Help : Configure : Parameters

The following table describes the attributes that can be set in the sFlow probe configuration file (/usr/local/inmon/probe/config/pkp.ini):

Attribute Example Default Section
[probe] [agent] Traffic Data Source
[adaptor] [netflow] [lfap] [virtual]
host probe.inmon.com   Mandatory          
softwareKey     Mandatory          
collectorHost sflow.inmon.com   Optional          
collectorPort   6343 Optional          
netflowHost netflow.inmon.com   Optional          
netflowPort   9991 Optional          
netflowScaling NO YES Optional          
netflowOutputASInfo peer origin Optional          
netflowTimeout   60 Optional          
counterPollingInterval   30 Optional Optional        
samplingRate   400 Mandatory Optional        
community   public Optional Optional        
BGP_peer   NO Optional Optional        
BGP_LocalAS   65222 Optional Optional        
script     Optional Optional        
address 10.1.3.1     Mandatory        
routingAgent 10.1.3.1     Optional        
secondaryRoutingAgent 10.1.3.2     Optional        
deviceName eth1       Mandatory      
mirrorDirection both input     Optional      
promiscuous NO YES     Optional      
driverSampling NO YES     Optional      
preSampled YES NO     Optional Optional    
ignoreMACLayer YES NO     Optional      
inputPort 5555   Optional Optional   Optional Optional  
sourceAddress 10.1.3.1         Optional    
netFlowInputASInfo peer origin Optional Optional   Optional    
flowTimesInSeconds YES NO       Optional    
LFAPVersion 4 5         Optional  
agent 10.1.3.1             Mandatory
port 5             Optional
MAC 080009123456             Optional

host

The fully qualified host name of this sFlow Probe (e.g. probe.corp.inmon.com).

softwareKey

The software key for this probe. The key is required to enable monitoring. Evaluation keys expire at the end of the evaluation period and a new key is required before monitoring can resume. Depending on the license, a key may only permit a limited number of interfaces to be monitored.

A key is specific to the host. If the domain name is changed then a new key will have to be issued.

collectorHost

The IP address of the sFlow collector. sFlow packets will be streamed to this address.

Note: Additional sFlow collectors can be specified as collectorHost, collectorHost2, collectorHost3.

collectorPort

The UDP port on the sFlow collector that will receive sFlow packets.

Note: If multiple sFlow collectors have been specified then the corresponding collector ports are collectorPort, collectorPort2 and collectorPort3 respectively.

netflowHost

The IP address of the NetFlow collector. NetFlow packets will be streamed to this address.

Note: Additional NetFlow collectors can be specified as netflowHost, netflowHost2, netflowHost3.

netflowPort

The UDP port on the NetFlow collector that will receive NetFlow packets.

Note: If multiple NetFlow collectors have been specified then the corresponding collector ports are netflowPort, netflowPort2 and netflowPort3 respectively.

netflowScaling

NetFlow records generated by the probe based on sampled data can be scaled before being transmitted. This setting determines whether or not to scale the NetFlow packets and bytes by the sampling rate. A value of YES specifies that the probe should scale the NetFlow data. A value of NO specifies that the probe should not scale the NetFlow data.

WARNING: If you leave the NetFlow records unscaled most NetFlow collectors will underestimate the total traffic on your network.

netflowOutputASInfo

Determines which elements of the autonomous system (AS) path will be included in NetFlow packets created by the probe. A value of origin specifies the AS numbers associated with the source and destination of the flow. A value of peer specifies the AS numbers of the adjacent or next-hop networks.

netflowTimeout

The length of time (in seconds) that a flow must be idle before being flushed from the Flow-Cache.

counterPollingInterval

The interval (in seconds) between successive requests for interface counters.

samplingRate

The fraction of packets from the monitor port that will be sampled. 
e.g. Selecting a sampling rate of 1000 would cause the probe to take on sample for every 1000 packets received on its monitor port.

When the probe receives NetFlow packets, it samples them so as to approximate the behavior of mirror port sampling. A NetFlow record represent the flow of a single packet, or tens of thousands of packets. When a NetFlow record is sampled, the number of sFlow records generated will be in proportion to the number of packets in the NetFlow record.

WARNING: The smaller the sampling rate, the greater the number of sFlow packets generated.

community

The SNMP community string providing read-only access to MIB-2 (RFC 1213) and the Bridge MIB (RFC 1493) on the switch being monitored.

BGP_Peer

Flag determining whether or not to establish an iBGP peering session in order to monitor routing table updates. If set to YES the probe will attempt to establish an iBGP session with the router. A value of NO disables this feature.

BGP_LocalAS

The private AS number to be used by the probe when establishing an iBGP peering session with a router.

script

A script in the /usr/local/inmon/probe/inx/bin/ that should be run periodically to extract information from an agent.

The following options are available:

script.<script name>.interval = <seconds>
script.<script name>.enabled = YES | NO
script.<script name>.user = <username>
script.<script name>.password = <password>

The following scripts are currently supplied:

getArpCache Use SNMP MIB-2 to get ARP cache.
getIfTable Use SNMP MIB-2 to get ifTable.
getVlanTable Use SNMP Bridge MIB to get port-based VLAN table.
getCiscoBridgeTable Use SNMP Bridge MIB to get bridge forwarding table from Cisco switch runnig VLANs (NOTE: this script is only necessary if VLANs have been configured).
getRoutingTable Use SNMP MIB-2 to get IP routing table.
bgp-BGP4-MIB Use SNMP BGP4 MIB to get BGP routing table.
bgp-Foundry-MIB Use SNMP to get BGP routing table from Foundry Networks routers.
bgp-Foundry-telnet Use telnet to get BGP routing table from Foundry Networks routers.
bgp-Cisco-telnet Use telnet to get BGP routing table from Cisco routers.

e.g. The following settings enable the bgp-Cisco-telnet script, running it every hour. The username and password are specified as 'admin' and 'secret' respectively.

script.bgp-Cisco-telnet.interval = 3600
script.bgp-Cisco-telnet.enabled = YES
script.bgp-Cisco-telnet.user = admin
script.bgp-Cisco-telnet.password = secret

address

The IP address of the management entity associated with a switch or router being monitored.

routingAgent

The IP address of an agent to be used for routing table lookups (if it is not this agent). An [agent] block must be defined for any routing agents.

secondaryRoutingAgent

The IP address of an agent to be used as a secondary lookup for routing information. Typically this will only be specified if the secondary routing agent contains a BGP routing table that can be used to add AS information to the flow data. An [agent] block must be defined for any secondary routing agents.

deviceName

The device name associated with a LAN card being used to monitor monitor/SPAN port traffic.

mirrorDirection

The direction of packets being mirrored. This value should match the mirror settings on the switch. Valid settings are:

input  Input packets from one or more ports are being mirrored.
both Both input and output packet from a single interface are being mirrored.

Note: See Port Mirroring for a discussion of this setting.

promiscuous

Set to YES to enable promiscuous monitoring on this interface, or NO to disable promiscuous monitoring.

driverSampling

Set to YES to allow sampling to be performed by the network adaptor card. Set to NO to sample in software.

Note: Only Tigon-based adaptor cards currently support sampling. The setting of this flag will be ignored (and sofware sampling will be used) if other adaptor cards are used.

WARNING: Software sampling is much slower than adaptor card sampling. If software sampling is used data is likely to be lost during periods of heavy traffic and fewer links can be monitored from a single probe.

preSampled

Set to YES if packets have already been sampled by router/switch so probe should not sample. Set to NO if probe should sample packets.

WARNING: Make sure that the sampling rate configured in the device is the same as the value of samplingRate, otherwise sampled data will be incorrectly scaled.

ignoreMACLayer

Set to YES to strip MAC layer before processing packets. This is useful processing IP packets that have been forwarded to the probe over an ethernet connection.

Note: Juniper Networks' routers can forward sampled IP packets over a link level connection. Setting ignoreMACLayer=YES and preSampled=YES will ensure that this mirrored traffic is correctly processed.

inputPort

Specify the UDP port used to receive NetFlow packets (default UDP port 9993) or the TCP port to receive LFAP connections (default TCP port 3145).

Note: Only NetFlow versions 5 and 7 are supported.

sourceAddress

Only NetFlow packets from the specified source address will be associated with this [netflow] data source. This setting is only required if the source address in the UDP NetFlow packets does not match the address of the management agent associated with the device generating the NetFlow data. This can occur if NetFlow packets have been replicated without spoofing the source addresses.

netflowInputASInfo

The AS setting on the router sending NetFlow packets to the probe. A value of origin specifies the AS numbers associated with the source and destination of the flow. A value of peer specifies the AS numbers of the adjacent or next-hop networks.

flowTimesInSeconds

Juniper routers report flow timestamps in seconds. Set this flag when importing data from a Juniper router.

LFAPVersion

The type of LFAP records being sent to the probe (version 4 or 5 supported).

agent

The IP address of an agent from which traffic data is to imported and used as a [virtual] traffic source in this agent. The specified agent must exist in an [agent] section in the configuration file.

port

ifIndex used to filter traffic data provided by a [virtual] data source. This ifIndex is one of the interfaces on the agent specified in the [virtual] data source definition. Typically this interface connects the virtual data source to the agent containing the [virtual] data source definition.

MAC

MAC address used to filter traffic data provided by the [virtual] data source. This is the MAC address of one of the interfaces on the [agent] receiving data from the [virtual] data source, typically it is the interface that connects the two devices.