Download and Install

sFlow-RT requires Java 1.8+. The following commands download, install and run the software:

tar -xvzf sflow-rt.tar.gz

Alternatively, the following command runs sFlow-RT in a Docker container (see sflow/sflow-rt for more options):

docker run --rm -p 8008:8008 -p 6343:6343/udp sflow/sflow-rt

Use a web browser to connect to http://localhost:8008 to interact with the REST API.

The software is also available as RPM and DEB packages:

The following commands download, install and run the package on an RPM based system:

sudo yum update
sudo yum install java-11-openjdk
sudo rpm -Uvh sflow-rt-3.0-1703.noarch.rpm
sudo systemctl enable sflow-rt
sudo systemctl start sflow-rt

The following commands download, install and run the package on a DEB based system:

sudo apt update
sudo apt install default-jre
sudo dpkg -i sflow-rt_3.0-1703.deb
sudo systemctl enable sflow-rt
sudo systemctl start sflow-rt

Package files are installed under the path /usr/local/sflow-rt/ and log files are directed to /usr/local/sflow-rt/log/sflow-rt-<N>.log

If you are running sFlow-RT under systemd and would like to direct the logs to the systemd journal, edit /usr/local/sflow-rt/resources/config/ and use the following settings:

handlers = java.util.logging.ConsoleHandler

.level             = SEVERE
com.sflow.rt.level = INFO

java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.ConsoleHandler.level     = ALL
java.util.logging.SimpleFormatter.format=%4$s: %5$s%n

If you have the host firewall enabled, open UDP port 6343 to allow sFlow-RT to receive sFlow datagrams and TCP port 8008 if you want remote access to sFlow-RT's web interface.

The following command opens the sFlow port in the firewall on a ufw based system (Debian/Ubuntu).

sudo ufw allow 6343/udp

The following command opens the sFlow port in the firewall on a firewalld based system (Redhat/CentOS).

sudo firewall-cmd --zone=public --add-port=6343/udp --permanent

There are no access controls built into sFlow-RT. However, HTTP access can be restricted to the local host by setting the http.hostname property to and a reverse proxy can then be used to secure remote access to the REST API.

The following Apache configuration makes the sFlow-RT REST API accessible under the path /sflow-rt/

<IfModule mod_proxy.c>
  ProxyRequests off
  ProxyVia off
  ProxyPass        /sflow-rt/ retry=0 timeout=60
  ProxyPassReverse /sflow-rt/
  <IfModule mod_headers.c>
    RequestHeader append X-Forwarded-Prefix "/sflow-rt/"
<Location /sflow-rt/>
  # insert access policy below

Alternatively, the following is an equivalent configuration for NGINX:

location /sflow-rt/ {
  proxy_buffering off;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Prefix /sflow-rt/;
  proxy_set_header Host $host;
  proxy_pass http://localhost:8008/;
  proxy_redirect ~^http://[^/]+(/.+)$ /sflow-rt$1;
  # insert access policy below

Tuning Performance describes how to optimize performance for production use.

Please read and accept the License Agreement before downloading this software.


The following command downloads and installs an application:

./sflow-rt/ sflow-rt browse-flows

The following applications are currently available on GitHub:

UserApplicationDocker ImageDescription
sflow‑rtactive-routessflow/active-routesReal-time active BGP route cache
sflow‑rtbrowse-dropssflow/prometheusBrowse and trend dropped packets
sflow‑rtbrowse-flowssflow/prometheusBrowse and trend traffic flows
sflow‑rtbrowse-metricssflow/prometheusBrowse and trend metrics
sflow‑rtddos-protectsflow/ddos-protectReal-time DDoS flood mitigation using BGP RTBH and FlowSpec
sflow‑rtfabric-metricssflow/topologyLeaf and spine fabric metrics
sflow‑rtixp-metricssflow/ixp-metricsReal-time monitoring of Internet eXchange Point (IXP) network metrics
sflow‑rtmininet-dashboardReal-time dashboard for Mininet
sflow‑rtparticlesflow/particleVisualize real-time traffic using animated particles
sflow‑rtprometheussflow/prometheusExport metrics to Prometheus time series database
sflow‑rtsflow-testsflow/sflow-testTest data center switch sFlow implementation
sflow‑rtsunburstsflow/prometheusReal-time protocol distribution as sunburst chart
sflow‑rttopologysflow/topologyPersist and verify topology, locate addresses
sflow‑rttrace-flowsflow/topologyReal-time traffic tracing against topology
sflow‑rtworld-mapReal-time traffic displayed on world map

Writing Applications provides an introduction describing the structure of an sFlow-RT application. Post information on new applications to the sFlow-RT group to have them listed.


Please post questions, suggestions and applications to the sFlow-RT group.

Production use

Contact to discuss production licensing options for sFlow-RT.