NFO 2.8.1
Powered By GitBook
Autonomous Systems Monitor (10066 / 20066)

Description

This Module reports traffic by all Autonomous Systems (AS). This information is provided per NetFlow exporter.

Parameters

Parameter Name
Description
Comments
Data Collection Interval, sec
Module logic execution interval
min = 5 sec, max = 600 sec, default = 30 sec
N – number of reported hosts
The number of top ASN pairs reported per NetFlow exporter
min = 0, max = 100000, default = 50 (0 indicates all hosts are reported)

Input

NetFlow v5, v9, IPFIX.

Required NetFlow Fields

Information Element (IE)
IE id
IE size, B
Description
octetDeltaCount
1
4 or 8
The number of octets since the previous report (if any) in incoming packets for this Flow at the Observation Point. The number of octets includes IP header(s) and IP payload.
packetDeltaCount
2
4 or 8
The number of incoming packets since the previous report (if any) for this Flow at the Observation Point.

Syslog/JSON Message Fields

Key
Field Description
Comments
nfc_id
Message type identifier
"nfc_id=20066"
exp_ip
NetFlow exporter IP address
<IPv4 address>
src_asn
Source AS
<number>
dest_asn
Destination AS
<number>
bytes
Total number of Layer 3 bytes in the packets of the flow received (IPv4)
<number>
bytes6
Total number of Layer 3 bytes in the packets of the flow received (IPv6)
<number>
packets
Packets in the flow received (IPv4)
<number>
packets6
Packets in the flow received (IPv6)
<number>
flow_count
Number of Flows
<number>
percent_of_total
Percent of Total (bytes)
<decimal>
[flow_smpl_id]
Flow Sampler ID
<number>
t_int
Observation time interval, msec
<number>
Last modified 1yr ago