Hi Slava,
Can recommend a couple of things:
* You can do your download again and capture sFlow packets with
sflowtool. This is to have an external reference to pmacct and
be sure of what the ZTE box is exporting. Summing up counters
collected by sflowtool should roughly match the figure returned
by pmacct with sfacctd_renormalize set to false.
* Do you receive any error/warning message back on your terminal
(as it seems you are not daemonizing sfacctd)? Also since you
are performing a simple test, please re-do removing un-needed
directives, ie. networks_file and ports_file.
If nothing of the above helps getting on the right path, it might
be worth that i have a look at the issue myself. You can contact
me privately if this is the case and we'll summarize back on the
list.
Cheers,
Paolo
On Fri, Jul 20, 2012 at 08:13:48PM +0300, Viacheslav Dubrovskyi wrote:
Hi.
I collect sFlow from ZTE 5928 TX and see that the data that I get are
very different from those which really downloaded.
My configuration very simple:
interface: venet0
plugin_buffer_size: 2048
plugin_pipe_size: 2048000
sfprobe_agentip: 195.211.108.33
sfacctd_renormalize: true
networks_file: /etc/pmacct/networks.lst
ports_file: /etc/pmacct/ports.lst
plugins: memory[IP]
aggregate[IP]: src_host, dst_host, src_port, dst_port
imt_path[IP]: /tmp/IP.pipe
# cat ports.lst
80
#cat networks.lst
171.25.204.3/32
For ZTE sFlow configuration:
#show sflow
sflow enable
sflow agent ip-addr agent udp port
195.211.108.336343
sflow collector ip-addr collector udp port
171.25.204.64 6343
portname ingress_sample_rate egress_sample_rate
gei_1/4 256 256
gei_1/5 256 256
gei_1/6 256 256
gei_1/7 256 256
gei_1/8 256 256
gei_1/9 256 256
gei_1/11 256 256
gei_1/12 256 256
gei_1/13 256 256
gei_1/16 256 256
gei_1/17 256 256
gei_1/18 256 256
gei_1/19 256 256
gei_1/20 256 256
gei_1/22 256 256
gei_1/23 256 256
gei_1/24 256 256
xgei_2/1 256 256
xgei_3/1 256 256
xgei_4/1 256 256
My server with IP 171.25.204.3/32 on gei_1/6
For test I start
# sfacctd -f sfacctd.conf
and begin download file from 171.25.204.3. Access open only for me. So
I expect see the same data.
$ LANG=C wget http://171.25.204.3/de1_15.01.2012/vzdump-5104.tgz
--2012-07-20 19:24:11-- http://171.25.204.3/de1_15.01.2012/vzdump-5104.tgz
Connecting to 171.25.204.3:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1231847830 (1.1G) [application/octet-stream]
Saving to: `vzdump-5104.tgz'
100%[]
1,231,847,830 9.48M/s in 1m 57s
2012-07-20 19:26:08 (10.0 MB/s) - `vzdump-5104.tgz' saved
[1231847830/1231847830]
But I see very different data :
# pmacct -c src_host -M 171.25.204.3 -p /tmp/IP.pipe
SRC_IP
DST_IP SRC_PORT DST_PORT
PACKETS BYTES
171.25.204.3
0.0.0.0800
147349221023500
PACKETS BYTES
sampling 256 with sfacctd_renormalize: true
147349221023500
15376023064 (4.35%)
172244258366000 (12.2%)
I tried to set sfacctd_renormalize and sampling_rate and sampling.map.
None of this helps, and the data did not match (Although up to 10% as
described in http://www.sflow.org/packetSamplingBasics/index.htm).
Question: What am I doing wrong and how to make the resulting data
correspond to reality?
--
WBR,
Viacheslav Dubrovskyi
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
___
