Table of Contents
This section contains information on advanced topics, which many users will not be concerned about.
Some custom sFlowTrend-Pro server configuration is possible through the sFlowTrend-Pro properties file. Modifying this is only recommended for advanced users. The file must be edited using a standard text editor, and sFlowTrend-Pro service must be restarted before any of the changes will take effect. Changes to the configuration will affect all users using the server.
The properties file is called
config.prp,
and it is located in the sFlowTrend-Pro home directory (which can be
identified through the sFlowTrend-Pro
→
menu, General tab, File location).
If the
config.prp
file does not exist in the directory, then create the file first.
The file is organized as a series of lines, where each line
is of the form:
propertyName = value
For example,
database.hoursPersistent = 336
would change the number of hours of data stored in the database to 336 (2 weeks). Note that all properties and values must be entered exactly as specified. Some of the properties that can be modified using the properties file are:
- database.hoursPersistent
- Controls how many hours of data will be stored in the database, before being flushed. This number can be reduced from the default of 168 (1 week), if the database is getting too large.
- event.threshold.email
- Sets the number of queued email event actions when email suppression will be enabled. The default value is 3, and a value of 0 switches off suppression of event email messages.
- event.threshold.syslog
- Sets the number of queued syslog event actions when syslog suppression will be enabled. The default value is 5, and a value of 0 switches off suppression of event syslog messages.
- sflowtrend.autoEnable
-
The default value for this setting is
true. In this case, sFlowTrend-Pro will automatically enable and start collecting data from the firstnswitches that it receives unsolicited (command line configured) sFlow from, wherenis the maximum number of switches allowed by the software license. To control manually which switches are enabled, set this value tofalse. - sflowtrend.samplingRate.[ifSpeed.]medium
-
If sFlowTrend-Pro is using SNMP to configure the switches to send sFlow, sFlowTrend-Pro will use this value to configure the sampling rate for all interfaces of the given ifSpeed. The default values are:
sflowtrend.samplingRate.medium = 512 sflowtrend.samplingRate.10.medium = 128 sflowtrend.samplingRate.100.medium = 256 sflowtrend.samplingRate.1000.medium = 512 sflowtrend.samplingRate.10000.medium = 1024For example
sflowtrend.samplingRate.100.medium = 256tells sFlowTrend-Pro to configure all interfaces with an ifSpeed of 100 Mb/s with a sampling rate of 1 in 256. The value for
sflowtrend.samplingRate.mediumis used by sFlowTrend-Pro when configuring an interface with an ifSpeed for which a sampling rate has not been specified. For example, with the default sampling rate settings, a 4 Gb/s trunk would be configured with a sampling rate of 1 in 512.You can specify sampling rates for other ifSpeeds. For example
sflowtrend.samplingRate.8000.medium = 1024tells sFlowTrend-Pro to configure all interfaces, with an ifSpeed of 8 Gb/s, with a sampling rate of 1 in 1024.
- sflowtrend.useForce
-
The default value for this setting is
false. In this case, if sFlowTrend-Pro is using SNMP to configure the switches to send sFlow, and finds that a switch has already been configured by another application and there are no unclaimed receiver entries on the switch, then sFlowTrend-Pro will not configure the switch. In this case sFlowTrend-Pro will show the switch status as Already in use. If the value for this setting istrueand there are no unclaimed receiver entries on the switch, then sFlowTrend-Pro will overwrite the first receiver entry forcibly claim it. - sflowtrend.natReceiverAddress
-
If sFlowTrend-Pro is using SNMP to configure switches to send
sFlow and there is a NAT device between the system
running sFlowTrend-Pro and the switches, use this setting to
specify the public IP address and port on the NAT device
that sFlow should be sent to. Note that in a virtual
or container environment a virtual NAT device is often
used and this setting is applicable. If you are not
using SNMP to configure switches to send sFlow, then
this setting is not required.
For example, for a NAT device with a public IPv4 address
of 10.1.2.3 and a forwarded sFlow port of 7070
sflowtrend.natReceiverAddress = 10.1.2.3:7070or for a NAT device with a public IPv6 address of sflowtrend.natReceiverAddress = 2001:df8:3c5d:15:1a36:3ecd:dc72:ef7e and a forwarded sFlow port of 7575[2001:df8:3c5d:15:1a36:3ecd:dc72:ef7e]:7575Note that you must also choose this address as the collector address, see Section 13.2.2, “sFlow configuration” - server.webserver.port
-
The TCP port that the server web server will listen on.
This default value is
8087. If this is changed, then a client connecting to the server must also use the new value. For example, if the port is changed to8088, then point a web browser athttp://[hostname]:8088/sflowtrend. - server.webserver.localonly
-
By default, this setting is
false, which means that the server web server can respond to requests from any client. If you want to disallow clients other than the system that is running the server from connecting to the server, then set this property totrue. - server.webserver.forceHttps
-
If you wish to always connect to the web server via
https, then set this setting to
true. By default, the setting isfalse. When set totrue, there are two effects:If you are using this option, it is strongly recommended that you also configure a signed https certificate for the webserver, rather than using the default, self-signed one. Refer to Section 2.6, “Configuring https certificates” for further information.- Any request to http is redirected to https.
-
All responses via https have the
Strict-Transport-Securityhttp header added, which causes subsequent requests from the browser to always use https, even if no protocol was specified in the URL.
- server.webserver.https.port
-
The TCP port that the web server will use for https
connections to clients. The default value is
8443. If this is changed, then a client connecting to the server must also use the new value. For example, if the port is changed to8444, then point a web browser athttps://[hostname]:8444/sflowtrend. - server.webserver.https.keyStore
-
Filename of https key store in sFlowTrend home
directory. The default value is
httpsKeyStore. - server.webserver.https.alias
-
Alias of certificate for https in key store.
The default value is
sflowtrend. - server.webserver.https.password
-
Password for the key store.
The default value is
sflowtrend. - server.webserver.https.keyPassword
- Password for the private key. If left blank or omitted (default), then the password for the key store is used.
- server.webserver.https.removeCiphers
-
Specifies cipher suites that are to be removed from those supported by the https web server. This setting can be used to remove insecure cipher suites. Cipher suites must be specified as a comma separated list, using standard Java naming. If this setting is used, then the default cipher suites to be removed will be overridden, so these defaults must be specified explicitly if it is desired to continue to remove them.
The current default cipher suites to remove are:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 - server.webserver.https.includeCiphers
- Specifies cipher suites that are to be included as supported by the https web server. Cipher suites must be specified as a comma separated list, using standard Java naming. This setting specifies only those cipher suites to be supported; no others will be available. This means if use this parameter, you must specify all cipher suites to be used by the web server.
- server.webserver.https.removeProtocols
- Specifies SSL protocols that are to be removed from those supported by the https web server. This setting can be used to remove insecure protocols. Protocols must be specified as a comma separated list, using standard Java naming.
- server.webserver.https.includeProtocols
- Specifies SSL protocols that are to be included as supported by the https web server. Protocols must be specified as a comma separated list, using standard Java naming. This setting specifies only those protocols to be supported; no others will be available. This means if use this parameter, you must specify all protocols to be used by the web server.