Flow Record Fields

From Observer GigaFlow Support | VIAVI Solutions Inc.
Revision as of 12:24, 22 November 2018 by Niall (Talk | contribs)

Jump to: navigation, search
Orange Apple 12,333.00
Bread Pie 500.00
Butter Ice cream 1.00
  1. customerid
    • integer
    • Used to store the traffic group source identifier
  2. device
    • numeric(39,0)
    • Store the numeric IPV6 address of the device sending us the flow/syslog records
  3. engineid
    • integer
    • Used to store the traffic group destination identifier
  4. srcadd
    • numeric(39,0)
    • Store the numeric IPV6 address of the source for the traffic in this record
  5. dstadd
    • numeric(39,0)
    • Store the numeric IPV6 address of the destination for the traffic in this record
  6. nexthop
    • numeric(39,0)
    • Store the numeric IPV6 address of the nexthop for the traffic in this record
  7. inif
    • integer
    • SNMP ifindex of the input interface that seen the traffic for this flow
  8. outif
    • integer
    • SNMP ifindex of the output interface that seen the traffic for this flow
  9. pkts
    • bigint
    • Number of packets transmitted in this flow
  10. bytes
    • bigint
    • Number of octets/bytes transmitted in this flow
  11. firstseen
    • bigint
    • Millisecond timestamp of when this flow started
  12. duration
    • bigint
    • Millisecond duration of this flow
  13. srcport
    • integer
    • Source port number for traffic in this flow record
  14. dstport
    • integer
    • Destination port number for traffic in this flow record
  15. flags
    • integer
    • TCP Flags as an Integer value
  16. proto
    • integer
    • IP Protocol number for this flow record
  17. tos
    • integer
    • IP TOS/COS value for this flow record
  18. appid
    • integer
    • Flowsec assigned application id, out of this box this would be the lowest of src/dst port number
  19. srcas
    • integer
    • Source AS number used for this flow
  20. dstas
    • integer
    • Destination AS number used for this flow
  21. userid
    • text
    • COLLATE pg_catalog."default" //User ID for this flow, may be as sent or inferred from other sources
  22. userdomain
    • text
    • COLLATE pg_catalog."default" //User Domain for this flow, may be as sent or inferred from other sources
  23. srcmac
    • bigint
    • Source MAC address (java long value), either as supplied or inferred from other sources
  24. dstmac
    • bigint
    • Destination MAC address (java long value), either as supplied or inferred from other sources
  25. postureid integer //Marking to indicate this flow is of interest (due to blacklist or profiling problems)
  26. spare
    • integer
    • Used to store the first packet response value. -1=unset, -2=no response in scope
  27. url
    • text
    • COLLATE pg_catalog."default" //Free for text field we use for things like applcation names (which will soon be moved to fwextcode) or URL data
  28. fwextcode
    • integer
    • Additional field used to identify traffic (from Cisco NSEL)
  29. fwevent
    • integer
    • Additional field used to identify events(from Cisco NSEL)