Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-214

Add client port and server port columns

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • Console Plugin, FLP
    • Add client port and server
    • BU Product Work
    • False
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-179 - Add client port and server port columns
    • OCPSTRAT-179Add client port and server port columns
    • 100% To Do, 0% In Progress, 0% Done

      NetFlows provide the source and destination port.  When a user accesses a web site, the source port is an ephemeral port and the destination port is typically a well-known port such as 443 (https).  When the web server responds to the request, the source port and destination port are reversed.

      There are many cases where it is more useful to have a concept of a client port and server port where the ports are not reversed in the response.  This means it has to identify who initiated the transaction.  One way of accomplishing this is documented in the flowlogs-pipleline.

              The seventh rule conn_tracking generates a new field named isNewFlow that contains the contents of the parameters variable only for new entries (first seen in 120 seconds) that match hash of template fields from the input variable.

      However, this will only be accurate if sampling is turned off.

      A new transformation in the flowlogs-pipeline can add the client port and server port fields.  The UI can then add these columns to the NetFlow table.

          There are no Sub-Tasks for this issue.

              Unassigned Unassigned
              stlee@redhat.com Steven Lee
              Sara Thomas Sara Thomas
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: