Filter
Top Products
Log > Flow Reporting
1383
SonicOS 5.8.1 Administrator Guide
• Connected Devices—This table reports the list of all devices connected through the
SonicWALL appliance, including the MAC addresses, IP addresses, Interface, and
NETBIOS name of connected devices.
• VPN Tunnels—This table reports all VPN tunnels established through the SonicWALL
appliance.
• URL Rating—This table reports Rating IDs for all URLs accessed through the SonicWALL
appliance.
Templates
The following section shows examples of the type of Netflow template tables that are exported.
You can perform a Diagnostic Report of your own Netflow Configuration by navigating to the
System > Diagnostics screen, and click the Download Report button in the “Tech Support
Report” section.
NetFlow version 5
The NetFlow version 5 datagram consists of a header and one or more flow records, using UDP
to send export datagrams. The first field of the header contains the version number of the export
datagram. The second field in the header contains the number of records in the datagram,
which can be used to search through the records. Because NetFlow version 5 is a fixed
datagram, no templates are available, and will follow the format of the tables listed below.
NetFlow version 5 Header Format
Bytes Contents Description
0-1 version NetFlow export format version number
2-3 count Number of flows exported in this packet (1-30)
4-7 SysUptime Current time in milliseconds since the export device booted
8-11 unix_secs Current count of seconds since 0000 UTC 1970
12-15 unix_nsecs Residual nanoseconds since 0000 UTC 1970
16-19 flow_sequence Sequence counter of total flows seen
20 engine_type Type of flow-switching engine
20 engine_id Slot number of the flow-switching engine
22-23 sampling_interval First two bits hold the sampling mode; remaining 14 bits hold
value of sampling interval