Sflow datas forwarding should be done to port 6343 of Logsign SIEM IP.
Note that: Sflow configuration varies according to different vendors.
1- We need to make sure that the data reaches port 6343 with the following command.
2- With the following command, we back up the logsign-flowd.conf file under the default /etc/init to /home/iadmin.
3- We replace the logsign-sflowd.conf file under /opt/logsign-poller with the conf inside /etc/init
4- After the operations, you should see that the datas are forwarded to port 2056 of 127.0.0.1 with the following command.
5- Now SFlow integration can be performed by clicking the “+Device” button from “Source List” tab on Logsign SIEM.
6-SFlow is selected as the integration type and the necessary information is entered in the relevant fields. Then click on the save button.