Softflowd not sending data

mcury · Apr 2, 2022, 9:11 PM

SG-3100 22.01

Installed softflowd , and its not sending any data to my netflow server, confirmed by tcpdump.
I wonder if its related to this bug: redmine #10436

mcury · Apr 2, 2022, 11:53 PM

Its not related to the redmine #10436, no Segmentation fault (core dumped).

This doesn't work:

/usr/local/bin/softflowd -D -i 1:mvneta1.100 -n 192.168.255.253:2055 -v 9 -T full -A sec -p /var/run/softflowd.mvneta1.pid
Using mvneta1.100 (idx: 1)
softflowd v1.0.0 starting data collection
Exporting flows to [192.168.255.253]:2055

This does work:

/usr/local/bin/softflowd -D -i 1:mvneta1 -n 192.168.255.253:9995 -v 9 -T full -A sec -p /var/run/softflowd.mvneta1.pid -c /var/run/softflowd.mvneta1.ctl -P udp
Using mvneta1 (idx: 1)
softflowd v1.0.0 starting data collection
Exporting flows to [192.168.255.253]:9995
ADD FLOW seq:1 [172.16.200.1]:22 <> [192.168.255.254]:48902 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00 
ADD FLOW seq:2 [52.38.204.228]:443 <> [192.168.255.254]:50948 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00 
ADD FLOW seq:3 [192.168.255.252]:50355 <> [239.255.255.250]:1900 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00

ps auxwww:

/usr/local/bin/softflowd -i 1:mvneta1.100 -n 192.168.255.253:2055 -m 8192 -L 1 -v 9 -T full -A sec -p /var/run/softflowd.mvneta1.100.pid -c /var/run/softflowd.mvneta1.100.ctl

mcury · Apr 3, 2022, 12:03 AM

This post is deleted!

mcury · Apr 3, 2022, 12:04 AM

The problem happens when its listening on a VLAN.
If I change the parameter from "-i 1:mvneta1.100" to "-i 1:mvneta1", it works.

Shouldn't softflowd run only on the mvneta1 interface?
Its getting flows from everything, VLANs included, only parent interface is required

mcury · Apr 3, 2022, 12:38 AM

With -D option, I can see the daemon working, sending flows..
But nothing is actually sent, tcpdump -ni mvneta1.100 udp port 9995 remains empty..

randomuserofnetgatethings · Jun 30, 2022, 5:13 AM

Bump on this.

Same problem here on two 1100 devices. Totally fine on a much larger netgate appliance though.

If softflowd is allowed to run in "-D" for a bit ... cores out.
VERY frustrating as this blinding visibility/correlation into the vlans/subnets behind the devices. An 1100 won't do ntopng very well.

The latest docs on the netgate site don't even match the GUI for softflow settings :(

randomuserofnetgatethings · Jul 14, 2022, 3:09 AM

No one ever uses softflowd on the 1100? Or has never seen it just not send data and/or core out?

This is not reassuring that included software (regardless of who wrote it) doesn't just ... work. There aren't that many settings to fiddle with.

I mean, if the project is dead, then why is the software included at all? If one cannot support/update/maintain it ... why would one ever continue to pretend it's a legit working package?

And if the project is indeed dead ... is there no other way to dump flow data if the 1100 can't handle ntopng?

alextg · May 31, 2024, 7:52 AM

Did anyone manage to get this working?

I am still struggling with softflow to send data. Nothing is send and it stops working after a few minutes.

keyser · May 31, 2024, 2:45 PM

@alextg Consider upgrading to pfsense plus 24.03. It has a much better native netflow export feature where you can enable it on a rule by rule basis (or globally)