Canot make Solarwinds Real-Time NetFlow Analyzer and pfsense netflow to work
-
Solarwinds? Considered using something else? I mean, the idiot who cannot understand what "needed" means, calls himself a "Solarwinds Head Geek, M.S., MCITP:EA, MCDBA, MCSA, MVP" would seem like a damn good reason to not touch their products even with a 10ft pole.
-
anyhelp ?
i need to make it work with netflow. -
I have also tried running softflowd on a ubuntu box with no pfsense etc and get the same result. Wiresharking does indeed show the interface numbers to be set to zero.
Apparently pfflow does it properly so I'm going to look into using that with openBSD
This is part of a packet from softflowd showing the zero interfaces
pdu 1/7
SrcAddr: 172.31.6.120
DstAddr: 172.18.140.43
NextHop: 0.0.0.0
InputInt: 0
OutputInt: 0
Packets: 11
Octets: 7944
[Duration: 29.514000000 seconds]
SrcPort: 389
DstPort: 55995
Padding: 00
TCP Flags: 0x1e
Protocol: TCP (6)
IP ToS: 0x00
SrcAS: 0
DstAS: 0
SrcMask: 0 (prefix: 172.31.6.120/32)
DstMask: 0 (prefix: 172.18.140.43/32)
Padding: 0000 -
i cannot find pfflow in packages.
-
I don't think pfflow is available on pfsense any more. I read a few days ago about a patch someone had created to fix the bug, but can't find it again!
I used Manage Engine Netflow Analyzer trial and that was ok with the softflowd output, looks like Solarwinds is just a bit fussier.
Pfflowd is available on OpenBSD so you could build a dedicated box just for that but it's a bit of a faff for what should be a simple process.
-
hi
is it resolved in the latest incarnation of pfsense ? -
The following patch is suppose to fix the issue for softflowd
https://github.com/pwarren/softflowd/issues/3Oh well now I need to work out how to compile for a pfsense target
-
The following patch is suppose to fix the issue for softflowd
https://github.com/pwarren/softflowd/issues/3Oh well now I need to work out how to compile for a pfsense target
I hope someone more knowledgeable then us do it.
-
any idea if this is resolved ?
-
If you have a manged switch that supports netflow, you could make the switch(es) export flows to Solarwinds instead of the firewall itself.
-
If you have a manged switch that supports netflow, you could make the switch(es) export flows to Solarwinds instead of the firewall itself.
as this is a small network between few neighbours so no managed switch only 15-20 clients from one uplink .
i had earlier cisco 1841 which was working fine with this free solarwind tool for troubleshooting network performance on need basis.
any chance if it will be fixed in pfsense ?
-
I will hazard a guess:
The PFSense netflow output does not include the OUTPUT_SNMP field.
This is not a mandatory field but without it, netflow data reporting can be… less than 100% accurate.
The same is true (i.e. the same field is absent) on certain Meraki devices - see the very bottom of this page:
https://documentation.meraki.com/MX-Z/Monitoring_and_Reporting/NetFlow_Overview"SolarWinds NTA ignores NetFlow packets that do not contain either an SNMP ingress or egress interface index" - although that page says MX models do include this, plenty of other Meraki devices don't, meaning that their netflow data is discarded by SolarWinds.
I have recently checked the netflow output from a PFSense device and the OUTPUT_SNMP field was absent from that data. I suspect that this is why the OP is not seeing traffic within SolarWinds.
-
@antony@logicmonitor:
I will hazard a guess:
The PFSense netflow output does not include the OUTPUT_SNMP field.
This is not a mandatory field but without it, netflow data reporting can be… less than 100% accurate.
The same is true (i.e. the same field is absent) on certain Meraki devices - see the very bottom of this page:
https://documentation.meraki.com/MX-Z/Monitoring_and_Reporting/NetFlow_Overview"SolarWinds NTA ignores NetFlow packets that do not contain either an SNMP ingress or egress interface index" - although that page says MX models do include this, plenty of other Meraki devices don't, meaning that their netflow data is discarded by SolarWinds.
I have recently checked the netflow output from a PFSense device and the OUTPUT_SNMP field was absent from that data. I suspect that this is why the OP is not seeing traffic within SolarWinds.
Yes, that is the problem and a patch has been referenced above - not sure anyone knows how to apply the patch though!
-
I wish it to be applied in pfsense softflowd.. Or will it just remain a wish? :'(
