Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Required Flow template fields in NTA

Required Flow template fields in NTA

Table of contents

Updated June 22nd, 2016

Overview

This article discusses the required Flow template fields in NTA. Flow packets will be ignored if the required fields are not included in the Flow template.

Environment

All NTA versions

Detail

Field Type Field Type Number Description
IN_BYTES 1 Ingress bytes counter
IN_PKTS 2 Ingress packets counter
PROTOCOL 4 Layer 4 protocol
L4_SRC_PORT 7 Source TCP/UDP port
IPV4_SRC_ADDR 8 Source IP address
INPUT_SNMP 10 SNMP ingress interface index
L4_DST_PORT 11 Destination TCP/UDP port
IPV4_DST_ADDR 12 Destination IP address
OUTPUT_SNMP 14 SNMP egress interface index

Notes:

  • The NetFlow v9 specification indicates that templates may be configurable on a device-by-device basis. However, most devices have a set of static templates to which exported flows conform. When SolarWinds states that a device is supported by Orion NTA, SolarWinds has determined that at least one of the templates the device is capable of exporting will satisfy the Orion NTA requirements. For more information, see the Cisco white paper, NetFlow Version 9 Flow-Record Format.
  • Only one interface index is absolutely required, but both interface indexes (INPUT_SNMP and OUTPUT_SNMP) should be provided to view accurate statistics for both ingress and egress flows.
  • The SRC_TOS field corresponding to the service type of ingress traffic on an interface (field type number 5) is required to view Type of Service information for your traffic through a Flow source. The templates used by Cisco 4500 series switches and Adaptive Security Appliances (ASA) do not provide information in this field.
  • Cisco 4500 series switches do not provide information for the TCP_FLAGS field (field type number 6) corresponding to a count of all TCP flags seen in the related Flow.
  • Cisco Adaptive Security Appliances (ASA) are capable of providing Flow data using a limited template based on the NetFlow v9 template.

 

Last modified
12:10, 13 Feb 2017

Tags

Classifications

Public