Collecting NetFlow Data

 Top  Previous  Next

AggreGate Network Manager NetFlow collector listens for UDP packets and parses them extracting NetFlow data. Collector generates an AggreGate Network Manager event for every flow obtained. The events are generated as NetFlow Event (netflow) in Network Management context.These events are stored in AggreGate Network Manager database and then become available for NetFlow traffic analysis tools.

NetFlow Event data has the following format:

Name

Type

Description

Comments

timestamp

Date

Timestamp

Timestamp of the moment when the NetFlow datagram was received.

host

String

IP Address or Host Name

IP address or host name of the NetFlow exporter originated the datagram.

version

Integer

Version

NetFlow version number.

systemUptime

Long

Export System Uptime

Exporter's system uptime, i.e. milliseconds since it was booted.

seconds

Long

Export Time Seconds

Exporter's time as seconds since 0000 UTC 1970 at which the datagram was sent.

nseconds

Long

Export Time Residual Nanoseconds

Exporter's residual nanoseconds since 0000 UTC 1970.

flowSequence

Long

Flow Sequence

Incremental sequence counter of total flows seen by the exporter. This value can be used to identify whether any datagram have been missed.

engineType

Long

Engine Type

Type of flow-switching engine (route processor, linecard,  etc...).

engineId

Long

Engine Slot        

ID number of the flow-switching engine.

sourceAddress

String

Source Address

Source address of packets in the flow.

sourcePort

Integer

Source Port

Source port of packets in the flow.

destinationAddress

String

Destination Address

Destination address of packets in the flow.

destinationPort

Integer

Destination Port

Destination port of packets in the flow.

nextHopRouter

String

Next Hop Router

IP address of next hop router.

inputIfIndex

Long

Input ifIndex

SNMP index of input interface.

outputIfIndex

Long

Output ifIndex

SNMP index of output interface.

packetsCount

Long

Flow Packets

Number of packets in the flow.

octetsCount

Long

Flow Bytes

Total number of bytes in the flow.

firstSysUptime

Long

First SysUptime

Exporters system uptime (in milliseconds) when the first packet in the flow was seen by exporter.

lastSysUptime

Long

Last SysUptime

Exporters system uptime (in milliseconds) when the last packet in the flow was seen by exporter.

tcpFlags

Integer

TCP Flags

Cumulative logical OR of all TCP flags seen in this flow.

protocol

Integer

IP protocol type

IP protocol type.

tos

Integer

Type of Service

IP type of service.

srcAS

Long

Source Autonomous System Number

Source BGP autonomous system number, either origin or peer.

dstAS

Long

Destination Autonomous System Number

Destination BGP autonomous system number, either origin or peer.

srcMask

Integer

Source Mask

The number of contiguous bits in the source subnet mask (i.e., the mask in slash notation).

dstMask

Integer

Destination Mask

The number of contiguous bits in the destination subnet mask (i.e., the mask in slash notation).

extraData

Data Table

Extra Data

Additional data associated with the flow.