lucaderi
commented
8 years ago @flyersa -S is meaningful only for NetFlow (I have updated the man page to make it clear) as in sFlow this info is part of the packet. I have fixed a sampling issue last week: please resync the apps and see if it works. If not, please share a pcap file with sFlow packets to see what sampling rate is specified in there.
flyersa
Hi all,
we run nprobeng with ntop Business Edition to analyze data coming from four arista switches. For some hosts the traffic rates reported in the ntopng interface are almost correct for others where we have only around 1-10 Mbit/s traffic on the interfaces ntopng reports constantly an actual traffic of 6-14 Gbit/s.
On the Arista we use this as sampling rate:
Sample Rate: 20000 Polling Interval (sec): 20.0 Rewrite DSCP value: No
for nprobe:
nprobe --zmq "tcp://*:5557" -i none -S@20000 --collector-port 6343 --verbose 2 --dump-stats -V9 -S@20000
this sample rate parameter doesnt matter at all, whatever i set with or without @ or even if i let it completly out the behavior is always the same and nothing changes.
I can provide tcpdump if that may help someone.
We run this versions at the moment:
nprobe-7.5.160727-5356.x86_64
ntopng-2.5.160727-1369.x86_64
See:
that host 10.30.3.144 barely has 2 Megabit/s i really dont get it.