I've been through the FAQ a dozen times, and it has got me this far.
I am aware that sflow has two types: COUNTERSSAMPLE and FLOWSAMPLE.
I have made very certain that the switches are properly configured to
send out both kinds.
Performing a raw dump of sflow packets (i.e. sflowtool > sflow.log)
for 1.5 hours shows the following:
56,192 packets collected
50,824 are COUNTERSSAMPLE
5,368 are FLOWSAMPLE
That's 1 FLOWSAMPLE every ~9.5 packets
Ntop statistics for the past 432 hours
1,280,778 packets received
1,250 processed
That's 1 packet every ~1024
Even if ntop was only processing FLOWSAMPLE and discarding the
COUNTERSSAMPLE packets, it still should have processed approximately
134818 (1,280,778 / 9.5) packets in the 432 hours. Over 1000x times
more than it does.
The sflow plugin is so dirt simple to configure, I can't see any way
to adjust the behavior. Any recommendations?
Daniel
On Jul 1, 2006, at 7:05 AM, Burton Strauss wrote:
Check the FAQ. There are two kinds of sFlow packets and the plugin
only
processes one of them. But I don't remember which is which.
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of
Daniel Lunde
Sent: Wednesday, June 28, 2006 1:12 PM
To: [email protected]
Subject: [Ntop] sFlow - can i process all packets
I want ntop to process every packet it receives from sFlow.
I have sFlow working on my switches (configured to send 1 of 1024)
and ntop
is receiving them, but it only actually processes 1 of 1024
packets. I have
used sflowutils and sFlowTrend to verify that I am getting lots of
FLOWSAMPLE packets. Currently out of 1,029,778 recieved packets
only 1005
have been processed. Which means I'm only seeing 1 out of every
1048576
packets (1024 x 1024).
Under network interfaces label, I can verify that the sample rate
of the
packets received is 1024 (again, this is what the switches are
configured to
do). Is this value used to calculate how many packets are
processed? If
so, can I set this value to 0 so that every packet is processed? I
noticed
that when setting up a local network interface, that sample rate is
0 and it
processes 100% of packets received.
I'm running ntop v3.2 using this configuration: ntop -d -L --user ntop
--db-file-path /var/ntop --interface none --use-syslog=local3 --
daemon I
made sure that the sFlow-device is selected in the Switch NIC page.
The switches are Foundry FastIron FESx448 (2) and FES9604 (1) with
all ports
sending sFlow every 1024 packets (about 200 ports)
I'll happily provide more information if necessary. Thanks,
Daniel
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
