Network Flow Monitoring Events
Network Flow Events
These events are generated from Cisco Netflow and SFlow.
Event Type: IOS-NETFLOW-BI (BI standing for bidirecational: two unidirectional netflow messages are combined into one), SFLOW-BI
Description: Event containing netflow data Source: Cisco IOS (Netflow) Key Attributes:
| Name | Id | Type | Description |
| Event Type | eventType | string | Event type set to IOS-NETFLOW-BI, SFLOW-BI |
| Event Severity | eventSeverity | uint16 | Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity) |
| Event Severity
Category |
eventSeverityCat | string | Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High |
| Event Receive
Time |
phRecvTime | Date | Time at which AccelOps generated this event (after receiving netflow) |
| Reporting IP | reptDevIpAddr | Date | IP address of device reporting this event. In this case set to the device reporting the utilization (same as Host name attribute) |
| Relaying IP | relayDevIpAddr | Date | IP address of device relaying this event from the source to AccelOps. In general it could be a syslog-ng IP address but in this, since AccelOps talks to the device directly, Relaying IP is set to AccelOps IP Address. |
| Source IP | srcIpAddr | IP | Source IP address of the flow |
| Dest IP | destIpAddr | IP | Destination IP address of the flow |
| IP Protocol | ipProto | uint16 | IP protocol e.g. TCP/UDP/GRE/ICMP etc |
| Source TCP/UDP
Port |
srcIpPort | uint16 | Source TCP/UDP port |
| Dest TCP/UDP
Port |
destIpPort | uint16 | Destination TCP/UDP port |
| ICMP Type | icmpType | uint16 | ICMP type |
| ICMP Code | icmpCode | uint16 | ICMP code |
| IP Type of Service | tos | uchar | IP Type of Service |
| Sent TCP flags | srcDestTCPFlags | uchar | OR-ed TCP Flags from Source to Destination |
| Received TCP
flags |
destSrcTCPFlags | uchar | OR-ed TCP Flags from Destination to Source |
| Source Intf SNMP
Index |
srcSnmpIntfIndex | uint16 | Source SNMP interface index |
| Source Interface
Name |
srcIntfName | string | Source Interface name |
| Dest Intf SNMP
Index |
destSnmpIntfIndex | uint16 | Destination SNMP interface index |
| Destination
Interface Name |
destIntfName | string | Destination Interface name |
| Source
Autonomous System Number |
srcASNum | uint16 | Source Autonomous number |
| Dest Autonomous
System Number |
destASNum | uint16 | Destination Autonomous number |
| Sent Bytes | sentBytes | uint32 | Sent Bytes in this flow |
| Sent Packets | sentPkts | uint32 | Sent Packets in this flow |
| Received Bytes | recvBytes | uint32 | Received Bytes in this flow |
| Received Packets | recvPkts | uint32 | received Packets in this flow |