Difference between revisions of "Flow Record Fields"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Line 3: | Line 3: | ||
#* Used to store the traffic group source identifier | #* Used to store the traffic group source identifier | ||
# '''device''' | # '''device''' | ||
− | numeric(39,0) | + | #* numeric(39,0) |
− | Store the numeric IPV6 address of the device sending us the flow/syslog records | + | #* Store the numeric IPV6 address of the device sending us the flow/syslog records |
− | # '''engineid''' integer | + | # '''engineid''' |
− | # '''srcadd''' numeric(39,0) | + | #* integer |
− | # '''dstadd''' numeric(39,0) | + | #* Used to store the traffic group destination identifier |
− | # '''nexthop''' numeric(39,0) | + | # '''srcadd''' |
+ | #* numeric(39,0) | ||
+ | #* Store the numeric IPV6 address of the source for the traffic in this record | ||
+ | # '''dstadd''' | ||
+ | #* numeric(39,0) | ||
+ | #* Store the numeric IPV6 address of the destination for the traffic in this record | ||
+ | # '''nexthop''' | ||
+ | #* numeric(39,0) | ||
+ | #* Store the numeric IPV6 address of the nexthop for the traffic in this record | ||
# '''inif''' | # '''inif''' | ||
− | + | #* integer | |
− | # '''outif integer | + | #* SNMP ifindex of the input interface that seen the traffic for this flow |
− | # '''pkts bigint | + | # '''outif''' |
− | # '''bytes bigint | + | #* integer |
− | # '''firstseen bigint | + | #* SNMP ifindex of the output interface that seen the traffic for this flow |
− | # '''duration bigint | + | # '''pkts''' |
− | # '''srcport integer | + | #* bigint |
− | # '''dstport integer | + | #* Number of packets transmitted in this flow |
− | # '''flags integer | + | # '''bytes''' |
− | # '''proto integer | + | #* bigint |
− | # '''tos integer | + | #* Number of octets/bytes transmitted in this flow |
− | # '''appid integer | + | # '''firstseen''' |
− | # '''srcas integer | + | #* bigint |
− | # '''dstas integer | + | #* Millisecond timestamp of when this flow started |
− | # '''userid text COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources | + | # '''duration''' |
− | # '''userdomain text COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources | + | #* bigint |
− | # '''srcmac bigint | + | #* Millisecond duration of this flow |
− | # '''dstmac bigint | + | # '''srcport''' |
+ | #* integer | ||
+ | #* Source port number for traffic in this flow record | ||
+ | # '''dstport''' | ||
+ | #* integer | ||
+ | #* Destination port number for traffic in this flow record | ||
+ | # '''flags''' | ||
+ | #* integer | ||
+ | #* TCP Flags as an Integer value | ||
+ | # '''proto''' | ||
+ | #* integer | ||
+ | #* IP Protocol number for this flow record | ||
+ | # '''tos''' | ||
+ | #* integer | ||
+ | #* IP TOS/COS value for this flow record | ||
+ | # '''appid''' | ||
+ | #* integer | ||
+ | #* Flowsec assigned application id, out of this box this would be the lowest of src/dst port number | ||
+ | # '''srcas''' | ||
+ | #* integer | ||
+ | #* Source AS number used for this flow | ||
+ | # '''dstas''' | ||
+ | #* integer | ||
+ | #* Destination AS number used for this flow | ||
+ | # '''userid''' | ||
+ | #* text | ||
+ | #* COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources | ||
+ | # '''userdomain''' | ||
+ | #* text | ||
+ | #* COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources | ||
+ | # '''srcmac''' | ||
+ | #* bigint | ||
+ | #* Source MAC address (java long value), either as supplied or inferred from other sources | ||
+ | # '''dstmac''' | ||
+ | #* bigint | ||
+ | #* Destination MAC address (java long value), either as supplied or inferred from other sources | ||
# '''postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems) | # '''postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems) | ||
− | # spare integer | + | # '''spare''' |
− | # url text COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data | + | #* integer |
− | # fwextcode integer | + | #* Used to store the first packet response value. -1=unset, -2=no response in scope |
− | # fwevent integer | + | # '''url''' |
+ | #* text | ||
+ | #* COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data | ||
+ | # '''fwextcode''' | ||
+ | #* integer | ||
+ | #* Additional field used to identify traffic (from Cisco NSEL) | ||
+ | # '''fwevent''' | ||
+ | #* integer | ||
+ | #* Additional field used to identify events(from Cisco NSEL) |
Revision as of 12:22, 22 November 2018
- customerid
- integer
- Used to store the traffic group source identifier
- device
- numeric(39,0)
- Store the numeric IPV6 address of the device sending us the flow/syslog records
- engineid
- integer
- Used to store the traffic group destination identifier
- srcadd
- numeric(39,0)
- Store the numeric IPV6 address of the source for the traffic in this record
- dstadd
- numeric(39,0)
- Store the numeric IPV6 address of the destination for the traffic in this record
- nexthop
- numeric(39,0)
- Store the numeric IPV6 address of the nexthop for the traffic in this record
- inif
- integer
- SNMP ifindex of the input interface that seen the traffic for this flow
- outif
- integer
- SNMP ifindex of the output interface that seen the traffic for this flow
- pkts
- bigint
- Number of packets transmitted in this flow
- bytes
- bigint
- Number of octets/bytes transmitted in this flow
- firstseen
- bigint
- Millisecond timestamp of when this flow started
- duration
- bigint
- Millisecond duration of this flow
- srcport
- integer
- Source port number for traffic in this flow record
- dstport
- integer
- Destination port number for traffic in this flow record
- flags
- integer
- TCP Flags as an Integer value
- proto
- integer
- IP Protocol number for this flow record
- tos
- integer
- IP TOS/COS value for this flow record
- appid
- integer
- Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
- srcas
- integer
- Source AS number used for this flow
- dstas
- integer
- Destination AS number used for this flow
- userid
- text
- COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
- userdomain
- text
- COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
- srcmac
- bigint
- Source MAC address (java long value), either as supplied or inferred from other sources
- dstmac
- bigint
- Destination MAC address (java long value), either as supplied or inferred from other sources
- postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
- spare
- integer
- Used to store the first packet response value. -1=unset, -2=no response in scope
- url
- text
- COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
- fwextcode
- integer
- Additional field used to identify traffic (from Cisco NSEL)
- fwevent
- integer
- Additional field used to identify events(from Cisco NSEL)