
# '''srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources
# postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
+
# '''dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources
 +
# '''postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
 
# spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope
 
# spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope
 
# url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
 
# url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
 
# fwextcode integer //Additional field used to identify traffic (from Cisco NSEL)
 
# fwextcode integer //Additional field used to identify traffic (from Cisco NSEL)
 
# fwevent integer //Additional field used to identify events(from Cisco NSEL)
 
# fwevent integer //Additional field used to identify events(from Cisco NSEL)

Revision as of 12:17, 22 November 2018

  1. customerid integer Used to store the traffic group source identifier
  2. device numeric(39,0) //Store the numeric IPV6 address of the device sending us the flow/syslog records
  3. engineid integer //Used to store the traffic group destination identifier
  4. srcadd numeric(39,0) //Store the numeric IPV6 address of the source for the traffic in this record
  5. dstadd numeric(39,0) //Store the numeric IPV6 address of the destination for the traffic in this record
  6. nexthop numeric(39,0) //Store the numeric IPV6 address of the nexthop for the traffic in this record
  7. inif
integer //SNMP ifindex of the input interface that seen the traffic for this flow
  1. outif integer //SNMP ifindex of the output interface that seen the traffic for this flow
  2. pkts bigint //Number of packets transmitted in this flow
  3. bytes bigint //Number of octets/bytes transmitted in this flow
  4. firstseen bigint //Millisecond timestamp of when this flow started
  5. duration bigint //Millisecond duration of this flow
  6. srcport integer //Source port number for traffic in this flow record
  7. dstport integer //Destination port number for traffic in this flow record
  8. flags integer //TCP Flags as an Integer value
  9. proto integer //IP Protocol number for this flow record
  10. tos integer //IP TOS/COS value for this flow record
  11. appid integer //Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
  12. srcas integer //Source AS number used for this flow
  13. dstas integer //Destination AS number used for this flow
  14. userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
  15. userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
  16. srcmac bigint //Source MAC address (java long value), either as supplied or inferred from other sources
  17. dstmac bigint //Destination MAC address (java long value), either as supplied or inferred from other sources
  18. postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
  19. spare integer //Used to store the first packet response value. -1=unset, -2=no response in scope
  20. url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
  21. fwextcode integer //Additional field used to identify traffic (from Cisco NSEL)
  22. fwevent integer //Additional field used to identify events(from Cisco NSEL)