> you need to fix the configuration of your switch/router I think it's ok because data are received from the switch, if I check at the end of the sFlow plugins page, I can see the following informations meaning to me that data are correctly received.
Received Flows Flow Senders 172.16.2.251 [267 pkts] Number of Packets Received 267 Number of Packets with Bad Version 0 Number of Packets Processed 267 Number of Valid Flows Received 0 Number of v2 Flows Received 267 Number of v4 Flows Received 0 Number of v5 Flows Received 0 Discarded Flows Number of Flows with Bad Data 0 Total Number of Flows Processed 0 It look tyo me that sFlow plugin receive the data but Ntop doens't display it or maybe I'm wrong here. > So you've seen ONE processable FLOWSAMPLE and 1000s of unprocessable > COUNTERSAMPLE? > > Sounds like you need to fix the configuration of your switch/router that's > sending the stuff. > > -----Burton > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, March 29, 2005 12:02 PM > To: [email protected] > Cc: [email protected] > Subject: RE: [Ntop] sFlow not working! > >> Are there anything else in there? > No, all I can see is messages like the one I've pasted in the email, > nothing > else. This one differ from the others: > > Mar 29 13:15:03 eyes ntop[8471]: startSample ---------------------- > Mar 29 13:15:03 eyes ntop[8471]: sampleType_tag 0:1 > Mar 29 13:15:03 eyes ntop[8471]: sampleType FLOWSAMPLE > Mar 29 13:15:03 eyes ntop[8471]: sampleSequenceNo 17451 > Mar 29 13:15:03 eyes ntop[8471]: sourceId 0:21 > Mar 29 13:15:03 eyes ntop[8471]: meanSkipCount 4096 > Mar 29 13:15:03 eyes ntop[8471]: samplePool 71479296 > Mar 29 13:15:03 eyes ntop[8471]: dropEvents 0 > Mar 29 13:15:03 eyes ntop[8471]: inputPort 21 > Mar 29 13:15:03 eyes ntop[8471]: outputPort 1 > Mar 29 13:15:03 eyes ntop[8471]: flowSampleType HEADER > Mar 29 13:15:03 eyes ntop[8471]: headerProtocol 1 > Mar 29 13:15:03 eyes ntop[8471]: sampledPacketSize 1395 > Mar 29 13:15:03 eyes ntop[8471]: headerLen 128 > Mar 29 13:15:03 eyes ntop[8471]: headerBytes > 00-0D-56-9A-26-C9-00-30-6E-00-25-CA-08-00-45-00-05-65-57-5D-40-00-80-06-42-A > F-AC-10-01-05-AC-10-02-61-0D-17-05-2B-44-07-5C-4D-62-C2-84-94-50-18-21-D4-AC > -AF-00-00-3D-05-4E-00-00-00-20-00-00-00-00-00-00-00-00-00-FF-FF-FF-FF-00-00- > AC-10-02-61-05-2B-57-52-A0-06-90-07-00-00-05-00-00-00-64-00-00-00-C8-04-00-0 > 0-C8-04-00-00-58-00-00-00-0C-00-00-00-0C-00-00-00-00-00-00-00-00-07-DB-4A-4D > -01 > Mar 29 13:15:03 eyes ntop[8471]: dstMAC 000d569a26c9 > Mar 29 13:15:03 eyes ntop[8471]: srcMAC 00306e0025ca > Mar 29 13:15:03 eyes ntop[8471]: IPSize 1381 > Mar 29 13:15:03 eyes ntop[8471]: ip.tot_len = 1381 > Mar 29 13:15:03 eyes ntop[8471]: srcIP 172.16.1.5 > Mar 29 13:15:03 eyes ntop[8471]: dstIP 172.16.2.97 > Mar 29 13:15:03 eyes ntop[8471]: IPProtocol 6 > Mar 29 13:15:03 eyes ntop[8471]: IPTOS 0 > Mar 29 13:15:03 eyes ntop[8471]: IPTTL 128 > Mar 29 13:15:03 eyes ntop[8471]: TCPSrcPort 3351 > Mar 29 13:15:03 eyes ntop[8471]: TCPDstPort 1323 > Mar 29 13:15:03 eyes ntop[8471]: TCPFlags 24 > Mar 29 13:15:03 eyes ntop[8471]: extendedType SWITCH > Mar 29 13:15:03 eyes ntop[8471]: in_vlan 1 > Mar 29 13:15:03 eyes ntop[8471]: in_priority 0 > Mar 29 13:15:03 eyes ntop[8471]: out_vlan 1 > Mar 29 13:15:03 eyes ntop[8471]: out_priority 0 > Mar 29 13:15:03 eyes ntop[8471]: endSample ---------------------- > > > >> All you're showing are COUNTERSAMPLE samples. Are there anything else >> in there? >> >> As I quoted from the FAQ: "COUNTERSAMPLE packets give a quick look at >> interface counters on the machine, whereas FLOWSAMPLE packets are >> actual packet fragments from IP connections. Ntop seems to simply >> parse, debug_print, and discard COUNTERSAMPLE packets..." >> >> -----Burton >> >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf >> Of [EMAIL PROTECTED] >> Sent: Tuesday, March 29, 2005 10:22 AM >> To: [email protected] >> Cc: [email protected] >> Subject: RE: [Ntop] sFlow not working! >> >> This IP/MASK is the one of my Network Foundry switch -> >> 172.16.2.251/255.255.255.0 and the one I've defined into the Virtual >> sFlow Interface Network Address, port is 6343, and debug has been set >> to On. A tailf on /var/log/message return the following (much more for > sure): >> >> Mar 29 11:33:10 eyes ntop[8471]: sampleType COUNTERSSAMPLE >> Mar 29 11:33:10 eyes ntop[8471]: sampleSequenceNo 5651 >> Mar 29 11:33:10 eyes ntop[8471]: sourceId 0:19 >> Mar 29 11:33:10 eyes ntop[8471]: statsSamplingInterval 60 >> Mar 29 11:33:10 eyes ntop[8471]: counterBlockVersion 1 >> Mar 29 11:33:10 eyes ntop[8471]: ifIndex 19 >> Mar 29 11:33:10 eyes ntop[8471]: networkType 117 >> Mar 29 11:33:10 eyes ntop[8471]: ifSpeed 100000000 >> Mar 29 11:33:10 eyes ntop[8471]: ifDirection 1 >> Mar 29 11:33:10 eyes ntop[8471]: ifStatus 3 >> Mar 29 11:33:10 eyes ntop[8471]: ifInOctets 1151905399127 >> Mar 29 11:33:10 eyes ntop[8471]: ifInUcastPkts 1145225876 >> Mar 29 11:33:10 eyes ntop[8471]: ifInMulticastPkts 5444 >> Mar 29 11:33:10 eyes ntop[8471]: ifInBroadcastPkts 2562311 >> Mar 29 11:33:10 eyes ntop[8471]: ifInDiscards 0 >> Mar 29 11:33:10 eyes ntop[8471]: ifInErrors 1 >> Mar 29 11:33:10 eyes ntop[8471]: ifInUnknownProtos 0 >> Mar 29 11:33:10 eyes ntop[8471]: ifOutOctets 172371426642 >> Mar 29 11:33:10 eyes ntop[8471]: ifOutUcastPkts 704058492 >> Mar 29 11:33:10 eyes ntop[8471]: ifOutMulticastPkts 12849313 >> Mar 29 11:33:10 eyes ntop[8471]: ifOutBroadcastPkts 12397002 >> Mar 29 11:33:10 eyes ntop[8471]: ifOutDiscards 0 >> Mar 29 11:33:10 eyes ntop[8471]: ifOutErrors 0 >> Mar 29 11:33:10 eyes ntop[8471]: ifPromiscuousMode 1 >> Mar 29 11:33:10 eyes ntop[8471]: endSample ---------------------- >> Mar 29 11:33:11 eyes ntop[8471]: datagramSourceIP 251.2.16.172 >> Mar 29 11:33:11 eyes ntop[8471]: datagramSize 132 >> Mar 29 11:33:11 eyes ntop[8471]: unixSecondsUTC 1112113991 >> Mar 29 11:33:11 eyes ntop[8471]: datagramVersion 2 >> Mar 29 11:33:11 eyes ntop[8471]: agent 172.16.2.251 >> Mar 29 11:33:11 eyes ntop[8471]: packetSequenceNo 176510 >> Mar 29 11:33:11 eyes ntop[8471]: sysUpTime 4166505708 >> Mar 29 11:33:11 eyes ntop[8471]: samplesInPacket 1 >> Mar 29 11:33:11 eyes ntop[8471]: startSample ---------------------- >> Mar 29 11:33:11 eyes ntop[8471]: sampleType_tag 0:2 >> Mar 29 11:33:11 eyes ntop[8471]: sampleType COUNTERSSAMPLE >> Mar 29 11:33:11 eyes ntop[8471]: sampleSequenceNo 5652 >> Mar 29 11:33:11 eyes ntop[8471]: sourceId 0:21 >> Mar 29 11:33:11 eyes ntop[8471]: statsSamplingInterval 60 >> Mar 29 11:33:11 eyes ntop[8471]: counterBlockVersion 1 >> Mar 29 11:33:11 eyes ntop[8471]: ifIndex 21 >> Mar 29 11:33:11 eyes ntop[8471]: networkType 117 >> Mar 29 11:33:11 eyes ntop[8471]: ifSpeed 100000000 >> Mar 29 11:33:11 eyes ntop[8471]: ifDirection 1 >> Mar 29 11:33:11 eyes ntop[8471]: ifStatus 3 >> Mar 29 11:33:11 eyes ntop[8471]: ifInOctets 696722336339 >> Mar 29 11:33:11 eyes ntop[8471]: ifInUcastPkts 565653474 >> Mar 29 11:33:11 eyes ntop[8471]: ifInMulticastPkts 41 >> Mar 29 11:33:11 eyes ntop[8471]: ifInBroadcastPkts 92786 >> Mar 29 11:33:11 eyes ntop[8471]: ifInDiscards 0 >> Mar 29 11:33:11 eyes ntop[8471]: ifInErrors 2035717 >> Mar 29 11:33:11 eyes ntop[8471]: ifInUnknownProtos 0 >> Mar 29 11:33:11 eyes ntop[8471]: ifOutOctets 56464209045 >> Mar 29 11:33:11 eyes ntop[8471]: ifOutUcastPkts 342790372 >> Mar 29 11:33:11 eyes ntop[8471]: ifOutMulticastPkts 12852389 >> Mar 29 11:33:11 eyes ntop[8471]: ifOutBroadcastPkts 14864175 >> Mar 29 11:33:11 eyes ntop[8471]: ifOutDiscards 0 >> Mar 29 11:33:11 eyes ntop[8471]: ifOutErrors 0 >> Mar 29 11:33:11 eyes ntop[8471]: ifPromiscuousMode 1 >> Mar 29 11:33:11 eyes ntop[8471]: endSample ---------------------- >> >> >> >>> Sounds like it's not receiving data - are you sure you've configured >>> it and activated it? >>> >>> If so, then you'll have to rebuild with the debug switch for sflow >>> and see what's going on internally, but be prepared for a lot of >>> output. >>> >>> -----Burton >>> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf >>> Of [EMAIL PROTECTED] >>> Sent: Tuesday, March 29, 2005 9:57 AM >>> To: [email protected] >>> Cc: [email protected] >>> Subject: RE: [Ntop] sFlow not working! >>> >>> This doens't help, no trafic at all are seem. If I look inside the >>> sFlow plugin page, I can see this at the end of the page: >>> >>> Number of Flows with Bad Data 0 >>> Total Number of Flows Processed 0 >>> >>> The sFlow Interface Statistics appears correctly. >>> It's look like the plugins work and receive data from the switch but >>> Ntop doesn't procced them. >>> >>>> Check the back traffic - this has come up before - IIRC there are >>>> two kinds of sFlow packets, one is some sort of summary which ntop >>>> sees and ignores. >>>> So you may not really be getting data. But I'm fuzzy on the details >>>> - google for it. Or check the FAQ and see if this makes sense: >>>> >>>> Q. sFlow doesn't work. >>>> A. Check this out: >>>> >>>> This talks about a bad experience I had setting up sFlow >>>> reception. >>>> For >>>> the longest >>>> time, I could see that ntop was getting sflow packets, but no >>>> data would show up. >>>> It turns out the switch I was exporting from didn't see any >>>> real traffic, and it was >>>> just sending COUNTERSAMPLE packets..... >>>> >>>> - - - - - - - - I figured out that it was indeed "invalid" >>>> sflow packets. >>>> >>>> Apparently, sflow sends COUNTERSAMPLE and FLOWSAMPLE packets. >>>> COUNTERSAMPLE packets >>>> give a quick look at interface counters on the machine, whereas >>>> FLOWSAMPLE packets >>>> are actual packet fragments from IP connections. Ntop seems to >>>> simply parse, >>>> debug_print, and discard COUNTERSAMPLE packets...which made it >>>> confusing to look at >>>> the debug output and say "wow, lots of sflow coming in!" when >>>> in fact it was just for >>>> show, as Burton suggested. I added more switches (with active >>>> connections) to the >>>> switches sending sflow packets and I now have hosts with pretty >>>> graphs. >>>> >>>> >>>> >>>> -----Burton >>>> >>>> -----Original Message----- >>>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf >>>> Of [EMAIL PROTECTED] >>>> Sent: Tuesday, March 29, 2005 8:14 AM >>>> To: [email protected] >>>> Subject: [Ntop] sFlow not working! >>>> >>>> Hello, >>>> >>>> I'm trying to activate sFlow with Ntop 3.1 and it's not working, no >>>> trafic visible. Here my config: >>>> >>>> sFlow version: 2.99 >>>> Local Collector UDP Port: 6343 >>>> Virtual sFlow Interface network Address: 172.16.0.0/255.255.0.0 >>>> >>>> Flow Senders IP is: 172.16.2.251 >>>> Flow Collector (Ntop) IP is: 172.16.1.215 >>>> >>>> Thanks, >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
