Pfflowd



  • Hi,

    I would like to use this package, but it says it converts pfsync messages to cisco netflow?  Will this prevent me from using pfsync for failover in the future?

    Is there a difference between how pfflowd is implemented in 1.2.3 vs the 2.0 version of pfsense?

    Thanks!

    –jason



  • I'm running pfflowd on a 123 and a 2.0rc1 system both reporting to a windows box running prtg . Seems to work fine.
    Although I wish a package like VNstat was available to log wan traffic to each lan IP listed by lan IP !



  • @jason0:

    Will this prevent me from using pfsync for failover in the future?

    No.

    @jason0:

    Is there a difference between how pfflowd is implemented in 1.2.3 vs the 2.0 version of pfsense?

    Exactly the same.



  • Does that mean that pfflowd copies pfsync packets, then modifies them and emits cisco-style netflow packets?

    Thanks for your replies…

    --jason



  • Hi Jason,
    pfflowd copies the packets copies the packets in pf and emits them in a Cisco NetFlow compatible format. You just need to make sure you're using the same version on both ends. I've confirmed version 5 works with some collectors/analyzers, still working on v9.



  • @jason0:

    Does that mean that pfflowd copies pfsync packets, then modifies them and emits cisco-style netflow packets?

    Yeah, basically. It exports Netflow from the firewall states.



  • Thanks!

    –jason



  • FYI:

    We use Intermapper and their flows module.  Using netflow v5 works great.  V9 gives some really bizarre data to Intermapper.


Log in to reply