vmxdev
commented
8 months ago Hello!
Sorry for the long delay. We have added initial support for sFlow. The code is in the "sflow" branch.
It's still in a very early stage. We made support for only one type of sflow - flow samples, only for IPv4, only for sFlow v.5 and this was tested only with host-generaged sflow. It's still unclear what to do with other flow types, such as counters. In addition, it is not clear what to do with the payload of packets, theoretically we could take some useful information from there.
sFlow turned out to be a rather complex protocol, so we decided to go this way: the collector silently discards flows that it cannot parse. But we have added a utility that shows exactly how the flow is parsed in the collector. If you want to test whether the collector will understand your flows, run it on the interface to which the sFlow arrives:
sudo ./xesflow -i eth0 -f "udp and port 6343"If the utility shows the contents of the flows, then the collector will also see them and can process them. You just need to add this to the main config file (xenoeye.conf):
"sflow-capture": [
{"socket": {"listen-on": "*", "port": "6344"}}
// or, if you capture flows using pcap
//{"pcap": {"interface": "eth0", "filter": "udp and port 6343"}}
],If the utility cannot parse flows, you can attach some samples to reply or send them directly to me (via email), I will fix the parser.
We need to test it more, then we will merge it into the master and add documentation.
Hi team,
Kindly ask you to add sFlow support.
There are existing two RFC documents (actually, the second one is RFC-like):
To get the sFlow stream for the development purposes you could use any hardware or software equipment listed on the page https://sflow.org/products/network.php. It seems easiest to use native Host sFlow agent https://sflow.net/. To learn how to properly collect and parse sFlow metrics, you can explore the https://github.com/pmacct/pmacct/ implementation.
Thank you.