Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Softflowd not sending data

    Scheduled Pinned Locked Moved Traffic Monitoring
    9 Posts 4 Posters 4.1k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Away
      mcury Rebel Alliance
      last edited by

      SG-3100 22.01

      Installed softflowd , and its not sending any data to my netflow server, confirmed by tcpdump.
      I wonder if its related to this bug: redmine #10436

      M 1 Reply Last reply Reply Quote 0
      • M Away
        mcury Rebel Alliance @mcury
        last edited by mcury

        Its not related to the redmine #10436, no Segmentation fault (core dumped).

        This doesn't work:

        /usr/local/bin/softflowd -D -i 1:mvneta1.100 -n 192.168.255.253:2055 -v 9 -T full -A sec -p /var/run/softflowd.mvneta1.pid
        Using mvneta1.100 (idx: 1)
        softflowd v1.0.0 starting data collection
        Exporting flows to [192.168.255.253]:2055
        

        This does work:

        /usr/local/bin/softflowd -D -i 1:mvneta1 -n 192.168.255.253:9995 -v 9 -T full -A sec -p /var/run/softflowd.mvneta1.pid -c /var/run/softflowd.mvneta1.ctl -P udp
        Using mvneta1 (idx: 1)
        softflowd v1.0.0 starting data collection
        Exporting flows to [192.168.255.253]:9995
        ADD FLOW seq:1 [172.16.200.1]:22 <> [192.168.255.254]:48902 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00 
        ADD FLOW seq:2 [52.38.204.228]:443 <> [192.168.255.254]:50948 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00 
        ADD FLOW seq:3 [192.168.255.252]:50355 <> [239.255.255.250]:1900 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00 
        

        ps auxwww:

        /usr/local/bin/softflowd -i 1:mvneta1.100 -n 192.168.255.253:2055 -m 8192 -L 1 -v 9 -T full -A sec -p /var/run/softflowd.mvneta1.100.pid -c /var/run/softflowd.mvneta1.100.ctl
        
        M 2 Replies Last reply Reply Quote 0
        • M Away
          mcury Rebel Alliance @mcury
          last edited by mcury

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • M Away
            mcury Rebel Alliance @mcury
            last edited by

            The problem happens when its listening on a VLAN.
            If I change the parameter from "-i 1:mvneta1.100" to "-i 1:mvneta1", it works.

            Shouldn't softflowd run only on the mvneta1 interface?
            Its getting flows from everything, VLANs included, only parent interface is required

            M 1 Reply Last reply Reply Quote 0
            • M Away
              mcury Rebel Alliance @mcury
              last edited by

              With -D option, I can see the daemon working, sending flows..
              But nothing is actually sent, tcpdump -ni mvneta1.100 udp port 9995 remains empty..

              1 Reply Last reply Reply Quote 0
              • R Offline
                randomuserofnetgatethings
                last edited by

                Bump on this.

                Same problem here on two 1100 devices. Totally fine on a much larger netgate appliance though.

                If softflowd is allowed to run in "-D" for a bit ... cores out.
                VERY frustrating as this blinding visibility/correlation into the vlans/subnets behind the devices. An 1100 won't do ntopng very well.

                The latest docs on the netgate site don't even match the GUI for softflow settings :(

                R 1 Reply Last reply Reply Quote 0
                • R Offline
                  randomuserofnetgatethings @randomuserofnetgatethings
                  last edited by

                  No one ever uses softflowd on the 1100? Or has never seen it just not send data and/or core out?

                  This is not reassuring that included software (regardless of who wrote it) doesn't just ... work. There aren't that many settings to fiddle with.

                  I mean, if the project is dead, then why is the software included at all? If one cannot support/update/maintain it ... why would one ever continue to pretend it's a legit working package?

                  And if the project is indeed dead ... is there no other way to dump flow data if the 1100 can't handle ntopng?

                  1 Reply Last reply Reply Quote 0
                  • A Offline
                    alextg
                    last edited by alextg

                    Did anyone manage to get this working?

                    I am still struggling with softflow to send data. Nothing is send and it stops working after a few minutes.

                    keyserK 1 Reply Last reply Reply Quote 0
                    • keyserK Offline
                      keyser Rebel Alliance @alextg
                      last edited by

                      @alextg Consider upgrading to pfsense plus 24.03. It has a much better native netflow export feature where you can enable it on a rule by rule basis (or globally)

                      Love the no fuss of using the official appliances :-)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.