Sflow Not Showing any fortigate Data

77 views
Skip to first unread message

Rohan Raj

unread,
Dec 19, 2022, 10:10:30 AM12/19/22
to sFlow-RT
Hi Everyone,

I've installed the standard sflow-rt package on a ubuntu 20 and I've installed 7 apps.

/usr/local/sflow-rt$ tail -f ./log/sflow-rt-0.log

2022-12-19T12:27:20Z INFO: app/particle/scripts/flows.js started

2022-12-19T12:27:20Z INFO: app/mininet-dashboard/scripts/metrics.js started

2022-12-19T12:27:20Z INFO: app/trace-flow/scripts/trace.js started

2022-12-19T12:27:20Z INFO: app/active-routes/scripts/cache.js started

2022-12-19T12:27:20Z INFO: app/active-routes/scripts/cache6.js started

2022-12-19T12:27:20Z INFO: app/active-routes/scripts/active.js started

2022-12-19T12:27:20Z INFO: app/browse-flows/scripts/top.js started

2022-12-19T12:27:20Z INFO: app/ddos-protect/scripts/ddos.js started

2022-12-19T12:27:20Z INFO: app/topology/scripts/topology.js started

2022-12-19T12:27:20Z INFO: app/fabric-metrics/scripts/metrics.js started

 

 

It's connected to an fortigate switch which has sflow enabled sending to the collector.

config system sflow

tip-marhaba-fgt001 (sflow) # show

config system sflow

    set collector-ip 192.168.49.52

    set source-ip 192.168.30.254

end

 

    edit "port7"

        set netflow-sampler both

        set sflow-sampler enable

        set sample-rate 512

        set polling-interval 30

    edit "port8"

        set netflow-sampler both

        set sflow-sampler enable

        set sample-rate 512

        set polling-interval 30

No flows have been detected on sflow-rt. I'm not seeing any errors.

 

http://192.168.49.52:8008/flows/json shows an empty []

Any hints to help me diagnose this issue? Can Sflow-rt only monitor Sflow or can it support netflow also?

Rohan Raj

Peter Phaal

unread,
Dec 19, 2022, 10:20:59 AM12/19/22
to sFlow-RT
sFlow-RT is designed for real-time flow analytics. The NetFlow flow cache delays measurements and makes NetFlow unsuitable for real-time analytics and so it is not supported by sFlow-RT.


Does the sFlow-RT dashboard show any sFlow being received (sFlow Agents, sFlow Bytes, sFlow Packets)? You need to make sure that UDP port 6343 on the host firewall is open.

Rohan Raj

unread,
Dec 19, 2022, 2:42:25 PM12/19/22
to sFlow-RT
Thanks for the explanation and blog that explains my concerns.
it is showing the sflowagent and sflow bytes but i cannot see any statis in the flows. i have attached the screen shots of the stat page

Status.jpg

Peter Phaal

unread,
Jan 3, 2023, 10:17:49 AM1/3/23
to sFlow-RT
Did you define a flow?


sFlow-RT requires that you specifiy the flows of interest before it will genarate any flow data. The other possibility is that packet sampling hasn't been enabled on the Fortigate box. Recommended sampling rate settings are here:

Reply all
Reply to author
Forward
0 new messages