Network Flow Monitoring Events
Network Flow Events
These events are generated from Cisco Netflow and SFlow.
Event Type: IOS-NETFLOW-BI (BI standing for bidirecational: two unidirectional netflow messages are combined into one), SFLOW-BI
Description: Event containing netflow data Source: Cisco IOS (Netflow) Key Attributes:
Name | Id | Type | Description |
Event Type | eventType | string | Event type set to IOS-NETFLOW-BI, SFLOW-BI |
Event Severity | eventSeverity | uint16 | Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity) |
Event Severity
Category |
eventSeverityCat | string | Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High |
Event Receive
Time |
phRecvTime | Date | Time at which AccelOps generated this event (after receiving netflow) |
Reporting IP | reptDevIpAddr | Date | IP address of device reporting this event. In this case set to the device reporting the utilization (same as Host name attribute) |
Relaying IP | relayDevIpAddr | Date | IP address of device relaying this event from the source to AccelOps. In general it could be a syslog-ng IP address but in this, since AccelOps talks to the device directly, Relaying IP is set to AccelOps IP Address. |
Source IP | srcIpAddr | IP | Source IP address of the flow |
Dest IP | destIpAddr | IP | Destination IP address of the flow |
IP Protocol | ipProto | uint16 | IP protocol e.g. TCP/UDP/GRE/ICMP etc |
Source TCP/UDP
Port |
srcIpPort | uint16 | Source TCP/UDP port |
Dest TCP/UDP
Port |
destIpPort | uint16 | Destination TCP/UDP port |
ICMP Type | icmpType | uint16 | ICMP type |
ICMP Code | icmpCode | uint16 | ICMP code |
IP Type of Service | tos | uchar | IP Type of Service |
Sent TCP flags | srcDestTCPFlags | uchar | OR-ed TCP Flags from Source to Destination |
Received TCP
flags |
destSrcTCPFlags | uchar | OR-ed TCP Flags from Destination to Source |
Source Intf SNMP
Index |
srcSnmpIntfIndex | uint16 | Source SNMP interface index |
Source Interface
Name |
srcIntfName | string | Source Interface name |
Dest Intf SNMP
Index |
destSnmpIntfIndex | uint16 | Destination SNMP interface index |
Destination
Interface Name |
destIntfName | string | Destination Interface name |
Source
Autonomous System Number |
srcASNum | uint16 | Source Autonomous number |
Dest Autonomous
System Number |
destASNum | uint16 | Destination Autonomous number |
Sent Bytes | sentBytes | uint32 | Sent Bytes in this flow |
Sent Packets | sentPkts | uint32 | Sent Packets in this flow |
Received Bytes | recvBytes | uint32 | Received Bytes in this flow |
Received Packets | recvPkts | uint32 | received Packets in this flow |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!