流导出选项卡
Administration > General Settings > Setup > Flow Export
This tab summarizes how the appliances are configured to export statistical data to NetFlow and IPFIX collectors. The Flow Exporting Enabled setting allows the appliance to export the data to collectors. The appliance exports flows against two virtual interfaces—sp_lan and sp_wan—that accumulate the total of LAN-side and WAN-side traffic, regardless of physical interface.
要打开流程导出配置对话框,请单击编辑icon.
自定义信息元素
The following tables describe the Custom Information Elements.
数据类型:ipv4address
| 自定义IE名称和实现描述 | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| 客户端ipv4address TCP: source ipv4 address of SYN initiator is the client. UDP:第一个数据包的源IPv4地址是客户端。 |
默认 | 4 | 1 | |
| serveripv4address TCP: destination ipv4 address of SYN initiator is the client. UDP:第一个数据包的目标IPv4地址是客户端。 |
默认 | 4 | 2 | |
| connectionInitiator TCP: source ipv4 address of SYN initiator is the connection initiator. UDP: source ipv4 address of the first packet is the connection initiator. |
默认 | 4 | 7 |
Data Type: unsigned8
| 自定义IE名称和实现描述 | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| connectionNumberOfConnections 建立的TCP连接数(3向握手)或UDP会话的数量。 |
totalCounter | 1 | 9 | |
| connectionServerResponsesCount 目前1。 |
totalCounter | 1 | 10 | |
| ConnectionTransactionCompleteCount 目前1。 |
totalCounter | 1 | 21 |
Data Type: unsigned32
| 自定义IE名称和实现描述 | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| connectionServerResponseDelay TCP:SYN和SYN-ACK之间的往返时间。 UDP: Round-trip time between first onward and return packet. |
多发性硬化症 | 4 | 11 | |
| connectionNetworkToServerDelay TCP:SYN和SYN-ACK之间的往返时间。 UDP: Round-trip time between first onward and return packet. It is also called Server Network Delay (SND). |
多发性硬化症 | 4 | 12 | |
| connectionNetworkToClientDelay TCP: Round trip between SYN-ACK and ACK. UDP:第一响应和第二请求数据包之间的往返时间。它也称为客户网络延迟(CND)。 |
多发性硬化症 | 4 | 13 | |
| ConnectionClientPacketRansmissionCount 目前1。 |
totalCounter | 4 | 14 | |
| ConnectionClientToservernetworkdelay Network Time/Network Delay is known as the round-trip time that is the summation of CND and SND. It is also called Network Delay (ND). |
多发性硬化症 | 4 | 15 | |
| ConnectionApplicationDelay TCP:SYN和SYN-ACK之间的往返时间。 UDP: Round-trip time between first onward and return packet. |
多发性硬化症 | 4 | 16 | |
| ConnectionClientToserverResponsedElay CND和SND的总和。 |
多发性硬化症 | 4 | 17 | |
| Connection TransactionDuration 该流程显示第一个数据包和最后一个数据包之间的时差。 |
多发性硬化症 | 4 | 18 | |
| Connection TransactionDurationMin 该流程显示第一个数据包和最后一个数据包之间的时差。 |
多发性硬化症 | 4 | 19 | |
| ConnectionTransactionDurationMax 该流程显示第一个数据包和最后一个数据包之间的时差。 |
多发性硬化症 | 4 | 20 |
Data Type: unsigned64
| 自定义IE名称和实现描述 | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| ConnectionserveroctetDeltacount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. |
deltaCounter | octets | 8 | 3 |
| connectionServerPacketDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. |
deltaCounter | 包 | 8 | 4 |
| ConnectionClientoctetDeltacount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. |
deltaCounter | octets | 8 | 5 |
| connectionClientPacketDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. |
deltaCounter | 包 | 8 | 6 |
Data Type: String
| 自定义IE名称和实现描述 | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| applicationHttpHost HTTP destination domain name. |
默认 | 可变长度 | 8 | |
| applicationCategory 申请组。 |
默认 | 可变长度 | 27 | |
| 从区域 (源区)配置ZBF时流量的名称。 |
默认 | 可变长度 | 22 | |
| to-zone (Destination zone) name for the flow when ZBF is configured. |
可变长度 | 23 | ||
| tag 用户指定的可读字符串/标签,可以在配置ZBF规则时指定。如果未指定“标签”,将创建和导出自动标签。自动/默认标签是通过串联 |
默认 | 可变长度 | 24 | |
| 覆盖 覆盖名称该区域属于。 |
默认 | 可变长度 | 25 | |
| 方向 流动的方向:出站或入站。 |
默认 | 可变长度 | 26 |
流导出编辑行
The following table describes the Flow Export configuration options.
| Field | Description |
|---|---|
| Enable Flow Exporting | 移动切换以启用或禁用流量导出。 |
| 主动流量超时 | (几分钟内)有主动流量的时间。 |
| IPFIX模板超时 | 基于超时的模板升级。 |
| Traffic Type | 检查as many of the traffic types as you want. The default isWAN TX. |
| 信息元素 | 检查防火墙区,Application Performance, or both. |
If you check防火墙区:
Orchestrator generates data based specifically on the zone-based firewalls associated with the specified flow.
例如:主机名,从区域到区域,标签,动作,方向等。
If you checkApplication Performance:
Orchestrator generates data based specifically on the application performance associated with each flow.
例如:clientipv4address,serveripv4address,ConnectionInitiator,applicationhttphost等。
These interfaces appear in SNMP and are, therefore, “discoverable” by NetFlow and IPFIX collectors.
TheCollector’s IP Addressis the IP address of the device to which you are exporting the NetFlow/IPFIX statistics. The default Collector Port is2055.
有关IPFIX和关联的自定义信息元素(IES)的更多信息,请参见Cloud Information Elements.