Pfflowd stopped status
-
Dear all,
I just installed pfflowd with 1.0.1 Snapshot 03-27-2007, I tried to start it manually still stopped at service page.
Anyone can help me
-
I think I need to know more about your failure mode, I can't recreate it. A new install with the pfflowd package starts fine for me.
ps -auxww | grep flow
nobody 26485 0.0 0.4 1556 1136 ?? Ss 8:21AM 0:00.00 /usr/local/sbin/pfflowd -n 10.142.235.151:6996 -S any -v 5
Does it start and not work immediately or just after a reboot? How are you determining failure?
Can you start it from the CLI by the startup script? /usr/local/etc/rc.d/pfflowd.sh
Can you start the command manually by running the full command?Dear all,
I just installed pfflowd with 1.0.1 Snapshot 03-27-2007, I tried to start it manually still stopped at service page.
Anyone can help me
-
Actually, we got pfflowd to start. However, we are only getting IN Traffic information and not OUT traffic.
Any idea of what may be going wrong?
TIA
-
I can't seem to recreate the problem with only getting one direction of traffic. Like here's a snip of nfdump output from my netflow collector. Is this not what you're seeing?
2007-06-02 13:42:30.096 139.000 TCP 209.97.34.40:80 -> 10.0.64.15:52053 5 1269 1
2007-06-02 13:42:30.096 139.000 TCP 10.0.64.15:52054 -> 209.97.34.40:80 6 1699 1
2007-06-02 13:42:30.096 139.000 TCP 209.97.34.40:80 -> 10.0.64.15:52054 5 1249 1
2007-06-02 13:42:30.096 139.000 TCP 10.0.64.15:52054 -> 209.97.34.40:80 6 1699 1
2007-06-02 13:42:30.096 139.000 TCP 209.97.34.40:80 -> 10.0.64.15:52054 5 1249 1
2007-06-02 13:42:30.096 139.000 TCP 10.0.64.15:52055 -> 159.54.228.148:80 14 1003 1
2007-06-02 13:42:30.096 139.000 TCP 159.54.228.148:80 -> 10.0.64.15:52055 22 22911 1
2007-06-02 13:42:30.096 139.000 TCP 10.0.64.15:52055 -> 159.54.228.148:80 14 1003 1
2007-06-02 13:42:30.096 139.000 TCP 159.54.228.148:80 -> 10.0.64.15:52055 22 22911 1
2007-06-02 13:32:45.096 724.000 TCP 10.0.64.15:51925 -> 64.233.167.147:80 121 54924 1
2007-06-02 13:32:45.096 724.000 TCP 64.233.167.147:80 -> 10.0.64.15:51925 121 37386 1
-
I don't get any out traffic as well.
-
How is pfflowd configured? I can't seem to recreate the failure.
-
Configured via webGUI:
- Host: x.x.x.x
- Port: 9996
- pf rule direction restriction: Any
- Netflow version: 5
I'm using ManageEngine NetFlow Analyzer on the server configured as the host.
-
And if you stop and restart the service it still gives unidirectional flows? I'm not familiar with that particular collector, but with flow-tools and nfdump I cannot recreate the failure.
-
The package on 1.2.1 has a patch that shows all traffic, previously because of the way it relies on the state table it didn't always track everything. Give 1.2.1 a shot and report back.
-
Yeah, it does have a dependency on the state table. It could be the case that the way my default rules are they just lend the,selves to the pfflowd process.