Bandwidth Consumption per Application for Palo Alto Networks (10034 / 20034)
Description
This Module utilizes Palo Alto Networks NetFlow v9 reporting and provides a list of most active applications by traffic. Most active applications are reported by Network Device over a time interval. The number of reported top most active applications (N) and the observation interval (T, sec) are configurable. This information is provided per NetFlow exporter.
Parameters
| Parameter Name | Description | Comments |
|---|---|---|
| Data Collection Interval, sec | Module logic execution interval | min = 10 sec, max = 600 sec, default = 30 sec |
| Application id list | A list of watched applications. If specified, the traffic is reported by specified applications, and all other traffic is summed up under app=other. If the list is empty, the traffic is reported by all applications. | |
| N - number of reported consumers | Top N (number of reported applications) | min = 0, max = 100000, default = 50 (0 indicates all hosts are reported) |
| Report selected applications only (1) | Enable/Disable reporting selected apps only (1 - report only apps in the list, 0 - report all apps) | default = 0 |
Inputs
Palo Alto Networks NetFlow v9.
Syslog/JSON Message Fields
| Key | Field Description | Comments |
|---|---|---|
| nfc_id | Message type identifier | nfc_id=20034 |
| exp_ip | NetFlow exporter IPv4 address | <IPv4_address> |
| app | Application | <string> |
| created_count | Created flows count | <number> |
| bytes | Bytes total (Traffic) | <number> |
| percent_of_total | Percent of Total (Traffic) | <decimal>, e.g. 25.444% is 25.444 |
| t_int | Observation time interval, msec | <number> |