What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Sflow records marked "other"

Votes:

0

In my setup I'm seeing a lot of sflow data marked other (90% of records). Is there anyway to see why its not including these records. As far as I know all the packets are TCP and should be included, but it maybe one of the other crieria that is invalidating these records.

For instance I'm not exactly sure that this even means?

"PRTG processes only samples where the source ID matches the ifIndex of the input interface (avoiding double counted traffic) and ascending sequence numbers."

Can you help to identify why its not able to process most of the records

other sflow tcp

Created on Dec 16, 2016 8:16:33 PM



3 Replies

Votes:

0

Hello,

Thank you very much for your KB-Post. To avoid a confusion to which 'other' category you are referring to (Toplists or "Normal" Sensor results), can you share a screenshot that clarifies this?

Thank you!

Created on Dec 19, 2016 12:00:18 PM by Torsten Lindner [Paessler Support]



Votes:

0

I created my own top list, and there were obviously more than 100 unique connections (the default Top Count), which is why it showed all these fields as other. I increased "Top Count" to 1000, and now I see all the individual records.

Now the question is why are there so many records?

Well most of them appear to be a strange packet or some sort of parsing error

Image description

Created on Dec 19, 2016 4:59:25 PM



Votes:

0

PRTG shows you the packets it gets, which means, there have to be slfow packets incoming with quite pointless data (all 0.0.0.0 as destination and source addresses). Additionally to that, you will see the connections here, that the device really does have, which sends you the sflow data.

Created on Dec 20, 2016 1:39:58 PM by Torsten Lindner [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.