What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Clarification regarding Sflow sensor

Votes:

0

Hi Folks,

Lately I've been trying Prtg trial version with unlimited sensors, we are fairly satisfied with it and most probably we will be purchasing 5000 sensors. Our environment is all HP (procurve), with around 195 switches.

I've been trying to deploy Sflow sensors on some of the devices which are in the critical areas of our business, can anybody just explain me what is the primary difference between an sFlow sensor and sFlow (Custom) Sensor ?

When I'm deploying an Sflow sensor, soon its providing traffic flows like : 

ruh-vm-lfrio.xx.com (10.10.252.146)	ruh-ph-backup.xx.com (10.10.252.56)	124 GByte	35 %

Other	 	 	108 GByte	31 %

2.	[10.10.71.21]	er223939a.sfh.med.sa (10.10.71.81)	7,236 MByte	2 %
3.	[10.10.71.233]	[10.10.71.21]	4,006 MByte	1 %
4.	[19.1.1.14]	[19.1.1.103]	3,972 MByte	1 %

and the stats are pretty much same no matter on which access switch I apply the Sflow sensor, which I'm sure isn't true as I know that there isn't that huge traffic flowing across our entire network.

Moreover Sflow sensor is also displaying same sort of information when I'm deploying it on switches (HP 2650) that don't even support Sflow.

I'm confused, please help!

Thanks a million in advance.

hp-procurve prtg sensors sflow

Created on Dec 29, 2015 6:45:51 AM

Last change on Dec 29, 2015 12:23:19 PM by Luciano Lingnau [Paessler]



3 Replies

Votes:

0

Hello Arali,
we appreciate your inquiry.

It's very satisfying to hear that you're enjoying your trial and consider purchasing PRTG.

As for the difference between the sFlow sensor and sFlow (Custom) Sensor, the main difference is that the (Custom) variant allows you to create your own "traffic segregation" rules, for example you can omit the File Transfer Protocol, or create a category(channel) called Internet which contains both FTP and HTTP/HTTPS. This can be achieved by applying Channel Definitions according to the Filter Rules.



Regarding the issue you're encountering (with sFlow Sensors displaying incorrect values) or you seeing sFlow Traffic on devices which don't support flow, please be aware that PRTG needs some sort of information to distinguish the received flows:

This can either be achieved by creating distinct sensors on different ports (Ex.: 6343, 6344, 6345...) or configuring the Sender IP within the Sensor's settings, most likely (based on your description) you have several sFlow sensors but no port or Sender IP filter, this means that all Sensors will show the "sum" of all exporting devices.

If you have further questions or require any additional assistance, don't hesitate to submit a support ticket, we'll be glad to assist and it will allow you to send us screenshots and other attachments (after our initial reply).

Best Regards,

Created on Dec 29, 2015 12:35:33 PM by Luciano Lingnau [Paessler]



Votes:

0

Thanks for the response team, but may I know how the tool is able to pull 'sum' of all the exporting devices when specifically applied to a device which doesn't even support Sflow?, and exactly it's pulling the 'sum' of all the exporting devices?

Moreover, is there a way I can retrieve unused switchports across the campus by using Prtg?. Apart from the ports which in shutdown state we have numerous ports which are in 'down' state, so basically I want to disable the ports on which no traffic is detected in last 30 days, is there a way I can pull this sort of report ?

Created on Dec 31, 2015 6:02:05 AM



Votes:

0

Dear Arali

Please use include filters for each sFlow sensor to only evaluate the according traffic. If you just create sFlow sensors without a custom include filter, the sensor monitors the entire stream of flows, resulting in the sum of all devices.

If you have ports you don't want to monitor, please pause the according sensors manually. In principle, you could use a threshold trigger with an extreme delay which then triggers a notification, which performs an HTTP action which is an API call which pauses that sensor. However this method is not recommended.

Created on Jan 1, 2016 1:22:01 PM by Arne Seifert [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.