Skip to main content
Version: 2.10.1

FDR Packeteer-2 Flow Data (20010)

Description

FDR Packeteer-2 Flow Data Converter translates Blue Coat’s PacketShaper flows into syslog messages 1-to-1. Each flow record is converted into a syslog message in the “key=value” format. The tables below describe the mapping between Packeteer-2 Flow Data and key values.

FDR Packeteer-2 Header

This table describes the header present in each Packeteer-2 protocol packet.

NameBytesNetFlow Logic field
Version2
Flow records in this PDU1
Shaper Serial Number5device
Unix Time in sec4
Residual nanoseconds4
Total flows seen4
PacketeerFlowRecordsID4flow_id
SysUpTime in millisec4

FDR Packeteer-2 Records

This table describes the data records present in each Packeteer-2 packet. The number of bytes used and any additional information is given for each data item included in the FDR packet.

NameBytesDescriptionNetFlow Logic field
Source IPaddr4The IP address from which a flow was sentsrc_ip
Destination IPaddr4The IP address to which a flow was sentdest_ip
Packeteer ClassID4A numeric descriptor for a PacketShaper-identified traffic classclass_id
Inbound IFindex2The PacketShaper interface through which the flow enteredifindex_in
Outbound IFindex2The PacketShaper interface through which the flow exitedifindex_out
Packet Count4The total number of packets in the flowpackets
Byte Count4The total number of bytes in the flowbytes
Time at Start of Flow4SysUpTime when first packet seenfirst_time
Time at End of Flow4SysUpTime when last packet seenlast_time
Source Port2The port on which the flow was sentsrc_port
Destination Port2The port to which the flow was sentdest_port
Packeteer Policy1priority=1, rate=2, uncontrolled=8, discard=16 or never-admit=32policy
TCP flags1The logical sum (AND) of all TCP flags seen during the flowtcp_flag
Layer 4 protocol1The type of layer 4 protocol for the flow. Common IP protocol values are: 1 ICMP; 2 IGMP; 6 TCP; 9 IGRP;17 UDP; 41 IPv6; 46 RSVP; 47 GRE; 50 IPSec; 51 IPSec; 108 IPCompprotocol
IP ToS/DiffServ Byte (DSCP)1The value of any Type of Service or DiffServ (DSCP) for the flow, if presenttos
Packeteer Service Type2The type of service (TOS)service_id
Server at Source or Dest.1The location of the server for this flow, may not apply to some protocols: s = source of the flow; d = destination of the flow; 0 = unknown (may not be a client/server based protocol)srv_loc
Packeteer Policy Priority1Priority for this flow (0-7), either the priority assigned by a priority policy, or the priority assigned to excess rate with a rate policypriority
Retransmitted Bytes4The number of bytes requiring retransmission for this flowr_bytes
VLanID2The ID number of any 802.1q VLAN associated with the flowvlan_id
TTL1Time to Live of the flow's last packetttl
Measurements Type1'p'=Ping 'v'=RTCP 'a'=RTM 't'=TCP 0=nonem_type
Measurement 14The first measurement in this FDR packet (see below)m1
Measurement 24The second measurement in this FDR packet (see below)m2
Measurement 34The third measurement in this FDR packet (see below)m3

Input

FDR Packeteer-2

Syslog/JSON Message Fields

KeyField DescriptionComments
nfc_idMessage type identifier“nfc_id=20010”
devicePacketShaper Serial Number(1)<string>
flow_idPacketShaper flow identifier<number>
src_ipThe IP address from which a flow was sent<IPv4_address>
dest_ipThe IP address to which a flow was sent<IPv4_address>
class_idPacketShaper traffic class ID<number>
applicationApplication (class ID name) (2)<string>
ifindex_inInbound Interface<number>
ifindex_outOutbound Interface<number>
packetsPacket Count<number>
bytesByte Count<number>
first_timeTime at Start of Flow<number>
last_timeTime at End of Flow<number>
src_portSource Port<number>
dest_portDestination Port<number>
policyPacketeer Policy<number>
tcp_flagTCP flags<string>, e.g. “SYN,ACK,FIN”
protocolTransport Protocol (TCP = 6, UDP = 17)<number>
tosIP ToS/DiffServ Byte (DSCP)<number>
service_idPacketeer Service Type<number>
srv_locServer Location<number>
priorityPacketeer Policy Priority<number>
r_bytesRetransmitted Bytes<number>
vlan_idVLanID<number>
ttlTTL<number>
m_typeMeasurements Type<number>
m1Measurement 1<number>
m2Measurement 2<number>
m3Measurement 3<number>

(1) This field is taken from Packeteer-2 Header.
(2) This field is populated from a lookup CSV file that maps class ID to Application name.