To access the list of sFlow devices that are currently actively exporting sFlow, select the “sFlow Exporters” entry from the “Devices” dropdown. Nevertheless, ntopng not only provides visibility on the traffic that is traversing the network devices, it also provides visibility into the devices per se. For example, one can visualize the top layer-7 application protocols by visiting the interface page: Similarly, all the other ntopng pages will populate with rich data. The ntopng web dashboard will shortly populate with collected data, including top senders and top destinations, as well as the top layer-7 application protocols detected from the traffic. ntopng is listening on port 5556 for incoming collected sFlow data ( -i tcp://127.0.0.1:5556 ).Collected data is then exported to an ntopng running on localhost port 5556 via ZMQ ( -zmq tcp://127.0.0.1:5556 ). nprobe is neither collecting from a physical interface ( -i none ) nor exporting flows towards a downstream NetFlow collector ( -n none ) it’s just collecting incoming sFlow on port 6343 ( -collector-port 6343 ).Configuring nProbe and ntopng is a breeze and it merely boils down to: nprobe -i none -n none -collector-port 6343 -zmq tcp://127.0.0.1:5556Ĭommands above have the following meaning: Let’s also say and ntopng running on the same host is used for the visualization and analysis. Let’s say there are sFlow agents exporting sFlow on port 6343 of an host running nProbe.
#NTOPNG NETFLOW COLLECTOR SOFTWARE#
Hence, using ntop software nProbe and ntopng, it is possible to easily and quickly setup a monitoring architecture for multiple sFlow-capable network devices in minutes.
#NTOPNG NETFLOW COLLECTOR DOWNLOAD#
The interested reader can download the presentation slides to gain a deeper understanding of sFlow, or even watch the youtube video of the presentation: ntop team members have discussed in detail this technology during a couple of SharkFest conferences ( SharkFest Europe, SharkFest US). For this reason, is should be the technology of choice when carrying out certain network monitoring tasks. sFlow, relying on sampling processes to periodically counters and packets, is scalable and ultra-lightweight and has been embedded into network devices by tens of vendors and manufacturers.Ĭontrary to NetFlow (please note that in sFlow parlance the word ‘flow’ has a totally different meaning with respect to what ‘flow’ means in NetFlow), which requires a stateful representation of all the network flows packets to operate, sFlow merely sample packets and counters and thus its impact on network devices memory and CPU is much lower. SFlow agents run on switches, routers, firewalls and other devices, and periodically export interface counters and traffic packets via UDP towards one or more sFlow collectors. SFlow, short for sampled Flow, is a sampling technology designed to export network devices information, namely:
0 kommentar(er)
