Download and Install

sFlow-RT requires Java 1.8+. The following commands download, install and run the software:

wget https://inmon.com/products/sFlow-RT/sflow-rt.tar.gz
tar -xvzf sflow-rt.tar.gz
./sflow-rt/start.sh

Alternatively, the following command runs sFlow-RT in a Docker container (see sflow/sflow-rt for more options):

docker run --rm -p 8008:8008 -p 6343:6343/udp sflow/sflow-rt

Use a web browser to connect to http://localhost:8008 to interact with the REST API.

The software is also available as RPM and DEB packages:

The following commands download, install and run the package on an RPM based system:

sudo yum update
sudo yum install java-11-openjdk
wget https://inmon.com/products/sFlow-RT/sflow-rt-3.0-1706.noarch.rpm
sudo rpm -Uvh sflow-rt-3.0-1706.noarch.rpm
sudo systemctl enable sflow-rt
sudo systemctl start sflow-rt

The following commands download, install and run the package on a DEB based system:

sudo apt update
sudo apt install default-jre
wget https://inmon.com/products/sFlow-RT/sflow-rt_3.0-1706.deb
sudo dpkg -i sflow-rt_3.0-1706.deb
sudo systemctl enable sflow-rt
sudo systemctl start sflow-rt

Package files are installed under the path /usr/local/sflow-rt/ and log files are directed to /usr/local/sflow-rt/log/sflow-rt-<N>.log

If you are running sFlow-RT under systemd and would like to direct the logs to the systemd journal, edit /usr/local/sflow-rt/resources/config/logging.properties and use the following settings:

handlers = java.util.logging.ConsoleHandler

.level             = SEVERE
com.sflow.rt.level = INFO

java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.ConsoleHandler.level     = ALL
java.util.logging.SimpleFormatter.format=%4$s: %5$s%n

If you have the host firewall enabled, open UDP port 6343 to allow sFlow-RT to receive sFlow datagrams and TCP port 8008 if you want remote access to sFlow-RT's web interface.

The following command opens the sFlow port in the firewall on a ufw based system (Debian/Ubuntu).

sudo ufw allow 6343/udp

The following command opens the sFlow port in the firewall on a firewalld based system (Redhat/CentOS).

sudo firewall-cmd --zone=public --add-port=6343/udp --permanent

There are no access controls built into sFlow-RT. However, HTTP access can be restricted to the local host by setting the http.hostname property to 127.0.0.1 and a reverse proxy can then be used to secure remote access to the REST API.

The following Apache configuration makes the sFlow-RT REST API accessible under the path /sflow-rt/

<IfModule mod_proxy.c>
  ProxyRequests off
  ProxyVia off
  ProxyPass        /sflow-rt/ http://127.0.0.1:8008/ retry=0 timeout=60
  ProxyPassReverse /sflow-rt/ http://127.0.0.1:8008/
  <IfModule mod_headers.c>
    RequestHeader append X-Forwarded-Prefix "/sflow-rt/"
  </IfModule>
</IfModule>
<Location /sflow-rt/>
  # insert access policy below
</Location>

Alternatively, the following is an equivalent configuration for NGINX:

location /sflow-rt/ {
  proxy_buffering off;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Prefix /sflow-rt/;
  proxy_set_header Host $host;
  proxy_pass http://localhost:8008/;
  proxy_redirect ~^http://[^/]+(/.+)$ /sflow-rt$1;
  # insert access policy below
}

Tuning Performance describes how to optimize performance for production use.

Please read and accept the License Agreement before downloading this software.

Applications

The following command downloads and installs an application:

./sflow-rt/get-app.sh sflow-rt browse-flows

The following applications are currently available on GitHub:

UserApplicationDocker ImageDescription
sflow‑rtactive-routessflow/active-routesReal-time active BGP route cache
sflow‑rtbrowse-dropssflow/prometheusBrowse and trend dropped packets
sflow‑rtbrowse-flowssflow/prometheusBrowse and trend traffic flows
sflow‑rtbrowse-metricssflow/prometheusBrowse and trend metrics
sflow‑rtddos-protectsflow/ddos-protectReal-time DDoS flood mitigation using BGP RTBH and FlowSpec
sflow‑rtfabric-metricssflow/topologyLeaf and spine fabric metrics
sflow‑rtixp-metricssflow/ixp-metricsReal-time monitoring of Internet eXchange Point (IXP) network metrics
sflow‑rtmininet-dashboardReal-time dashboard for Mininet
sflow‑rtparticlesflow/particleVisualize real-time traffic using animated particles
sflow‑rtprometheussflow/prometheusExport metrics to Prometheus time series database
sflow‑rtsflow-testsflow/sflow-testTest data center switch sFlow implementation
sflow‑rtsunburstsflow/prometheusReal-time protocol distribution as sunburst chart
sflow‑rttopologysflow/topologyPersist and verify topology, locate addresses
sflow‑rttrace-flowsflow/topologyReal-time traffic tracing against topology
sflow‑rtworld-mapReal-time traffic displayed on world map

Writing Applications provides an introduction describing the structure of an sFlow-RT application. Post information on new applications to the sFlow-RT group to have them listed.

Support

Please post questions, suggestions and applications to the sFlow-RT group.

Production use

Contact sales@inmon.com to discuss production licensing options for sFlow-RT.