NFO 2.8.1
Powered By GitBook
Bandwidth Consumption per Application for Palo Alto Networks (10034 / 20034)

Description

This Module utilizes Palo Alto Networks NetFlow v9 reporting and provides a list of most active applications by traffic. Most active applications are reported by Network Device over a time interval. The number of reported top most active applications (N) and the observation interval (T, sec) are configurable. This information is provided per NetFlow exporter.

Parameters

Parameter Name
Description
Comments
Data Collection Interval, sec
Module logic execution interval
min = 10 sec, max = 600 sec, default = 30 sec
Application id list
A list of watched applications. If specified, the traffic is reported by specified applications, and all other traffic is summed up under app=other. If the list is empty, the traffic is reported by all applications.
N - number of reported consumers
Top N (number of reported applications)
min = 0, max = 100000, default = 50 (0 indicates all hosts are reported)
Report selected applications only (1)
Enable/Disable reporting selected apps only (1 - report only apps in the list, 0 - report all apps)
default = 0

Inputs

Palo Alto Networks NetFlow v9.

Syslog/JSON Message Fields

Key
Field Description
Comments
nfc_id
Message type identifier
nfc_id=20034
exp_ip
NetFlow exporter IPv4 address
<IPv4_address>
app
Application
<string>
created_count
Created flows count
<number>
bytes
Bytes total (Traffic)
<number>
percent_of_total
Percent of Total (Traffic)
<decimal>, e.g. 25.444% is 25.444
t_int
Observation time interval, msec
<number>
Last modified 1yr ago