hsflowd cannot send sample on Cumulux VX 3.3!

  • 1
  • Problem
  • Updated 10 months ago
  • Solved
I have used Cumulus VX to evaluate switch monitor using hsflowd. When configure as suggest from:

My setting is:

cat /etc/hsflowd.conf

# hsflowd configuration file
sflow {
  DNSSD = off
  agent = eth0
  polling = 30
  sampling = 512

  sampling.100M = 100
  sampling.1G = 1000
  sampling.10G = 10000
  sampling.40G = 40000

  collector {
    ip =
     udpport = 6343

The hsflowd start success but with error:

myExec(/usr/lib/cumulus/portsamp) exitStatus=1 so assuming ULOG/NFLOG is 1:1

and when i wireshark, it show nothing. 

I have search in the forum and there is only one URL mention about this problem:


i do as this link suggest: 

sudo iptables -I FORWARD -j NFLOG --nflog-group 1 --nflog-prefix SFLOW 

but the problem is not gone, still have the log: 

myExec(/usr/lib/cumulus/portsamp) exitStatus=1 so assuming ULOG/NFLOG is 1:1
Photo of Tuan Anh Do

Tuan Anh Do

  • 110 Points 100 badge 2x thumb

Posted 10 months ago

  • 1
Photo of Neil McKee

Neil McKee

  • 70 Points
Did you check that iptables is counting packets against that rule,  using "iptables --list --verbose" ?

You might have to set the iptables rule against the "INPUT" chain instead.

The error message is just warning that it will apply the full 1-in-N sampling to the packets it gets here.

To see more details,  run hsflowd like this:

sudo service hsflowd stop
sudo hsflowd -ddd 2>&1 | grep NFLOG

and look for messages like this one:

Photo of Tuan Anh Do

Tuan Anh Do

  • 110 Points 100 badge 2x thumb
Hi, thank for your support.

I have do some test and figure out, the error above is when i setting it run with systemctl start hsflowd@mgmt. When start hsflod with systemctl start hsflowd, it  not show these errors. And one more thing, even it show 

myExec(/usr/lib/cumulus/portsamp) exitStatus=1 so assuming ULOG/NFLOG is 1:1

It still sent the sflow packet to my collector. So i wonder what these errors is about? I still new to iptables and monitor by sflow so i need to dig more about when i have time.
Photo of Neil McKee

Neil McKee

  • 70 Points
OK.  Glad you found the reason.  Let me know if you think we need to change anything in the systemd service file for hsflowd.

The log message just means that hardware ASIC packet-sampling was not configured (which is going to happen every time on the VX platform because of course there is no ASIC!).   So hsflowd now assumes it will receive every packet and should retrofit the 1:N packet sampling in software instead:

That software-sampling happens here:


P.S.  If you really need VX to perform better you could try configuring iptables nflog to do the random sampling for you in the kernel,  and then tell hsflowd what probability you configured.  Like this:

In that case hsflowd will adjust it's user-space software-sampling accordingly:

But I don't know if this will actually run cooler or not.  It probably depends on what your hypervisor is doing.