search

sflow / host-sflow

host-sflow agent
http://sflow.net
Other
153 stars 55 forks source link

No flowsamples sent on Debian 9.12 #38

Open AlberichVR opened 4 years ago

AlberichVR commented 4 years ago

Hello, I installed hsflowd on a server (Debian 9.12) to monitor traffic on it (packet sampling). After configuring the hsflowd.conf file, I fetched the datagrams with a collector by using sflowtool. I receive countersamples but never flowsamples. Here is my hsflowd.conf file:

sflow {
  agent = eth0
  DNSSD = off
  sampling = 10
  polling = 20
  collector { ip=138.195.139.11 udpport=6343 }
  nflog { group = 5  probability = 0.0025 }
}

I ran beforhand the commands to configure NFLOG in iptables as it is explained. I also restarted hsflowd after modifying the conf file. I also tried another configuration (after making sure eth0 is the name of the network interface) : 

sflow {
  agent = eth0
  DNSSD = off
  sampling = 10
  polling = 20
  collector { ip=138.195.139.11 udpport=6343 }
  pcap = { dev=eth0 }
}

Is packet-sampling not supported on my server or did I miss something ?

Thanks in advance for your answer,

AlberichVR

sflow commented 4 years ago

(1) what do you get for "ldd /etc/hsflowd/modules/mod_nflog.so". Does it find all the libraries it needs?

(2) you can run with debug logging like this:

sudo systemctl stop hsflowd sudo hsflowd -dddd

Or maybe like this to look for output from mod_nflog.c:

sudo hsflowd 2>&1 | grep NFLOG

You will probably need to match your configured sampling-rate to the NFLOG probability, and you will probably need to generate significant traffic too. A good way to generate 100-200 packets/sec is like this:

sudo ping -i 0.01

AlberichVR commented 4 years ago

Thanks for your input. I will try all this as soon as I can (right now I don't have access to my server...).