Top Bandwidth Consumers for Palo Alto Networks (10030 / 20030)
Description​
This Module utilizes Palo Alto Networks NetFlow v9 reporting and provides a list of top network bandwidth consumers operating on the internal network. Top bandwidth consumers are reported by Network Device and by Destination Port over a time interval. Only TCP/IP and UDP traffic is accounted for. The number of reported top consumers (N) and the observation interval (T, sec) are configurable. This information is provided per NetFlow exporter.
Parameters​
Parameter Name | Description | Comments |
---|---|---|
Data Collection Interval, sec | Module logic execution interval | min = 10 sec, max = 600 sec, default = 30 sec |
N - number of reported bandwidth consumers | Top N (number of reported consumers) | min = 0, max = 100000, default = 50 (0 indicates all hosts are reported) |
Inputs​
Palo Alto Networks NetFlow v9.
Syslog/JSON Message Fields​
Key | Field Description | Comments |
---|---|---|
nfc_id | Message type identifier | "nfc_id=20030" |
exp_ip | NetFlow exporter IPv4 address | <IPv4_address> |
src_ip | Source host IPv4 address | <IPv4_address> |
src_ip6 | Source host IPv6 address | <IPv6_address> |
user | User-ID | <string> ("na" if not available) |
created_count | Created flows count | <number> |
denied_count | Denied flows count | <number> |
bytes | Bytes total (Traffic) | <number> |
percent_of_total | Percent of Total (Traffic) | <decimal>, e.g. 25.444% is 25.444 |
t_int | Observation time interval, msec | <number> |