SflowV5 Switch monitoring

You might also want to try and set up the various switches to send data to different ports on the PRTG server, eliminating the need for the sender IP to be set. You may also want to try and use the sFlow tester to see where packets are coming from to make sure that the IP of the packets being sent to the PRTG server matches the IP that you are using for the Sender IP address.

Setting all of the switches we have to differing ports would be extremely difficult at this point, not to mention labor intensive. I ran the sflow tester and it came back with IP errors, but I dont know how to read it to figure out which IP addresses arent reporting correctly

I would at least try this for some of the switches that you see no traffic for to see if that port is just being overloaded with information or if the sender isn't sending correctly. What errors are you getting with the tester?

in the ip source I see failed 1194, but im not sure waht that means From the debug log 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446863,2908195208,1,0800,6,48,42,1064 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446863,2908195208,1001 5:49:41 PM,10.26.0.3,1,1,,0000002D,616604,750589994,1,0800,6,45,6,40 5:49:41 PM,10.26.0.3,1,1,,0000002D,616604,750589994,1001 5:49:41 PM,10.26.0.3,1,1,,0000002D,616605,750589994,1,0800,6,45,6,46 5:49:41 PM,10.26.0.3,1,1,,0000002D,616605,750589994,1001 5:49:41 PM,10.26.0.3,1,2 5:49:41 PM,10.26.0.3,1,2 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446864,2908196571,1,0800,6,48,42,1064 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446864,2908196571,1001 5:49:41 PM,10.26.0.3 And from the SFTest flow save file 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446863,2908195208,1,0800,6,48,42,1064 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446863,2908195208,1001 5:49:41 PM,10.26.0.3,1,1,,0000002D,616604,750589994,1,0800,6,45,6,40 5:49:41 PM,10.26.0.3,1,1,,0000002D,616604,750589994,1001 5:49:41 PM,10.26.0.3,1,1,,0000002D,616605,750589994,1,0800,6,45,6,46 5:49:41 PM,10.26.0.3,1,1,,0000002D,616605,750589994,1001 5:49:41 PM,10.26.0.3,1,2 5:49:41 PM,10.26.0.3,1,2 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446864,2908196571,1,0800,6,48,42,1064 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446864,2908196571,1001 5:49:41 PM,10.26.0.3

but i dont relly understand what I am looking at there. Or how to interpret what this log is tellign me

Under IP I see 1194 failed. Im not sure how to read the logs it gives. From the debug log 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446863,2908195208,1,0800,6,48,42,1064 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446863,2908195208,1001 5:49:41 PM,10.26.0.3,1,1,,0000002D,616604,750589994,1,0800,6,45,6,40 5:49:41 PM,10.26.0.3,1,1,,0000002D,616604,750589994,1001 5:49:41 PM,10.26.0.3,1,1,,0000002D,616605,750589994,1,0800,6,45,6,46 5:49:41 PM,10.26.0.3,1,1,,0000002D,616605,750589994,1001 5:49:41 PM,10.26.0.3,1,2 5:49:41 PM,10.26.0.3,1,2 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446864,2908196571,1,0800,6,48,42,1064 5:49:41 PM,10.26.0.3,1,1,,0000002A,4446864,2908196571,1001 5:49:41 PM,10.26.0.3

And from the Save 10.26.0.191:80->10.26.0.200:49195 P:6 IF/OF:48/42 5:50:33 PM 1431080 10.26.0.194:80->10.26.0.200:49193 P:6 IF/OF:48/42 5:50:33 PM 1415120 10.26.0.200:65016->10.26.0.192:80 P:6 IF/OF:42/48 5:50:34 PM 53240 10.26.0.107:63584->216.58.216.46:443 P:17 IF/OF:9/45 5:50:34 PM 1096888 10.26.0.190:80->10.26.0.200:49159 P:6 IF/OF:48/42 5:50:34 PM 1415120 10.26.0.200:65011->10.26.0.192:80 P:6 IF/OF:42/48 5:50:34 PM 53160 10.26.0.194:80->10.26.0.200:49193 P:6 IF/OF:48/42 5:50:35 PM 1430016 10.26.0.150:445->10.26.0.105:49221 P:6 IF/OF:47/12 5:50:35 PM 51961 10.26.0.193:80->10.26.0.200:49190 P:6 IF/OF:48/42 5:50:35 PM 1430016 10.26.0.150:4915->10.26.0.71:9100 P:6 IF/OF:47/13 5:50:35 PM 0 10.26.0.150:4915->10.26.0.71:9100 P:6 IF/OF:47/13 5:50:37 PM 825000 10.26.0.194:80->10.26.0.200:49193 P:6 IF/OF:48/42 5:50:37 PM 1418312 10.26.0.191:80->10.26.0.200:49195 P:6 IF/OF:48/42 5:50:37 PM 1417248 10.26.0.193:80->10.26.0.200:49190 P:6 IF/OF:48/42 5:50:37 PM 1443848 10.26.0.194:80->10.26.0.200:49193 P:6 IF/OF:48/42 5:50:38 PM 1443848 10.10.150.160:2598->10.26.0.106:2797 P:6 IF/OF:45/6 5:50:38 PM 31648 10.26.0.193:80->10.26.0.200:49190 P:6 IF/OF:48/42 5:50:38 PM 1470448 10.26.0.30:50959->216.58.216.46:443 P:6 IF/OF:37/45 5:50:38 PM 21200

Please try and see if setting up one of the devices to send to a different port has any better result and also please send us your logs directly to [email protected] so we can analyze them in whole.

pointing to different ports sort of worked. I made it so that each of my location has their own port, however I when I input it to only get info for that IP some of them fail. what logs do you want?

Can you send over the decoded flows for one of the locations that doesn't work when you specify the IP as well as a screenshot of the sflow tester showing the errors that you mentioned before? Can you also send over the IP address you are using as a filter in the sensor settings for the location?