Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packet Flow Data 24.03 in comparison to softflowd

    Scheduled Pinned Locked Moved
    Off-Topic & Non-Support Discussion
    netflow
    3
    6
    207
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcury
      last edited by

      Just want to share my findings when comparing softflowd with the new feature Packet Flow Data in 24.03.

      When using softflowd, if the traffic was huge, let's say around 1Gbps, softfowd would get up to 4 or 5% of CPU usage.

      Now, with this Packet Flow Data in 24.03, there is no impact what so ever in my CPU.

      So, from now on, Packet Flow Data is the way for me now.

      8466737f-68b3-4f58-a87e-fd13721f4549-image.png

      Thanks Netgate team, really liked this 👍

      dead on arrival, nowhere to be found.

      keyserK dennypageD 2 Replies Last reply Reply Quote 3
      • keyserK
        keyser Rebel Alliance @mcury
        last edited by

        @mcury Not only that, but the granularity is FABULOUS! because you can decide on a per rule basis on which flows to collect. That removes a LOT of useless logging and clutter in my flow analyzer :-)

        Also: It doesn't seem to occasionally break flows into several smaller flows like SoftflowD did.

        Love the no fuss of using the official appliances :-)

        M 1 Reply Last reply Reply Quote 2
        • M
          mcury @keyser
          last edited by

          @keyser said in Packet Flow Data 24.03 in comparison to softflowd:

          @mcury Not only that, but the granularity is FABULOUS! because you can decide on a per rule basis on which flows to collect. That removes a LOT of useless logging and clutter in my flow analyzer :-)

          Good point there, I didn't have time to play with the per rule basis yet, but I'll will soon :)

          Also: It doesn't seem to occasionally break flows into several smaller flows like SoftflowD did.

          I'm still testing, so far, so much better than SoftflowD.

          But I can't speak badly about SoftflowD because for a long time, it was the only option and served me pretty well. So thanks for the developer and everyone involved in that project.

          dead on arrival, nowhere to be found.

          keyserK 1 Reply Last reply Reply Quote 1
          • dennypageD
            dennypage @mcury
            last edited by

            @mcury If I may ask, what are you using for collecting/storage/display of flows?

            M 1 Reply Last reply Reply Quote 0
            • M
              mcury @dennypage
              last edited by

              @dennypage said in Packet Flow Data 24.03 in comparison to softflowd:

              @mcury If I may ask, what are you using for collecting/storage/display of flows?

              Hello dennypage,
              I'm using Graylog server community edition with opensearch (updated from elasticsearch a few months ago).

              dead on arrival, nowhere to be found.

              1 Reply Last reply Reply Quote 2
              • keyserK
                keyser Rebel Alliance @mcury
                last edited by

                @mcury said in Packet Flow Data 24.03 in comparison to softflowd:

                But I can't speak badly about SoftflowD because for a long time, it was the only option and served me pretty well. So thanks for the developer and everyone involved in that project.

                Niether can I, worked great for me these years.

                One note though, there might be an issue when pfflow is only based on expiring States. That could mean keepalive sessions are never logged as flows

                Love the no fuss of using the official appliances :-)

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post