FDR Packeteer-2 Flow Data (20010)
Description
FDR Packeteer-2 Flow Data Converter translates Blue Coat’s PacketShaper flows into syslog messages 1-to-1. Each flow record is converted into a syslog message in the “key=value” format. The tables below describe the mapping between Packeteer-2 Flow Data and key values.
FDR Packeteer-2 Header
This table describes the header present in each Packeteer-2 protocol packet.
Name
Bytes
NetFlow Logic field
Version
2
Flow records in this PDU
1
Shaper Serial Number
5
device
Unix Time in sec
4
Residual nanoseconds
4
Total flows seen
4
PacketeerFlowRecordsID
4
flow_id
SysUpTime in millisec
4
FDR Packeteer-2 Records
This table describes the data records present in each Packeteer-2 packet. The number of bytes used and any additional information is given for each data item included in the FDR packet.
Name
Bytes
Description
NetFlow Logic field
Source IPaddr
4
The IP address from which a flow was sent
src_ip
Destination IPaddr
4
The IP address to which a flow was sent
dest_ip
Packeteer ClassID
4
A numeric descriptor for a PacketShaper-identified traffic class
class_id
Inbound IFindex
2
The PacketShaper interface through which the flow entered
ifindex_in
Outbound IFindex
2
The PacketShaper interface through which the flow exited
ifindex_out
Packet Count
4
The total number of packets in the flow
packets
Byte Count
4
The total number of bytes in the flow
bytes
Time at Start of Flow
4
SysUpTime when first packet seen
first_time
Time at End of Flow
4
SysUpTime when last packet seen
last_time
Source Port
2
The port on which the flow was sent
src_port
Destination Port
2
The port to which the flow was sent
dest_port
Packeteer Policy
1
priority=1, rate=2, uncontrolled=8, discard=16 or never-admit=32
policy
TCP flags
1
The logical sum (AND) of all TCP flags seen during the flow
tcp_flag
Layer 4 protocol
1
The type of layer 4 protocol for the flow. Common IP protocol values are:
1 ICMP
2 IGMP
6 TCP
9 IGRP
17 UDP
41 IPv6
46 RSVP
47 GRE
50 IPSec
51 IPSec
108 IPComp
protocol
IP ToS/DiffServ Byte (DSCP)
1
The value of any Type of Service or DiffServ (DSCP) for the flow, if present
tos
Packeteer Service Type
2
The type of service (TOS)
service_id
Server at Source or Dest.
1
The location of the server for this flow, may not apply to some protocols:
s = source of the flow
d = destination of the flow
0 = unknown (may not be a client/server based protocol)
srv_loc
Packeteer Policy Priority
1
Priority for this flow (0-7), either the priority assigned by a priority policy, or the priority assigned to excess rate with a rate policy
priority
Retransmitted Bytes
4
The number of bytes requiring retransmission for this flow
r_bytes
Input
FDR Packeteer-2
Syslog/JSON Message Fields
Key
Field Description
Comments
nfc_id
Message type identifier
“nfc_id=20010”
device
PacketShaper Serial Number(1)
<string>
flow_id
PacketShaper flow identifier
<number>
src_ip
The IP address from which a flow was sent
<IPv4_address>
dest_ip
The IP address to which a flow was sent
<IPv4_address>
class_id
PacketShaper traffic class ID
<number>
application
Application (class ID name) (2)
<string>
ifindex_in
Inbound Interface
<number>
ifindex_out
Outbound Interface
<number>
packets
Packet Count
<number>
bytes
Byte Count
<number>
first_time
Time at Start of Flow
<number>
last_time
Time at End of Flow
<number>
src_port
Source Port
<number>
dest_port
Destination Port
<number>
policy
Packeteer Policy
<number>
tcp_flag
TCP flags
<string>, e.g. “SYN,ACK,FIN”
protocol
Transport Protocol (TCP = 6, UDP = 17)
<number>
tos
IP ToS/DiffServ Byte (DSCP)
<number>
(1) This field is taken from Packeteer-2 Header.
(2) This field is populated from a lookup CSV file that maps class ID to Application name.