| Help : Configure : Parameters |
The following table describes the attributes that can be set in the sFlow probe configuration file (/usr/local/inmon/probe/config/pkp.ini):
| Attribute | Example | Default | Section | |||||
|---|---|---|---|---|---|---|---|---|
| [probe] | [agent] | Traffic Data Source | ||||||
| [adaptor] | [netflow] | [lfap] | [virtual] | |||||
| host | probe.inmon.com | Mandatory | ||||||
| softwareKey | Mandatory | |||||||
| collectorHost | sflow.inmon.com | Optional | ||||||
| collectorPort | 6343 | Optional | ||||||
| netflowHost | netflow.inmon.com | Optional | ||||||
| netflowPort | 9991 | Optional | ||||||
| netflowScaling | NO | YES | Optional | |||||
| netflowOutputASInfo | peer | origin | Optional | |||||
| netflowTimeout | 60 | Optional | ||||||
| counterPollingInterval | 30 | Optional | Optional | |||||
| samplingRate | 400 | Mandatory | Optional | |||||
| community | public | Optional | Optional | |||||
| BGP_peer | NO | Optional | Optional | |||||
| BGP_LocalAS | 65222 | Optional | Optional | |||||
| script | Optional | Optional | ||||||
| address | 10.1.3.1 | Mandatory | ||||||
| routingAgent | 10.1.3.1 | Optional | ||||||
| secondaryRoutingAgent | 10.1.3.2 | Optional | ||||||
| deviceName | eth1 | Mandatory | ||||||
| mirrorDirection | both | input | Optional | |||||
| promiscuous | NO | YES | Optional | |||||
| driverSampling | NO | YES | Optional | |||||
| preSampled | YES | NO | Optional | Optional | ||||
| ignoreMACLayer | YES | NO | Optional | |||||
| inputPort | 5555 | Optional | Optional | Optional | Optional | |||
| sourceAddress | 10.1.3.1 | Optional | ||||||
| netFlowInputASInfo | peer | origin | Optional | Optional | Optional | |||
| flowTimesInSeconds | YES | NO | Optional | |||||
| LFAPVersion | 4 | 5 | Optional | |||||
| agent | 10.1.3.1 | Mandatory | ||||||
| port | 5 | Optional | ||||||
| MAC | 080009123456 | Optional | ||||||
The fully qualified host name of this sFlow Probe (e.g. probe.corp.inmon.com).
The software key for this probe. The key is required to enable monitoring. Evaluation keys expire at the end of the evaluation period and a new key is required before monitoring can resume. Depending on the license, a key may only permit a limited number of interfaces to be monitored.
A key is specific to the host. If the domain name is changed then a new key will have to be issued.
The IP address of the sFlow collector. sFlow packets will be streamed to this address.
Note: Additional sFlow collectors can be specified as collectorHost, collectorHost2, collectorHost3.
The UDP port on the sFlow collector that will receive sFlow packets.
Note: If multiple sFlow collectors have been specified then the corresponding collector ports are collectorPort, collectorPort2 and collectorPort3 respectively.
The IP address of the NetFlow collector. NetFlow packets will be streamed to this address.
Note: Additional NetFlow collectors can be specified as netflowHost, netflowHost2, netflowHost3.
The UDP port on the NetFlow collector that will receive NetFlow packets.
Note: If multiple NetFlow collectors have been specified then the corresponding collector ports are netflowPort, netflowPort2 and netflowPort3 respectively.
NetFlow records generated by the probe based on sampled data can be scaled before being transmitted. This setting determines whether or not to scale the NetFlow packets and bytes by the sampling rate. A value of YES specifies that the probe should scale the NetFlow data. A value of NO specifies that the probe should not scale the NetFlow data.
WARNING: If you leave the NetFlow records unscaled most NetFlow collectors will underestimate the total traffic on your network.
Determines which elements of the autonomous system (AS) path will be included in NetFlow packets created by the probe. A value of origin specifies the AS numbers associated with the source and destination of the flow. A value of peer specifies the AS numbers of the adjacent or next-hop networks.
The length of time (in seconds) that a flow must be idle before being flushed from the Flow-Cache.
The interval (in seconds) between successive requests for interface counters.
The fraction of packets from the monitor port that will be sampled.
e.g. Selecting a sampling rate of 1000 would cause the probe to take on sample
for every 1000 packets received on its monitor port.
When the probe receives NetFlow packets, it samples them so as to approximate the behavior of mirror port sampling. A NetFlow record represent the flow of a single packet, or tens of thousands of packets. When a NetFlow record is sampled, the number of sFlow records generated will be in proportion to the number of packets in the NetFlow record.
WARNING: The smaller the sampling rate, the greater the number of sFlow packets generated.
The SNMP community string providing read-only access to MIB-2 (RFC 1213) and the Bridge MIB (RFC 1493) on the switch being monitored.
Flag determining whether or not to establish an iBGP peering session in order to monitor routing table updates. If set to YES the probe will attempt to establish an iBGP session with the router. A value of NO disables this feature.
The private AS number to be used by the probe when establishing an iBGP peering session with a router.
A script in the /usr/local/inmon/probe/inx/bin/ that should be run periodically to extract information from an agent.
The following options are available:
script.<script name>.interval = <seconds>
script.<script name>.enabled = YES | NO
script.<script name>.user = <username>
script.<script name>.password = <password>
The following scripts are currently supplied:
 | getArpCache Use SNMP MIB-2 to get ARP cache. |
| getIfTable Use SNMP MIB-2 to get ifTable. |
| getVlanTable Use SNMP Bridge MIB to get port-based VLAN table. |
| getCiscoBridgeTable Use SNMP Bridge MIB to get bridge forwarding table from Cisco switch runnig VLANs (NOTE: this script is only necessary if VLANs have been configured). |
| getRoutingTable Use SNMP MIB-2 to get IP routing table. |
| bgp-BGP4-MIB Use SNMP BGP4 MIB to get BGP routing table. |
| bgp-Foundry-MIB Use SNMP to get BGP routing table from Foundry Networks routers. |
| bgp-Foundry-telnet Use telnet to get BGP routing table from Foundry Networks routers. |
| bgp-Cisco-telnet Use telnet to get BGP routing table from Cisco routers. |
e.g. The following settings enable the bgp-Cisco-telnet script, running it every hour. The username and password are specified as 'admin' and 'secret' respectively.
script.bgp-Cisco-telnet.interval = 3600
script.bgp-Cisco-telnet.enabled = YES
script.bgp-Cisco-telnet.user = admin
script.bgp-Cisco-telnet.password = secret
The IP address of the management entity associated with a switch or router being monitored.
The IP address of an agent to be used for routing table lookups (if it is not this agent). An [agent] block must be defined for any routing agents.
The IP address of an agent to be used as a secondary lookup for routing information. Typically this will only be specified if the secondary routing agent contains a BGP routing table that can be used to add AS information to the flow data. An [agent] block must be defined for any secondary routing agents.
The device name associated with a LAN card being used to monitor monitor/SPAN port traffic.
The direction of packets being mirrored. This value should match the mirror settings on the switch. Valid settings are:
| input Input packets from one or more ports are being mirrored. |
| both Both input and output packet from a single interface are being mirrored. |
Note: See Port Mirroring for a discussion of this setting.
Set to YES to enable promiscuous monitoring on this interface, or NO to disable promiscuous monitoring.
Set to YES to allow sampling to be performed by the network adaptor card. Set to NO to sample in software.
Note: Only Tigon-based adaptor cards currently support sampling. The setting of this flag will be ignored (and sofware sampling will be used) if other adaptor cards are used.
WARNING: Software sampling is much slower than adaptor card sampling. If software sampling is used data is likely to be lost during periods of heavy traffic and fewer links can be monitored from a single probe.
Set to YES if packets have already been sampled by router/switch so probe should not sample. Set to NO if probe should sample packets.
WARNING: Make sure that the sampling rate configured in the device is the same as the value of samplingRate, otherwise sampled data will be incorrectly scaled.
Set to YES to strip MAC layer before processing packets. This is useful processing IP packets that have been forwarded to the probe over an ethernet connection.
Note: Juniper Networks' routers can forward sampled IP packets over a link level connection. Setting ignoreMACLayer=YES and preSampled=YES will ensure that this mirrored traffic is correctly processed.
Specify the UDP port used to receive NetFlow packets (default UDP port 9993) or the TCP port to receive LFAP connections (default TCP port 3145).
Note: Only NetFlow versions 5 and 7 are supported.
Only NetFlow packets from the specified source address will be associated with this [netflow] data source. This setting is only required if the source address in the UDP NetFlow packets does not match the address of the management agent associated with the device generating the NetFlow data. This can occur if NetFlow packets have been replicated without spoofing the source addresses.
The AS setting on the router sending NetFlow packets to the probe. A value of origin specifies the AS numbers associated with the source and destination of the flow. A value of peer specifies the AS numbers of the adjacent or next-hop networks.
Juniper routers report flow timestamps in seconds. Set this flag when importing data from a Juniper router.
The type of LFAP records being sent to the probe (version 4 or 5 supported).
The IP address of an agent from which traffic data is to imported and used as a [virtual] traffic source in this agent. The specified agent must exist in an [agent] section in the configuration file.
ifIndex used to filter traffic data provided by a [virtual] data source. This ifIndex is one of the interfaces on the agent specified in the [virtual] data source definition. Typically this interface connects the virtual data source to the agent containing the [virtual] data source definition.
MAC address used to filter traffic data provided by the [virtual] data source. This is the MAC address of one of the interfaces on the [agent] receiving data from the [virtual] data source, typically it is the interface that connects the two devices.