One of the supported methods for collecting network traffic is using the sFlow protocol. Here are some recommendations on setting up sFlow in your environment:
- Supported version: sFlow v5
- Sampling Rate: Faddom can support any sampling rate in sFlow, however the smaller the sample size, the longer it will take Faddom to detect flows and changes in flows.
- Collector Address: This should be set to the IP address of a Faddom sensor or server.
- Collector Port: The recommended port number to use is the default of 6343. This can be changed if needed. Using port 9545 is not recommended as this port is used by default for communication between the Faddom sensor and server.
- Sampled Size: Some sFlow sources can configure the size of sample that is collected. In most cases, the default of 128 is sufficient. Larger samples may allow Faddom to collect some additional details from the flows such as database names and SSL certificate data, but a larger sampling rate is preferred to a larger sampled size for most use cases.
- sFlow Counters: The sFlow protocol supports sending counters with different statistical information as well as raw packet data. Faddom does not currently utilize this counter data and the counter collection can be disabled to reduce bandwidth.