Original Flow Data
Original Flow Data Converter Service
This page allows you to provide mapping between flow data elements and their corresponding key names in key-value pairs in syslog or JSON output.
There are two mapping files:
-
For Blue Coat Packeteer-2 device. It allows you to map ClassIDs to application names
-
Custom IPFIX Information Elements. It allows you to specify key names for custom enterprise fields in IPFIX, as well as override standard IPFIX elements names. This CSV file has the following format:
PEN, IE ID, Format, Name, Description
Where:
PEN – IPFIX Private Enterprise number, e.g. for Netscaler it is 5951
IE ID – IPFIX Information Element ID
Format – one of the values specified in the table below
Name – key name for this IPFIX element
Description – optional description
| Format | Description | Example |
|---|---|---|
| FMT_NONE | no output | |
| FMT_UNKNOWN | N bytes as hex | 0102DEADBEEF0201 |
| FMT_UINT8_DEC | unsigned integer 1 byte as decimal | 127 |
| FMT_UINT8_HEX | unsigned integer 1 byte as hex | 1F |
| FMT_UINT16_DEC | unsigned integer 2 bytes as decimal | 5000 |
| FMT_FLOW_LABEL | unsigned integer 20 bits as decimal | 106000 |
| FMT_MPLS_LABEL | unsigned integer 3 bytes as text | 17:28:39 |
| FMT_APP_TAG | application tag 1 byte (engine ID) + n bytes (selector) | 1:7000 |
| FMT_HTTP_HOST | HTTP host n bytes: Application ID 4 bytes (engine ID + selector ID), sub-application ID 2 bytes, value (hostname) n bytes | "100:3000,hostA" |
| FMT_TCP_FLAGS | unsigned integer 1 byte as text | "FIN,RST" |
| FMT_UINT32_DEC | unsigned integer 4 bytes as decimal | 77000 |
| FMT_UINT32_HEX | unsigned integer 4 bytes as hex | 01ABCD02 |
| FMT_UINTN_DEC | unsigned integer n bytes as decimal | 9600000 |
| FMT_IPV4 | 4 bytes as text | 127.0.0.1 |
| FMT_IPV6 | 16 bytes as text | 2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d |
| FMT_STRING | n bytes ACSCII as text | "ascii text" |
| FMT_MAC | 6 bytes as text | 00:a1💿12:34:56 |
| FMT_ARR32 | 4 bytes array as hex | 01ABCD02 |
| FMT_ARR64 | 8 bytes array as hex | 01ABCD0201ABCD02 |
| FMT_EVENT | unsigned integer 1 byte as text | "Flow created" |
| FMT_DTIME_SEC | unsigned integer 4 or 8 byte as text (date) | "1985-04-12T23:20:50Z" |
| FMT_DTIME_MSEC | unsigned integer 4 or 8 byte as text (date) | "1985-04-12T23:20:50.001Z" |
| FMT_DTIME_USEC | unsigned integer 4 or 8 byte as text (date) | "1985-04-12T23:20:50.000001Z" |
| FMT_DTIME_NSEC | unsigned integer 4 or 8 byte as text (date) | "1985-04-12T23:20:50.000000001Z" |