flow_end_timeand calculated as follows:
durationis reported when the session is terminated. It is calculated as the time between the
flow_start_timeof the SYN flow and the
flow_end_timeof the FIN/RST flow. Session report timeout interval is a parameter to report TCP sessions that did not get FIN/RST within this time after last flow of the conversation is received.
durationis reported with event state=”E” and is calculated as the time interval between
flow_start_timeof the first flow and
flow_end_timeof the last flow.
statefield indicates the state of the conversation and may have the following values: “B”: Begin, “C”: Continuing, “E”: End. The state is reported for each conversation at the end of Data Collection Interval (DCI).
directionfield indicates in which direction (inbound or outbound) the network conversation is going. It is determined based on configuration of local subnets in the Module (
List of local subnetsfor IPv4 and
List of local IPv6 prefixesfor IPv6).
inboundfor external src_ip and local dest_ip
outboundfor local src_ip and external dest_ip
internalfor local src_ip and local dest_ip
unknownfor none of the above
Network Conversation Monitor.
NConverter for Network Conversation Monitor.
List of output fields.
credentials-s3. It should be placed on the machine where NFO is installed. Use the IAM User public and secret access key to create a file as follows:
chmod 400 credentials. The Module reads the file and takes all profiles from it. The Module expects that each account has only one profile.