Sampling Monitor (10002 / 20002)

Description

This Module reports NetFlow sampling information. For NFv5 sampling interval is taken from the header. For NFv9 and IPFIX sampling interval and other fields are taken from NetFlow options. For sFlow sampling interval is taken from sampling rate.

Parameters

Parameter Name
Description
Comments
Data Collection Interval, sec
Module logic execution interval
min = 10 sec, max = 600 sec, default = 60 sec
Default sampling interval
Sampling interval used in case no NFv9 options are available
min = 1, max = 100000, default = 1
Sampling info expiration time
Stop sending sampling information after this time of not seeing any traffic from the network device
min = 1 sec, max = 100000 sec, default = 300 sec

Input

NetFlow v5, v9, IPFIX, sFlow

Required NetFlow Fields

Information Element (IE)
IE id
IE size, B
Description
samplerId
48
1
The unique identifier associated with samplerName. Attention: this IE is deprecated in favor of selectorId (302)

Syslog/JSON Message Fields

Key
Field Description
Comments
nfc_id
Message type identifier
"nfc_id=20002"
exp_ip
NetFlow exporter IP address
<IPv4_address>
flow_smpl_id
Flow Sampler ID
<number>
smpl_int
Sampling interval
<number>
smpl_algo
Sampling algorithm
<string>
t_int
Observation time interval, msec
<number>
Last modified 1yr ago