Bandwidth Consumption per Application and Users for Cisco AVC (10435 / 20435)
Description
This Module utilizes Cisco Application Visibility and Control (AVC) (https://www.cisco.com/c/en/us/products/routers/avc-control.html) NetFlow v9 reporting and provides a list of most active applications and users by traffic. Most active applications and users are reported by Network Device over a time interval. The number of reported top most active applications and users (N) and the observation interval (T, sec) are configurable.
This information is provided per NetFlow exporter.
Parameters
| Parameter Name | Description | Comments |
|---|---|---|
| Data Collection Interval, sec | Module logic execution interval | min = 10 sec, max = 600 sec, default = 30 sec |
| Application name list | A list of watched applications. If specified, the traffic is reported by specified applications, and all other traffic is summed up under app_name=other. If the list is empty, the traffic is reported by all applications. | |
| List of known server destination port numbers | List of server destination ports to be used to determine which host is a client and which is a server. If the list is empty all ports are reported | e.g. 53, 80, 443 |
| Share of total traffic reported, % | Reported percent of total traffic by application by user | e.g. 50 - indicates that all application/user entries consuming 50% of traffic are reported; min = 1%, max = 100%, default = 80% |
| Report selected applications only (1) | Enable/Disable reporting selected apps only (1 - report only apps in the list, 0 - report all apps) | default = 0 |
Inputs
Cisco AVC NetFlow v9 (including Cisco WLC NetFlow v9) Data and Options.
Syslog/JSON Message Fields
| Key | Field Description | Comments |
|---|---|---|
| nfc_id | Message type identifier | “nfc_id=20435” |
| exp_ip | NetFlow exporter IPv4 address | <IPv4 address> |
| protocol | Transport Protocol ( TCP = 6, UDP = 17) | <number> |
| direction | Direction | <string>, “inbound” or “outbound” |
| app_tag | Application Tag | <string>, example “13:1” |
| app_name [^1] | Application Name | <string>, example “ftp” |
| engine_id | Classification Engine ID | <string>, example “IANA-L3” |
| dest_ip | Destination host IP address | <IPv4 address> |
| dest_ip6 | Destination host IPv6 address | <IPv6 address> |
| dest_port | Destination host port number | <number>, 0 if destination is a client host |
| src_ip | Source host IP address | <IPv4 address> |
| src_ip6 | Source host IPv6 address | <IPv6 address> |
| src_port | Source host port number | <number>, 0 if source is a client host |
| user | User-ID | <string>, (“na” if not available) |
| bytes | Bytes total (Traffic) | <number> |
| flow_count | Flows count | <number> |
| percent_of_total | Percent of Total (Traffic) | <decimal>, e.g. 25.444% is 25.444 |
| t_int | Observation time interval, msec | <number> |
[^1]: Device must be configured to export Application list in NetFlow Options