CH logo® Knowledge Base
Contents Search


Agents Overview

Note: Host agent mode is no longer supported for chfagent; use kprobe instead. chfagent is now used only as a NetFlow proxy agent.

Two distinct software agents may be used with Kentik Detect. The following topics provide a high-level overview of those agents:

Note: The software agents described in this article are available for both Debian/Ubuntu and CentOS/RHEL.



Encryption Agent

Kentik provides a downloadable software agent called “chfagent,” which is used as a NetFlow proxy agent to enable the local encryption of flow records (NetFlow v5/v9, IPFIX, and sFlow) before the records are forwarded to Kentik. The machine running chfagent isn’t actually handling traffic directly, but rather allows flow and SNMP from routers to be locally collected and encrypted for transport to Kentik Detect. A single instance of the chfagent executable can redirect flow for multiple routers and switches, handling rate limiting and resampling as well as encryption. Multiple servers across the network can run chfagent to distribute traffic and load. For information on configuring chfagent for this use case, see NetFlow Proxy Agent.



Host Agent

To enable Kentik Detect customers to collect and send flow records from hosts Kentik has developed kprobe host agent software. kprobe runs on a host machine that is registered with Kentik Detect, allowing that machine to directly report flow for one or more interfaces. The agent “sniffs” traffic from the host’s Ethernet port(s), creates flow records, and sends the flow records to Kentik Detect. For information on configuring kprobe, see Host Configuration.


In this article: