NFO 2.8.1
Powered By GitBook
Top Bandwidth Consumers for Palo Alto Networks (10030 / 20030)

Description

This Module utilizes Palo Alto Networks NetFlow v9 reporting and provides a list of top network bandwidth consumers operating on the internal network. Top bandwidth consumers are reported by Network Device and by Destination Port over a time interval. Only TCP/IP and UDP traffic is accounted for. The number of reported top consumers (N) and the observation interval (T, sec) are configurable. This information is provided per NetFlow exporter.

Parameters

Parameter Name
Description
Comments
Data Collection Interval, sec
Module logic execution interval
min = 10 sec, max = 600 sec, default = 30 sec
N - number of reported bandwidth consumers
Top N (number of reported consumers)
min = 0, max = 100000, default = 50 (0 indicates all hosts are reported)

Inputs

Palo Alto Networks NetFlow v9.

Syslog/JSON Message Fields

Key
Field Description
Comments
nfc_id
Message type identifier
"nfc_id=20030"
exp_ip
NetFlow exporter IPv4 address
<IPv4_address>
src_ip
Source host IPv4 address
<IPv4_address>
src_ip6
Source host IPv6 address
<IPv6_address>
user
User-ID
<string> ("na" if not available)
created_count
Created flows count
<number>
denied_count
Denied flows count
<number>
bytes
Bytes total (Traffic)
<number>
percent_of_total
Percent of Total (Traffic)
<decimal>, e.g. 25.444% is 25.444
t_int
Observation time interval, msec
<number>
Last modified 1yr ago