mehrdadrad
commented
5 years ago @huaconghub what's vFlow version?
vflow -version
Open huaconghub opened 5 years ago
mehrdadrad
commented
5 years ago @huaconghub what's vFlow version?
vflow -version
huaconghub
commented
5 years ago @mehrdadrad vflow 0.6.5 I git clone from master branch
@huaconghub what's vFlow version?
vflow -version
mehrdadrad
commented
5 years ago interesting, can you let me know the Go version, OS and arch?
huaconghub
commented
5 years ago interesting, can you let me know the Go version, OS and arch?
Go: go1.11.2 linux/amd64 OS: Ubuntu 16.04.4 LTS xenial
mehrdadrad
commented
5 years ago logger.Println(err)
- add more logging after line 188 at vflow/sflow.go
logger.Println(err)
- run the vflow in the vebose mode under sflow load and send here the log file and console logs
I add a log on verbose mode, error is nil:
[vflow] 2018/12/08 14:08:40 sflow.go:190: 0%!(EXTRA <nil>)
huaconghub
commented
5 years ago I found this tool can precisely decode my sflow data, https://github.com/sflow/sflowtool
mehrdadrad
commented
5 years ago the vflow parses v5 as the error is nil but can not see any samples! (raw or counters) can you paste the sflowtool output here? what's your device?
huaconghub
commented
5 years ago the vflow parses v5 as the error is nil but can not see any samples! (raw or counters) can you paste the sflowtool output here? what's your device?
Sample data decode by sflowtool (some field replace with *):
{"datagramSourceIP":"*","datagramSize":"1296","unixSecondsUTC":"1544407110","localtime":"2018-12-10T09:58:30+0800","datagramVersion":"5","agentSubId":"16","agent":"10.101.4.2","packetSequenceNo":"11048351","sysUpTime":"2638308408","samplesInPacket":"6","samples":[{"sampleType_tag":"0:3","sampleType":"FLOWSAMPLE","sampleSequenceNo":"63024708","sourceId":"0:168","meanSkipCount":"5000","samplePool":"3761648742","dropEvents":"0","inputPort":"180","outputPort":"168","elements":[{"flowBlock_tag":"0:1","flowSampleType":"HEADER","headerProtocol":"1","sampledPacketSize":"218","strippedBytes":"4","headerLen":"128","headerBytes":"*","dstMAC":"*","srcMAC":"*","decodedVLAN":"500","decodedPriority":"0","IPSize":"196","ip.tot_len":"196","srcIP":"*","dstIP":"*","IPProtocol":"17","IPTOS":"0","IPTTL":"64","IPID":"45749","UDPSrcPort":"954","UDPDstPort":"960","UDPBytes":"176"},{"flowBlock_tag":"0:1001","extendedType":"SWITCH","in_vlan":"500","in_priority":"0","out_vlan":"500","out_priority":"0"}]},{"sampleType_tag":"0:3","sampleType":"FLOWSAMPLE","sampleSequenceNo":"63024710","sourceId":"0:168","meanSkipCount":"5000","samplePool":"3761648742","dropEvents":"0","inputPort":"180","outputPort":"168","elements":[{"flowBlock_tag":"0:1","flowSampleType":"HEADER","headerProtocol":"1","sampledPacketSize":"1522","strippedBytes":"4","headerLen":"128","headerBytes":"*","dstMAC":"*","srcMAC":"*","decodedVLAN":"500","decodedPriority":"0","IPSize":"1500","ip.tot_len":"1500","srcIP":"*","dstIP":"*","IPProtocol":"6","IPTOS":"0","IPTTL":"64","IPID":"1533","TCPSrcPort":"9191","TCPDstPort":"45132","TCPFlags":"24"},{"flowBlock_tag":"0:1001","extendedType":"SWITCH","in_vlan":"500","in_priority":"0","out_vlan":"500","out_priority":"0"}]},{"sampleType_tag":"0:3","sampleType":"FLOWSAMPLE","sampleSequenceNo":"63024712","sourceId":"0:168","meanSkipCount":"5000","samplePool":"3761648742","dropEvents":"0","inputPort":"168","outputPort":"180","elements":[{"flowBlock_tag":"0:1","flowSampleType":"HEADER","headerProtocol":"1","sampledPacketSize":"76","strippedBytes":"4","headerLen":"72","headerBytes":"*","dstMAC":"*","srcMAC":"*","IPSize":"58","ip.tot_len":"58","srcIP":"*","dstIP":"*","IPProtocol":"17","IPTOS":"116","IPTTL":"54","IPID":"9997","UDPSrcPort":"6931","UDPDstPort":"1456","UDPBytes":"38"},{"flowBlock_tag":"0:1001","extendedType":"SWITCH","in_vlan":"0","in_priority":"0","out_vlan":"0","out_priority":"0"}]},{"sampleType_tag":"0:3","sampleType":"FLOWSAMPLE","sampleSequenceNo":"63024714","sourceId":"0:168","meanSkipCount":"5000","samplePool":"3761648742","dropEvents":"0","inputPort":"180","outputPort":"168","elements":[{"flowBlock_tag":"0:1","flowSampleType":"HEADER","headerProtocol":"1","sampledPacketSize":"160","strippedBytes":"4","headerLen":"128","headerBytes":"*","dstMAC":"*","srcMAC":"*","decodedVLAN":"500","decodedPriority":"0","IPSize":"138","ip.tot_len":"138","srcIP":"*","dstIP":"*","IPProtocol":"17","IPTOS":"0","IPTTL":"64","IPID":"4689","UDPSrcPort":"858","UDPDstPort":"55590","UDPBytes":"118"},{"flowBlock_tag":"0:1001","extendedType":"SWITCH","in_vlan":"500","in_priority":"0","out_vlan":"500","out_priority":"0"}]},{"sampleType_tag":"0:3","sampleType":"FLOWSAMPLE","sampleSequenceNo":"63024716","sourceId":"0:168","meanSkipCount":"5000","samplePool":"3761648742","dropEvents":"0","inputPort":"180","outputPort":"168","elements":[{"flowBlock_tag":"0:1","flowSampleType":"HEADER","headerProtocol":"1","sampledPacketSize":"85","strippedBytes":"4","headerLen":"81","headerBytes":"*","dstMAC":"*","srcMAC":"*","decodedVLAN":"500","decodedPriority":"0","IPSize":"63","ip.tot_len":"63","srcIP":"*","dstIP":"*","IPProtocol":"17","IPTOS":"0","IPTTL":"64","IPID":"47957","UDPSrcPort":"952","UDPDstPort":"975","UDPBytes":"43"},{"flowBlock_tag":"0:1001","extendedType":"SWITCH","in_vlan":"500","in_priority":"0","out_vlan":"500","out_priority":"0"}]},{"sampleType_tag":"0:3","sampleType":"FLOWSAMPLE","sampleSequenceNo":"63024718","sourceId":"0:168","meanSkipCount":"5000","samplePool":"3761648742","dropEvents":"0","inputPort":"180","outputPort":"168","elements":[{"flowBlock_tag":"0:1","flowSampleType":"HEADER","headerProtocol":"1","sampledPacketSize":"1322","strippedBytes":"4","headerLen":"128","headerBytes":"*","dstMAC":"*","srcMAC":"*","decodedVLAN":"500","decodedPriority":"0","IPSize":"1300","ip.tot_len":"1300","srcIP":"*","dstIP":"*","IPProtocol":"6","IPTOS":"0","IPTTL":"64","IPID":"23927","TCPSrcPort":"600","TCPDstPort":"30536","TCPFlags":"16"},{"flowBlock_tag":"0:1001","extendedType":"SWITCH","in_vlan":"500","in_priority":"0","out_vlan":"500","out_priority":"0"}]}]}everything looks good, I think it decodes and you need to consume them from vFlow. what's your messaging queue? can you send me the below log in verbose mode and messaging queue configuration? /var/log/vflow.log /etc/vflow/mq.conf
huaconghub
commented
5 years ago everything looks good, I think it decodes and you need to consume them from vFlow. what's your messaging queue? can you send me the below log in verbose mode and messaging queue configuration? /var/log/vflow.log /etc/vflow/mq.conf
I check the log many times, unfortunately, no helpful info, just:
rcvd sflow data from: xx.xx.xx.xx:**, size: 1396 bytesmq is kafka, config file only kafka brokers, and netflow send msg succuess, so mq is fine;
mehrdadrad
commented
5 years ago once you ran the vflow for a while, pls send me the below: curl localhost:8081/flow | json_xs
huaconghub
commented
5 years ago json_xs
{
"StartTime": 1544585675,
"IPFIX": {
"UDPQueue": 0,
"UDPMirrorQueue": 0,
"MessageQueue": 0,
"UDPCount": 0,
"DecodedCount": 0,
"MQErrorCount": 0,
"Workers": 0
},
"SFlow": {
"UDPQueue": 0,
"MessageQueue": 0,
"UDPCount": 284112,
"DecodedCount": 0,
"MQErrorCount": 0,
"Workers": 200
},
"NetflowV9": {
"UDPQueue": 0,
"MessageQueue": 0,
"UDPCount": 0,
"DecodedCount": 0,
"MQErrorCount": 0,
"Workers": 0
}
}device: H3C-S6800-54QF
my sflow data decoded fail, I found when execute function getSampleInfo, sflow/decoder.go:194, the sfType is 3, not const DataFlowSample and DataCounterSample , it seem sfType always 3, and I dont know why, I checked my device sflow version is 5, and raw header is L2/L3/L4, do you know what might go wrong? thx
a sample sflow data: