NetFlow Logic Documentation
HomeDownloadsFree TrialNFO 2.9 Documetation
Search…
NFO 2.8.1
NetFlow Logic Documetation
NetFlow Optimizerâ„¢ (NFO) Overview
Core Products
NFO Installation Guide
NFO Administration Guide
NFO User Guide
What Are Modules and Converters?
How to Use this Guide
Solutions at a Glance
Modules Specifications
Amazon AWS VPC Flow Logs
Azure Network Security Group (NSG) Flow Logs
Google Cloud VPC Flow Logs
Network Conversations Monitor
Network Traffic and Devices Monitoring
Enhanced Traffic Monitor
Enhanced Traffic Monitor 2
Security
Email
Services Monitor
Cisco AnyConnect Traffic Monitor
Cisco AVC Applications Monitoring
Cisco ASA Devices Monitoring
Palo Alto Networks Devices Monitoring
VMware
Micro-segmentation Analytics
NSX Distributed Firewall Monitoring
Utilities
Special Converters
Appendix 1 - NetFlow v5 - NetFlow v9 Field Types Mapping
Appendix 2 - Supported sFlow Structure Numbers
EDFN Installation Guide
EDFN Administration Guide
Release Notes
Integrations and Apps
NetFlow Analytics for Splunk
Integration with Splunk Enterprise Security
Integration with Elasticsearch
Network Metrics Content Pack for VMware vRealize Log Insight
Solutions
Cloud Application Visibility & Security
NetFlow-based DDoS Detection
V2P Network Visibility
FAQ
Frequently Asked Questions
SUPPORT
Troubleshooting Guide
Support Overview
Powered By GitBook
Modules Specifications
This section contains description of NFO Modules, also known as Logic Rules.
All Modules report information in syslog key=value pairs format or JSON format.

Syslog Format

Syslog header is RFC 5424 compliant and contains:
Field
Description
PRI
Priority Value
VERSION
The version of syslog protocol: 1
TIMESTAMP
Formalized timestamp: YYYY-MM-DDThh:mm:ss±00:00
HOSTNAME
Host name of the NFO machine
APP-NAME
Application that orignated syslog: "NFO"
PROCID
The process name: "nfc_srv"
MSGID
Not used: "-"
STRUCTURED-DATA
Not used: "-"
The MSG part contains:
Field
Description
NFv9 Source ID
Configurable in NFO, default = "ff:ff:00:01"
nfc_id
NFO message ID - indicates the Module that produced this message
<other fields>
Other message fields - Module dependednt

JSON Format

Previous
Solutions at a Glance
Next
Amazon AWS VPC Flow Logs
Last modified 1yr ago
Copy link
Contents
Syslog Format
JSON Format