-
Cisco CNS NetFlow Collection Engine Installation and Configuration Guide, 4.0
-
Index
-
About This Guide
-
Overview
-
Installing and Configuring CNS NetFlow Collection Engine
-
Using the CNS NetFlow Collection Engine User Interface
-
Understanding the CNS NetFlow Collection Engine Data File Format
-
Customizing the CNS NetFlow Collection Engine
-
Using Cafeteria-Style Aggregation
-
Troubleshooting CNS NetFlow Collection Engine
-
NetFlow Export Datagram Formats
-
CNS NetFlow Collection Engine Configuration and Control Protocol
-
CNS NetFlow Collection Engine Binary Data File Format
-
CNS NetFlow Collection Engine CNS/XML Interface
-
Table Of Contents
CNS NetFlow Collection Engine CNS/XML Interface
List an Aggregator's Attributes
List a User-Defined Type's Attributes
List a Collector's Configuration
Update a Collector's Configuration
Disk Consumption Reaches a Certain Limit
Unsolicited Packet is Received
Active Threads Limit Is Reached
Incompatible Packet with an Aggregation Scheme
CNS NetFlow Collection Engine CNS/XML Interface
This appendix describes the CNS NetFlow Collection Engine CNS/Xtensible Markup Language (XML) interface, a message-based application interface that allows for messaging from, and remote manageability of, the CNS NetFlow Collection Engine application. Messages exchanged between CNS NetFlow Collection Engine and remote applications fall under two broad categories:
•
Request/response pairs
•
Note
Terminology
Throughout this appendix, the following terms are used:
•
•
•
–
–
•
Message Format
This section describes the XML message format used between XML clients and the CNS NetFlow Collection Engine. XML is string-based to avoid the inherent big-endian and little-endian problems associated with communication between machines of differing architectures.
The messages fall into the following categories:
•
•
•
All messages must be well-formed XML and have a root <nfc> element. For requests, the root element may contain any number of valid request elements. For events, the root element will contain an appropriate event element describing the event. Most request elements require login and password attributes. These attributes are used to authenticate the client with the CNS NetFlow Collection Engine and should relate to the NFC_USERNAME setting of the nf.resources file.
All response messages have a status attribute. Table E-1 describes these status attributes.
Table E-1 Response Message Status Attributes
All event messages contain at least one <collector> element to indicate which CNS NetFlow Collection Engine generated the event.
Communication
CNS NetFlow Collection Engine expects the request XML messages to come over the CNS Integration bus. Each CNS NetFlow Collection Engine listens for two bus event subjects. One subject is for broadcast messages that all CNS NetFlow Collection Engine will process. The other is for messages intended for only the local CNS NetFlow Collection Engine. Response messages are sent back onto the bus using the same subject they came in on. Both subjects can be changed by editing $NFC_DIR/config/nfc_xml.properties and restarting the CNS/XML interface.
CNS NetFlow Collection Engine forwards UENs in XML format on a third CNS Integration bus event subject. This subject can be updated by editing $NFC_DIR/config/nfc_xml.properties and restarting the CNS/XML interface.
Message List
This section describes all valid XML messages. Messages are organized by requests and their corresponding responses (including errors) followed by events. Some errors apply to all request messages. These error conditions indicate the following:
•
•
•
Note
List Filters
<nfc><getFilterList login="nfcuser" password="nfcuser"/></nfc>An expected sample response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getFilterListResponse status="GET_RESPONSE"><filter id="allow-web-serv"/><filter id="deny-icmp-traf"/><filter id="V9DenyWeb" userdef="true"/></getFilterListResponse></nfc>Possible error responses can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><getFilterListResponse status="AUTH_ERROR"><error>incorrect password</error></getFilterListResponse></nfc>or:
<?xml version="1.0" encoding="UTF-8"?><nfc><getFilterListResponse status="DOWN_ERROR"><error>collector communication failure</error></getFilterListResponse></nfc>Add Filter
<nfc><addFilter login="nfcuser" password="nfcuser"><filter id="foo"><rule action="allow"><type>srcaddr</type><value>192.168.1.1</value><mask>255.255.255.255</mask></rule></filter></addFilter></nfc>An expected sample response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><addFilterResponse status="SET_RESPONSE"><filter id="foo"/></addFilterResponse></nfc>Possible error responses can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><addFilterResponse status="SET_ERROR"><error>duplicate filter ID</error><filter id="F8"/></addFilterResponse></nfc>Drop a Filter
<nfc><removeFilter login="nfcuser" password="nfcuser"><filter id="foo"/></removeFilter></nfc>An expected sample response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><removeFilterResponse status="SET_RESPONSE"><info>dropped Filter foo</info><filter id="foo"/></removeFilterResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><removeFilterResponse status="SET_ERROR"><error>filter ID not found</error><filter id="foo"/></removeFilterResponse></nfc>List a Filter's Attributes
<nfc><getFilter login="nfcuser" password="nfcuser"><filter id="foo"/></getFilter></nfc>An expected sample response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getFilterResponse status="GET_RESPONSE"><filter id="foo"><rule action="allow"><type>Srcaddr</type><value>192.168.1.1</value><mask>255.255.255.255</mask></rule></filter></getFilterResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><getFilterResponse status="GET_ERROR"><error>filter ID not found</error><filter id="foo"/></getFilterResponse></nfc>List Protocols
<nfc><getProtocolList login="nfcuser" password="nfcuser"/></nfc>An expected sample response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getProtocolListResponse status="GET_RESPONSE"><protocol id="TCP-Telnet"/><protocol id="TCP-FTP"/><protocol id="TCP-WWW"/><protocol id="TCP-SMTP"/><protocol id="TCP-X"/><protocol id="TCP-BGP"/><protocol id="TCP-NNTP"/><protocol id="TCP-Other"/><protocol id="UDP-DNS"/><protocol id="UDP-NTP"/><protocol id="UDP-TFTP"/><protocol id="UDP-NFS"/><protocol id="UDP-NNTP"/><protocol id="UDP-Other"/><protocol id="GRE"/><protocol id="ICMP"/><protocol id="IGMP"/><protocol id="IPINIP"/></getProtocolListResponse></nfc>Add a Protocol
<nfc><addProtocol login="nfcuser" password="nfcuser"><protocol id="fooProtocol"><srcport>5552</srcport><prot>6</prot></protocol></addProtocol></nfc>An expected sample response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><addProtocolResponse status="SET_RESPONSE"><protocol id="fooProtocol"/></addProtocolResponse></nfc>Drop a Protocol
<nfc><removeProtocol login="nfcuser" password="nfcuser"><protocol id="fooProtocol"/></removeProtocol></nfc>An expected sample response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><removeProtocolResponse status="SET_RESPONSE"><info>dropped Protocol fooProtocol</info><protocol id="fooProtocol"/></removeProtocolResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><removeProtocolResponse status="SET_ERROR"><error>protocol ID not found</error><protocol id="fooProtocol"/></removeProtocolResponse></nfc>List a Protocol's Attributes
<nfc><getProtocol login="nfcuser" password="nfcuser"><protocol id="fooProtocol"/></getProtocol></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getProtocolResponse status="GET_RESPONSE"><protocol id="fooProtocol"><srcport>5552</srcport><prot>6</prot></protocol></getProtocolResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><getProtocolResponse status="GET_ERROR"><error>protocol ID not found</error><protocol id="fooProtocol"/></getProtocolResponse></nfc>List Aggregators
<nfc><getAggregatorList login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getAggregatorListResponse status="GET_RESPONSE"><aggregator id="RawFlows"/><aggregator id="SourceNode"/><aggregator id="DestNode"/><aggregator id="HostMatrix"/><aggregator id="SourcePort"/><aggregator id="DestPort"/><aggregator id="Protocol"/><aggregator id="DetailSourceNode"/><aggregator id="DetailDestNode"/><aggregator id="DetailHostMatrix"/><aggregator id="Cafeteria"/><aggregator id="DetailInterface"/><aggregator id="CallRecord"/><aggregator id="ASMatrix"/><aggregator id="DetailASMatrix"/><aggregator id="NetMatrix"/><aggregator id="ASHostMatrix"/><aggregator id="HostMatrixInterface"/><aggregator id="DetailCallRecord"/><aggregator id="RouterAS"/><aggregator id="RouterProtoPort"/><aggregator id="RouterSrcPrefix"/><aggregator id="RouterDstPrefix"/><aggregator id="RouterPrefix"/><aggregator id="ASPort"/><aggregator id="RouterTosAS"/><aggregator id="RouterTosProtoPort"/><aggregator id="RouterTosSrcPrefix"/><aggregator id="RouterTosDstPrefix"/><aggregator id="RouterTosPrefix"/><aggregator id="RouterPrePortProtocol"/><aggregator id="RouterDestOnly"/><aggregator id="RouterSrcDst"/><aggregator id="RouterFullFlow"/><aggregator id="V9SrcDst" userdef="true"/><aggregator id="V9Dethm" userdef="true"/></getAggregatorListResponse></nfc>Add an Aggregator
<nfc><addAggregator login="nfcuser" password="nfcuser"><aggregator id="fooAggregator" userdef="true"><key>IPSRCADDR</key><key>IPDSTADDR</key><value>PKTS_32</value><value>BYTES_32</value></aggregator></addAggregator></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><addAggregatorResponse status="SET_RESPONSE"><aggregator id="fooAggregator"/></addAggregatorResponse></nfc>Drop an Aggregator
<nfc><removeAggregator login="nfcuser" password="nfcuser"><aggregator id="fooAggregator"/></removeAggregator></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><removeAggregatorResponse status="SET_RESPONSE"><info>dropped Aggregation fooAggregator</info><aggregator id="fooAggregator"/></removeAggregatorResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><removeAggregatorResponse status="SET_ERROR"><error>aggregation not foun</error><aggregator id="fooAggregator"/></removeAggregatorResponse></nfc>List an Aggregator's Attributes
<nfc><getAggregator login="nfcuser" password="nfcuser"><aggregator id="fooAggregator"/></getAggregator></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getAggregatorResponse status="GET_RESPONSE"><aggregator id="fooAggregator"><key>IPSRCADDR</key><key>IPDSTADDR</key><value>PKTS_32</value><value>BYTES_32</value></aggregator></getAggregatorResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><getAggregatorResponse status="GET_ERROR"><error>aggregation not found</error></getAggregatorResponse></nfc>List Threads
<nfc><getThreadList login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getThreadListResponse status="GET_RESPONSE"><thread id="V9SRCDST"/><thread id="V9DETHM"/><thread id="RAWFLOWS"/><thread id="CALLREC"/><thread id="DETHTM"/><thread id="SRCPORT"/><thread id="DEINTER"/></getThreadListResponse></nfc>Add a Thread
<nfc><addThread login="nfcuser" password="nfcuser"><thread id="fooThread"><aggregator id="SourcePort"/><filter id="allow-web-serv"/><period>30</period><port>9995</port><state>inactive</state><data-set-path>/tmp</data-set-path><compression>true</compression><binary>false</binary><max-usage>10</max-usage></thread></addThread></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><addThreadResponse status="SET_RESPONSE"><thread id="fooThread"/></addThreadResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc></nfc>Drop a Thread
<nfc><removeThread login="nfcuser" password="nfcuser"><thread id="fooThread"/></removeThread></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><removeThreadResponse status="SET_RESPONSE"><info>dropped Thread fooThread</info><thread id="fooThread"/></removeThreadResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><removeThreadResponse status="SET_ERROR"><error>thread ID not found</error><thread id="fooThread"/></removeThreadResponse></nfc>List a Thread's Attributes
<nfc><getThread login="nfcuser" password="nfcuser"><thread id="fooThread"/></getThread></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getThreadResponse status="GET_RESPONSE"><thread id="fooThread"><aggregator>SourcePort</aggregator><filter>allow-web-serv</filter><period>30</period><port>9995</port><data-set-path>/tmp</data-set-path><state>Inactive</state><compression>true</compression><binary>false</binary><max-usage>10</max-usage></thread></getThreadResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><getThreadResponse status="GET_ERROR"><error>thread ID not found</error></getThreadResponse></nfc>List User-Defined Types
<nfc><getUserDefTypeList login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getUserDefTypeListResponse status="GET_RESPONSE"><userdef-type id="BYTES_32"/><userdef-type id="PKTS_32"/><userdef-type id="FLOWS"/><userdef-type id="PROT"/><userdef-type id="TOS"/><userdef-type id="TCP_FLAGS"/><userdef-type id="SRC_PORT"/><userdef-type id="IPSRCADDR"/><userdef-type id="SRC_MASK"/><userdef-type id="INPUT_SNMP"/><userdef-type id="DST_PORT"/><userdef-type id="IPDSTADDR"/><userdef-type id="DST_MASK"/><userdef-type id="OUTPUT_SNMP"/><userdef-type id="NEXT_HOP"/><userdef-type id="SRC_AS"/><userdef-type id="DST_AS"/><userdef-type id="BGP_NEXT_HOP"/><userdef-type id="MUL_DPKTS"/><userdef-type id="MUL_DOCTETS"/><userdef-type id="LAST_SWITCH"/><userdef-type id="FIRST_SWITCH"/><userdef-type id="BYTES_64"/><userdef-type id="PKTS_64"/><userdef-type id="MAC_ADDR"/><userdef-type id="VLAN_ID"/><userdef-type id="IPV6_SRC_ADDR"/><userdef-type id="IPV6_DST_ADDR"/><userdef-type id="IPV6_SRC_MASK"/><userdef-type id="IPV6_DST_MASK"/><userdef-type id="FLOW_LABEL"/><userdef-type id="ICMP_TYPE"/><userdef-type id="IGMP_TYPE"/><userdef-type id="SAMPLING_INTERVAL"/><userdef-type id="SAMPLING_ALGO"/><userdef-type id="FLOW_ACTIVE_TIMEOUT"/><userdef-type id="FLOW_INACTIVE_TIMEOUT"/><userdef-type id="ENGINE_TYPE"/><userdef-type id="ENGINE_ID"/><userdef-type id="TOTAL_BYTES_EXP"/><userdef-type id="TOTAL_EXP_PKTS_SENT"/><userdef-type id="TOTAL_FLOWS_EXP"/></getUserDefTypeListResponse></nfc>List a User-Defined Type's Attributes
<nfc><getUserDefType login="nfcuser" password="nfcuser"><userdef-type id="IPSRCADDR"/></getUserDefType></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getUserDefTypeListResponse status="GET_RESPONSE"><userdef-type dotted_address_type="true" id="IPSRCADDR"><type>8</type></userdef-type></getUserDefTypeListResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><getUserDefTypeListResponse status="GET_ERROR"><error>no user-defined type found</error><userdef-type id="foo"/></getUserDefTypeListResponse></nfc>List NDE Sources
<nfc><getNDESourceList login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getNDESourceListResponse status="GET_RESPONSE"><ndeSource id="192.168.1.100"/></getNDESourceListResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><getNDESourceListResponse status="GET_ERROR"><error>no NetFlow export data sources found</error></getNDESourceListResponse></nfc>List Collectors
<nfc><getCollectorList/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getCollectorListResponse><collector id="192.168.1.100"/><event-subject>cisco.mgmt.nfc.foo.cisco.com</event-subject></getCollectorListResponse></nfc>List a Collector's Configuration
<nfc><getCollectorConfiguration login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getCollectorConfigurationResponse status="GET_RESPONSE"><nfc-config-file>/opt/CSCOnfc/config/nfconfig.file</nfc-config-file><nfc-knownprotocols-file>/opt/CSCOnfc/config/nfknown.protocols</nfc-knownprotocols-fil e><nfc-knownsrcports-file>/opt/CSCOnfc/config/nfknown.srcports</nfc-knownsrcports-file><nfc-knowndstports-file>/opt/CSCOnfc/config/nfknown.dstports</nfc-knowndstports-file><nfc-knownsrcasns-file>/opt/CSCOnfc/config/nfknown.srcasns</nfc-knownsrcasns-file><nfc-knowndstasns-file>/opt/CSCOnfc/config/nfknown.dstasns</nfc-knowndstasns-file><nfc-knowntype-file>/opt/CSCOnfc/config/nfknown.typefile</nfc-knowntype-file><nfc-log-file>/opt/CSCOnfc/logs/nfc.log</nfc-log-file><nfcgw-log-file>/opt/CSCOnfc/logs/nfcgw.log</nfcgw-log-file><output-dotted-address>true</output-dotted-address><csv-format>false</csv-format><long-outputfile-suffix>false</long-outputfile-suffix><gmt-flag>true</gmt-flag><device-dotted-address>true</device-dotted-address><incremental-flushing>true</incremental-flushing><network-order-binary-output>true</network-order-binary-output><sourcenode-bucsize>2000</sourcenode-bucsize><destnode-bucsize>2000</destnode-bucsize><hostmatrix-bucsize>2000</hostmatrix-bucsize><sourceport-bucsize>2000</sourceport-bucsize><destport-bucsize>2000</destport-bucsize><protocol-bucsize>2000</protocol-bucsize><detailsourcenode-bucsize>2000</detailsourcenode-bucsize><detaildestnode-bucsize>2000</detaildestnode-bucsize><detailhostmatrix-bucsize>6000</detailhostmatrix-bucsize><detailinterface-bucsize>6000</detailinterface-bucsize><cafeteria-bucsize>30000</cafeteria-bucsize><callrecord-bucsize>50000</callrecord-bucsize><asmatrix-bucsize>25000</asmatrix-bucsize><netmatrix-bucsize>25000</netmatrix-bucsize><detailasmatrix-bucsize>50000</detailasmatrix-bucsize><ashostmatrix-bucsize>50000</ashostmatrix-bucsize><hostmatrixinterface-bucsize>50000</hostmatrixinterface-bucsize><detailcallrecord-bucsize>50000</detailcallrecord-bucsize><routeras-bucsize>50000</routeras-bucsize><routertosas-bucsize>50000</routertosas-bucsize><routerprotoport-bucsize>50000</routerprotoport-bucsize><routertosprotoprot-bucsize>50000</routertosprotoprot-bucsize><routersourceprefix-bucsize>50000</routersourceprefix-bucsize><routertossourceprefix-bucsize>50000</routertossourceprefix-bucsize><routerdestprefix-bucsize>50000</routerdestprefix-bucsize><routertosdestprefix-bucsize>50000</routertosdestprefix-bucsize><routerprefix-bucsize>50000</routerprefix-bucsize><routertosprefix-bucsize>50000</routertosprefix-bucsize><routerpreportprotocol-bucsize>50000</routerpreportprotocol-bucsize><routerdestonly-bucsize>50000</routerdestonly-bucsize><routersrcdst-bucsize>50000</routersrcdst-bucsize><routerfullflow-bucsize>50000</routerfullflow-bucsize><interfacematrix-bucsize>50000</interfacematrix-bucsize><socket-bufsize>900000</socket-bufsize><nfc-poolentries>2000</nfc-poolentries><nfc-poolentries-for-flush>10000</nfc-poolentries-for-flush><use-short-cut-address-as-source-ip>false</use-short-cut-address-as-source-ip><output-buffer-size>4</output-buffer-size><nfc-username>nfcuser</nfc-username><cleanup-interval>24</cleanup-interval><cleanup-job>/opt/CSCOnfc/bin/nfc_clean_up_job.sh</cleanup-job><nfc20-compatible-mode>false</nfc20-compatible-mode><uen-recipient-list><recipient><address>127.0.0.1</address><port>20000</port></recipient></uen-recipient-list><compression-level>6</compression-level><nfcd-logfile>/opt/CSCOnfc/logs/nfcd.log</nfcd-logfile><nfcd-max-restart-attempts>3</nfcd-max-restart-attempts><nfcd-application><path>/opt/CSCOnfc/bin/NFCGW</path><program-flags/><restart>true</restart><retry-interval>1</retry-interval><autostart>true</autostart><tmpfiles><tmpfile>/tmp/nfcgw.pid</tmpfile><tmpfile>/tmp/nfc.events</tmpfile></tmpfiles><scheduling-priority><scheduling-class>TimeShared</scheduling-class><default-priority>-20</default-priority></scheduling-priority></nfcd-application><nfcd-application><path>/opt/CSCOnfc/bin/NFCollector</path><program-flags/><restart>true</restart><retry-interval>1</retry-interval><autostart>true</autostart><tmpfiles><tmpfile>/tmp/nfcollector.pid</tmpfile></tmpfiles><scheduling-priority><scheduling-class>TimeShared</scheduling-class><default-priority>-20</default-priority></scheduling-priority></nfcd-application><nfcd-application><path>/opt/CSCOnfc/bin/nfcxml.sh</path><program-flags/><restart>true</restart><retry-interval>1</retry-interval><autostart>true</autostart><tmpfiles/><scheduling-priority><scheduling-class>TimeShared</scheduling-class><default-priority>0</default-priority></scheduling-priority></nfcd-application></getCollectorConfigurationResponse></nfc>Update a Collector's Configuration
<nfc><setCollectorConfiguration login="nfcuser" password="nfcuser"><collector-configuration><output-dotted-address>false</output-dotted-address></collector-configuration></setCollectorConfiguration></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><setCollectorConfigurationResponse status="SET_RESPONSE"/></nfc>List Known Source Ports
<nfc><getKnownSrcPorts login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getKnownSrcPortsResponse status="GET_RESPONSE"><srcport><start>0</start><end>1024</end></srcport><srcport><start>1025</start><end>9999</end><label>1K_9K_Port</label></srcport><srcport><start>10000</start><end>19999</end><label>10K_19K_Port</label></srcport><srcport><start>20000</start><end>29999</end><label>20K_29K_Port</label></srcport><srcport><start>30000</start><end>39999</end><label>30K_39K_Port</label></srcport><srcport><start>40000</start><end>49999</end><label>40K_49K_Port</label></srcport><srcport><start>50000</start><end>59999</end><label>50K_59K_Port</label></srcport><srcport><start>60000</start><end>65535</end><label>60K_65K_Port</label></srcport></getKnownSrcPortsResponse></nfc>List Known Destination Ports
<nfc><getKnownDstPorts login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getKnownDstPortsResponse status="GET_RESPONSE"><dstport><start>0</start><end>1024</end></dstport><dstport><start>1025</start><end>9999</end><label>1K_9K_Port</label></dstport><dstport><start>10000</start><end>19999</end><label>10K_19K_Port</label></dstport><dstport><start>20000</start><end>29999</end><label>20K_29K_Port</label></dstport><dstport><start>30000</start><end>39999</end><label>30K_39K_Port</label></dstport><dstport><start>40000</start><end>49999</end><label>40K_49K_Port</label></dstport><dstport><start>50000</start><end>59999</end><label>50K_59K_Port</label></dstport><dstport><start>60000</start><end>65535</end><label>60K_65K_Port</label></dstport></getKnownDstPortsResponse></nfc>List Known Source ASNs
<nfc><getKnownSrcASNs login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getKnownSrcASNsResponse status="GET_RESPONSE"><srcasn><start>0</start><end>16000</end></srcasn></getKnownSrcASNsResponse></nfc>List Known Destination ASNs
<nfc><getKnownDstASNs login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getKnownDstASNsResponse status="GET_RESPONSE"><dstasn><start>0</start><end>16000</end></dstasn></getKnownDstASNsResponse></nfc>Application Statistics
<nfc><getApplicationStats login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><getApplicationStatsResponse status="GET_RESPONSE"><port-stats><port>9995</port><packets-received>10</packets-received><packets-received-wrap-count>0</packets-received-wrap-count><records>300</records><records-wrap-count>0</records-wrap-count><packets-discarded>0</packets-discarded><records-missed>0</records-missed><records-missed-wrap-count>0</records-missed-wrap-count></port-stats><port-stats><port>9996</port><packets-received>0</packets-received><packets-received-wrap-count>0</packets-received-wrap-count><records>0</records><records-wrap-count>0</records-wrap-count><packets-discarded>0</packets-discarded><records-missed>0</records-missed><records-missed-wrap-count>0</records-missed-wrap-count></port-stats></getApplicationStatsResponse></nfc>Start FlowCollector
<nfc><startCollector login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><startCollectorResponse status="SET_RESPONSE"/></nfc>A possible error response can be:<?xml version="1.0" encoding="UTF-8"?><nfc><startCollectorResponse status="SET_ERROR"><error>running</error></startCollectorResponse></nfc>Stop FlowCollector
<nfc><stopCollector login="nfcuser" password="nfcuser"/></nfc>An expected response is:
<?xml version="1.0" encoding="UTF-8"?><nfc><stopCollectorResponse status="SET_RESPONSE"><info>stopped at Thu Sep 19 14:08:59 2002</info></stopCollectorResponse></nfc>A possible error response can be:
<?xml version="1.0" encoding="UTF-8"?><nfc><stopCollectorResponse status="SET_ERROR"><error>not running</error></stopCollectorResponse></nfc>Disk Consumption Reaches a Certain Limit
<?xml version="1.0" encoding="UTF-8"?><nfc><DiskConsumptionEvent><collector id="127.0.0.1"/><path>/opt/CSCOnfc</path><percent-used>100</percent-used></DiskConsumptionEvent></nfc>Unsolicited Packet is Received
<?xml version="1.0" encoding="UTF-8"?><nfc><ReceivedUnsolicitedPacketEvent><collector id="127.0.0.1"/><source>192.168.1.100</source></ReceivedUnsolicitedPacketEvent></nfc>Active Threads Limit Is Reached
<?xml version="1.0" encoding="UTF-8"?><nfc><MaxActiveThreadsLimitEvent><collector id="127.0.0.1"/></MaxActiveThreadsLimitEvent></nfc>Incompatible Packet with an Aggregation Scheme
<?xml version="1.0" encoding="UTF-8"?><nfc><IncompatiblePacketAndAggregationEvent><collector id="127.0.0.1"/><info>V1 packet for ASMatrix</info></IncompatiblePacketAnAggregationEvent></nfc>Could Not Write a Data File
<?xml version="1.0" encoding="UTF-8"?><nfc><DatafileNotWrittenEvent><collector id="127.0.0.1"/><file>/opt/CSCOnfc/Data/R1/1998_10_12/r1.1215</file><info>insufficient space in /opt/CSCOnfc</info></DatafileNotWrittenEvent></nfc>Start FlowCollector Event
<?xml version="1.0" encoding="UTF-8"?><nfc><StartCollectorEvent><collector id="127.0.0.1"/><time>Thu Sep 19 10:56:28 2002</time></StartCollectorEvent></nfc>Stop FlowCollector Event
<?xml version="1.0" encoding="UTF-8"?><nfc><StopCollectorEvent><collector id="127.0.0.1"/><time>Thu Sep 19 10:56:28 2002</time></StopCollectorEvent></nfc>Application Error
This message is generated by the CNS/XML interface if there is a problem with the interface itself. This is an indicator that an error message is in $NFC_DIR/logs/nfcxml.log.
<?xml version="1.0" encoding="UTF-8"?><nfc><application-error status="XML_ERROR><error>NullPointerException</error></application-error></nfc>
