Autonomous Systems Monitor (10066 / 20066)
Description
This Module reports traffic by all Autonomous Systems (AS). This information is provided per NetFlow exporter.
Parameters
| Parameter Name | Description | Comments |
|---|---|---|
| Data Collection Interval, sec | Module logic execution interval | min = 5 sec, max = 600 sec, default = 30 sec |
| N – number of reported hosts | The number of top ASN pairs reported per NetFlow exporter | min = 0, max = 100000, default = 50 (0 indicates all hosts are reported) |
Input
NetFlow v5, v9, IPFIX.
Required NetFlow Fields
| Information Element (IE) | IE id | IE size, B | Description |
|---|---|---|---|
| octetDeltaCount | 1 | 4 or 8 | The number of octets since the previous report (if any) in incoming packets for this Flow at the Observation Point. The number of octets includes IP header(s) and IP payload. |
| packetDeltaCount | 2 | 4 or 8 | The number of incoming packets since the previous report (if any) for this Flow at the Observation Point. |
Syslog/JSON Message Fields
| Key | Field Description | Comments |
|---|---|---|
| nfc_id | Message type identifier | "nfc_id=20066" |
| exp_ip | NetFlow exporter IP address | <IPv4 address> |
| src_asn | Source AS | <number> |
| dest_asn | Destination AS | <number> |
| bytes | Total number of Layer 3 bytes in the packets of the flow received (IPv4) | <number> |
| bytes6 | Total number of Layer 3 bytes in the packets of the flow received (IPv6) | <number> |
| packets | Packets in the flow received (IPv4) | <number> |
| packets6 | Packets in the flow received (IPv6) | <number> |
| flow_count | Number of Flows | <number> |
| percent_of_total | Percent of Total (bytes) | <decimal> |
| [flow_smpl_id] | Flow Sampler ID | <number> |
| t_int | Observation time interval, msec | <number> |