Download and Install
sFlow-RT requires Java 1.8+. The following commands download, install and run the software:
wget https://inmon.com/products/sFlow-RT/sflow-rt.tar.gz
tar -xvzf sflow-rt.tar.gz
./sflow-rt/start.sh
Alternatively, the following command runs sFlow-RT in a Docker container (see sflow/sflow-rt for more options):
docker run --rm -p 8008:8008 -p 6343:6343/udp sflow/sflow-rt
Use a web browser to connect to http://localhost:8008
to interact with the REST API.
The software is also available as RPM and DEB packages:
The following commands download, install and run the package on an RPM based system:
sudo yum update
sudo yum install java-11-openjdk
wget https://inmon.com/products/sFlow-RT/sflow-rt-3.0-1706.noarch.rpm
sudo rpm -Uvh sflow-rt-3.0-1706.noarch.rpm
sudo systemctl enable sflow-rt
sudo systemctl start sflow-rt
The following commands download, install and run the package on a DEB based system:
sudo apt update
sudo apt install default-jre
wget https://inmon.com/products/sFlow-RT/sflow-rt_3.0-1706.deb
sudo dpkg -i sflow-rt_3.0-1706.deb
sudo systemctl enable sflow-rt
sudo systemctl start sflow-rt
Package files are installed under the path /usr/local/sflow-rt/
and log files are directed to /usr/local/sflow-rt/log/sflow-rt-<N>.log
If you are running sFlow-RT under systemd and would like to direct the logs to the systemd journal, edit
/usr/local/sflow-rt/resources/config/logging.properties
and use the following settings:
handlers = java.util.logging.ConsoleHandler
.level = SEVERE
com.sflow.rt.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.SimpleFormatter.format=%4$s: %5$s%n
If you have the host firewall enabled, open UDP port 6343 to allow sFlow-RT to receive sFlow datagrams and TCP port 8008 if you want remote access to sFlow-RT's web interface.
The following command opens the sFlow port in the firewall on a ufw based system (Debian/Ubuntu).
sudo ufw allow 6343/udp
The following command opens the sFlow port in the firewall on a firewalld based system (Redhat/CentOS).
sudo firewall-cmd --zone=public --add-port=6343/udp --permanent
There are no access controls built into sFlow-RT. However, HTTP access can be restricted to the local host by setting
the http.hostname
property to 127.0.0.1
and a reverse proxy can then be used to secure remote access to the REST API.
The following Apache configuration makes the sFlow-RT REST API accessible under the path /sflow-rt/
<IfModule mod_proxy.c>
ProxyRequests off
ProxyVia off
ProxyPass /sflow-rt/ http://127.0.0.1:8008/ retry=0 timeout=60
ProxyPassReverse /sflow-rt/ http://127.0.0.1:8008/
<IfModule mod_headers.c>
RequestHeader append X-Forwarded-Prefix "/sflow-rt/"
</IfModule>
</IfModule>
<Location /sflow-rt/>
# insert access policy below
</Location>
Alternatively, the following is an equivalent configuration for NGINX:
location /sflow-rt/ {
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Prefix /sflow-rt/;
proxy_set_header Host $host;
proxy_pass http://localhost:8008/;
proxy_redirect ~^http://[^/]+(/.+)$ /sflow-rt$1;
# insert access policy below
}
Tuning Performance describes how to optimize performance for production use.
Please read and accept the License Agreement before downloading this software.
Applications
The following command downloads and installs an application:
./sflow-rt/get-app.sh sflow-rt browse-flows
The following applications are currently available on GitHub:
User | Application | Docker Image | Description |
---|---|---|---|
sflow‑rt | active-routes | sflow/active-routes | Real-time active BGP route cache |
sflow‑rt | browse-drops | sflow/prometheus | Browse and trend dropped packets |
sflow‑rt | browse-flows | sflow/prometheus | Browse and trend traffic flows |
sflow‑rt | browse-metrics | sflow/prometheus | Browse and trend metrics |
sflow‑rt | ddos-protect | sflow/ddos-protect | Real-time DDoS flood mitigation using BGP RTBH and FlowSpec |
sflow‑rt | fabric-metrics | sflow/topology | Leaf and spine fabric metrics |
sflow‑rt | ixp-metrics | sflow/ixp-metrics | Real-time monitoring of Internet eXchange Point (IXP) network metrics |
sflow‑rt | mininet-dashboard | Real-time dashboard for Mininet | |
sflow‑rt | particle | sflow/particle | Visualize real-time traffic using animated particles |
sflow‑rt | prometheus | sflow/prometheus | Export metrics to Prometheus time series database |
sflow‑rt | sflow-test | sflow/sflow-test | Test data center switch sFlow implementation |
sflow‑rt | sunburst | sflow/prometheus | Real-time protocol distribution as sunburst chart |
sflow‑rt | topology | sflow/topology | Persist and verify topology, locate addresses |
sflow‑rt | trace-flow | sflow/topology | Real-time traffic tracing against topology |
sflow‑rt | world-map | Real-time traffic displayed on world map |
Writing Applications provides an introduction describing the structure of an sFlow-RT application. Post information on new applications to the sFlow-RT group to have them listed.
Support
Please post questions, suggestions and applications to the sFlow-RT group.
Production use
Contact sales@inmon.com to discuss production licensing options for sFlow-RT.