Skip to main content
Version: 2.10.1

Top Bandwidth Consumers for Palo Alto Networks (10030 / 20030)

Description​

This Module utilizes Palo Alto Networks NetFlow v9 reporting and provides a list of top network bandwidth consumers operating on the internal network. Top bandwidth consumers are reported by Network Device and by Destination Port over a time interval. Only TCP/IP and UDP traffic is accounted for. The number of reported top consumers (N) and the observation interval (T, sec) are configurable. This information is provided per NetFlow exporter.

Parameters​

Parameter NameDescriptionComments
Data Collection Interval, secModule logic execution intervalmin = 10 sec, max = 600 sec, default = 30 sec
N - number of reported bandwidth consumersTop N (number of reported consumers)min = 0, max = 100000, default = 50 (0 indicates all hosts are reported)

Inputs​

Palo Alto Networks NetFlow v9.

Syslog/JSON Message Fields​

KeyField DescriptionComments
nfc_idMessage type identifier"nfc_id=20030"
exp_ipNetFlow exporter IPv4 address<IPv4_address>
src_ipSource host IPv4 address<IPv4_address>
src_ip6Source host IPv6 address<IPv6_address>
userUser-ID<string> ("na" if not available)
created_countCreated flows count<number>
denied_countDenied flows count<number>
bytesBytes total (Traffic)<number>
percent_of_totalPercent of Total (Traffic)<decimal>, e.g. 25.444% is 25.444
t_intObservation time interval, msec<number>