The following steps demonstrate how to install and configure the Host sFlow agent on a Linux server, sending sFlow to an analyzer with IP address 10.0.0.50.
Note: If there are any firewalls between the Linux servers and the sFlow analyzer, you will need to ensure that packets to the sFlow analyzer (UDP port 6343) are permitted.
First go to the Host sFlow web site and download the RPM file for your Linux distribution. If an RPM doesn't exist, you will need to download the source code.
If you are installing from RPM, the following commands will install and start the Host sFlow agent:
rpm -Uvh hsflowd_XXX.rpm service hsflowd start
If you are building from sources, then using the following commands:
tar -xzf hsflowd-X.XX.tar.gz cd hsflowd-X.XX make make install make schedule service hsflowd start
The default configuration method used for sFlow is DNS-SD; enter the following DNS settings in the site DNS server:
analyzer A 10.0.0.50 _sflow._udp SRV 0 0 6343 analyzer _sflow._udp TXT ( "txtvers=1" "polling=20" "sampling=512" )
Note: These changes must be made to the DNS zone file corresponding to the search domain in the Linux server's /etc/resolv.conf file. Alternatively, you can explicitly configure the domain using the DNSSD_domainsetting in /etc/hsflowd.conf.
Once the sFlow settings are added to the DNS server, they will be automatically picked up by the Host sFlow agents. If you need to change the sFlow settings, simply change them on the DNS server and the change will automatically be applied to all the Linux systems in the data center.
Manual configuration is an option if you do not want to use DNS-SD. Edit the Host sFlow agent configuration file, /etc/hsflowd.conf, on each Linux server:
sflow{ DNSSD = off polling = 20 sampling = 512 collector{ ip = 10.0.0.50 udpport = 6343 } }
After editing the configuration file you will need to restart the Host sFlow agent:
service hsflowd restart
For a complete sFlow monitoring solution you should also collect sFlow from the switches connecting the servers to the network (see Hybrid server monitoring). The sFlow standard is designed to seamlessly integrate monitoring of networks and servers (see sFlow Host Structures).
An sFlow analyzer is needed to receive the sFlow data and report on performance (see Choosing an sFlow analyzer). The free sFlowTrend analyzer is a great way to get started, see sFlowTrend adds server performance monitoring to see examples.
Update: The inclusion of iptables/ULOG support in the Host sFlow agent provides an efficient way to monitor detailed traffic flows if you can't monitor your top of rack switches or if you have virtual machines in a public cloud (see Amazon Elastic Compute Cloud (EC2) and Rackspace cloud servers).