Pfflowd sends data for 1 interface only?

Alan87i · Mar 11, 2011, 9:50 PM

I have Pfflowd enabled on 2 Pfsense PC's with 3 nics each. Both are sending data back to ManagedEngine Netflow analyzer 8.
Only 1 device shows up for each Pfsense box and only the IN traffic the OUT traffic is always marked 0.0 data.
I just had a Tech from ManagedEngine look at my setup and he suspects the PFsense routers or pfflowd is not setup properly.

Is there a any other settings except the few in pfsense's GUI?
Thanks
Allan

Alan87i · Mar 12, 2011, 10:45 AM

I tried Flowalyzer NetFlow & sFlow Tester from Plixer and it showed all 3 interfaces as well as other info from both routers. Weird why managed Engines only sees one? and only shows 1 way traffic.
My trial will expire soon I will try the Plixer software. Any one recommend a collector?
Allan

jimp · Mar 14, 2011, 4:34 PM

I haven't tried it in that kind of role, but ntop is supposed to be able to work as a netflow collector.

Alan87i · Mar 14, 2011, 11:50 PM

If I run Ntop on pfsense is there a guide for filtering out local traffic count and getting it to keep records for monts at a time?

jimp · Mar 14, 2011, 11:58 PM

Personally I wouldn't run ntop on pfSense, it's has so many dependencies that it's hard to feel comfortable loading them all on a firewall.

It would be better to run ntop on another dedicated machine and send the data to it from the firewall with netflow.

jlct021 · Jun 19, 2011, 5:28 AM

Hi :)

NetFlow (on my Win7 PC) is only collecting data from my PFsense / Host PC at 172.18.91.150 but not my other 4 (Windows) PC's. Bellow is how i configured pfflowd:

Added Pfflowed package into PFsense,

configured pfflowd settings to: Host - 172.18.91.146 (Win7 PC with Netflow ManageEngine installed)

Port - 9996

Source Hostname/IP - 172.18.91.150 (PFsense PC)

pf rule direction restriction - any

Netflow version - 9

Enabled the SNMP Daemon under Services / SNMP

How do i get pfflowd to export data from all 5 of the IP address on my subnet and not just the Host?

My reason for going this route is because Bandwidthd appears to be double counting all my traffic which (from what I read on another thread) appears to be caused by Squid / Squid Light Poxy. :-[

Any assistance will be greatly appreciated, thanks.

Alan87i · Jun 19, 2011, 11:05 AM

I had issues with netflow , switched to PRTG you can have 10 sensors with the free version.
Set up a new sensor per IP you want to monitor . Set the active time out starting at 800 or higher minutes and it seems to be fine.