sflowtool Command Questions

Question

sflowtool Command Questions

Jwau opened this issue 9 months ago · 3 comments

why I use “sudo sflowtool -p 6345 -t | stdbuf -oL sudo tcpdump -r - -Z root -G 20 -w %Y_%m%d_%H%M_%S.pcap” I can get the right file ,but I use "sudo sflowtool -p 6345 -f 127.0.0.1/6343 -t | stdbuf -oL sudo tcpdump -r - -Z root -G 20 -w %Y_%m%d_%H%M_%S.pcap",pcap file is empty.
I want to use sflowtool to save files regularly through tcpdump while sending them to the collector. Can you do that? What would I do if I could? thank you!

Answer 1 · 2024-02-28T14:29:29.000Z

Can someone tell me the answer? I check every day and no one answers. If this tool doesn't work, then I can only use port mirroring to achieve my needs，please.

Answer 2 · 2024-02-28T17:43:16.000Z

When sflowtool is forwarding it doesn't do anything else. However it can forward to more than one destination so one way to do what you describe is to run two sflowtool processes. The first can forward to two destination ports. The second can take one of those and extract the tcpdump feed.

I'm not sure this solution will scale well, but that's for you to decide.

Answer 3 · 2024-02-29T05:53:10.000Z

@sflow I also thought of this method after asking yesterday. There is no problem with this method. Thank you for your reply.