Administrator Handbook | Table of contents |
The Netflow table provide flow statistics collected by the Netflow Collector Plug-in.
You can immediatly start a query, this one will provide a table of the flow statistics orderer by time and date, the older one first.
The table display can be customized to your need. Each column can be added or removed before a query.
Some of the columns can be used to make a sort by ascending order
Keyword | Description |
---|---|
version | Netflow version |
host_id | IP address of the router sending the Netflow datagram |
engine_type | Type of flow switching engine (RP,VIP,etc.) |
engine_id | Slot number of the flow switching engine |
flos_sequence | Sequence number of total flows seen |
ip_src | Source IP address of the flow |
ip_dst | Destination IP address of the flow |
srcport | Source port (define application type) |
dstport | Destination port (define application type) |
nexthop | Next hop IP address |
input | Input interface |
output | Output interface |
dPkts | Number of Packets sent to this destination |
dOctets | Number of Bytes sent to this destination |
prot | Prot field |
first | start of flow timestamp |
last | end of flow timestamp |
src_subnet | Source subnet |
dst_subnet | Destination subnet |
src_mask | Source subnet mask |
dst_mask | Destination subnet mask |
src_user_subnet | Source user subnet |
dst_user_subnet | Destination user subnet |
src_as |
Source autonomous system |
dst_as | Destination autonomous system |
protocol | Protocol (srcport, dstport, and prot lookup) |
tos | Type of service |
Example of table with only the source, destination IP address and the application (port number resolved) and sort by application.
Th filter options allow you to extract data form the base on multiple criteria.
You can filter by :
IP source address | The source IP address of the flow |
Source Port number | The source port number |
IP destination address | The destination IP address of the flow |
Destination port number | The destination port number (the application) |
Timestamp | The time stamp of the Flow compare to now |
Prot |
The protocol number (TCP=6; UDP=17) |
Two options allows you to resolv the port number. This option works when the application table is available and filled.
By default the destination port is resolved. You see the application name near the port number.
www.loriotpro.com |
|