Pfflowd

jason0

Hi,

I would like to use this package, but it says it converts pfsync messages to cisco netflow?  Will this prevent me from using pfsync for failover in the future?

Is there a difference between how pfflowd is implemented in 1.2.3 vs the 2.0 version of pfsense?

Thanks!

–jason

Alan87i

I'm running pfflowd on a 123 and a 2.0rc1 system both reporting to a windows box running prtg . Seems to work fine.
Although I wish a package like VNstat was available to log wan traffic to each lan IP listed by lan IP !

cmb

@jason0:

Will this prevent me from using pfsync for failover in the future?

No.

@jason0:

Is there a difference between how pfflowd is implemented in 1.2.3 vs the 2.0 version of pfsense?

Exactly the same.

jason0

Does that mean that pfflowd copies pfsync packets, then modifies them and emits cisco-style netflow packets?

Thanks for your replies…

--jason

xibalba

Hi Jason,
pfflowd copies the packets copies the packets in pf and emits them in a Cisco NetFlow compatible format. You just need to make sure you're using the same version on both ends. I've confirmed version 5 works with some collectors/analyzers, still working on v9.

cmb

@jason0:

Does that mean that pfflowd copies pfsync packets, then modifies them and emits cisco-style netflow packets?

Yeah, basically. It exports Netflow from the firewall states.

jason0

Thanks!

–jason

the.it.dude

FYI:

We use Intermapper and their flows module.  Using netflow v5 works great.  V9 gives some really bizarre data to Intermapper.