Sampling Monitor (10002 / 20002)
Description
This Module reports NetFlow sampling information. For NFv5 sampling interval is taken from the header. For NFv9 and IPFIX sampling interval and other fields are taken from NetFlow options. For sFlow sampling interval is taken from sampling rate.
Parameters
| Parameter Name | Description | Comments |
|---|
| Data Collection Interval, sec | Module logic execution interval | min = 10 sec, max = 600 sec, default = 60 sec |
| Default sampling interval | Sampling interval used in case no NFv9 options are available | min = 1, max = 100000, default = 1 |
| Sampling info expiration time | Stop sending sampling information after this time of not seeing any traffic from the network device | min = 1 sec, max = 100000 sec, default = 300 sec |
NetFlow v5, v9, IPFIX, sFlow
Required NetFlow Fields
| Information Element (IE) | IE id | IE size, B | Description |
|---|
| samplerId | 48 | 1 | The unique identifier associated with samplerName. Attention: this IE is deprecated in favor of selectorId (302) |
Syslog/JSON Message Fields
| Key | Field Description | Comments |
|---|
| nfc_id | Message type identifier | "nfc_id=20002" |
| exp_ip | NetFlow exporter IP address | <IPv4_address> |
| flow_smpl_id | Flow Sampler ID | <number> |
| smpl_int | Sampling interval | <number> |
| smpl_algo | Sampling algorithm | <string> |
| t_int | Observation time interval, msec | <number> |