Canot make Solarwinds Real-Time NetFlow Analyzer and pfsense netflow to work
-
I don't think pfflow is available on pfsense any more. I read a few days ago about a patch someone had created to fix the bug, but can't find it again!
I used Manage Engine Netflow Analyzer trial and that was ok with the softflowd output, looks like Solarwinds is just a bit fussier.
Pfflowd is available on OpenBSD so you could build a dedicated box just for that but it's a bit of a faff for what should be a simple process.
-
hi
is it resolved in the latest incarnation of pfsense ? -
The following patch is suppose to fix the issue for softflowd
https://github.com/pwarren/softflowd/issues/3Oh well now I need to work out how to compile for a pfsense target
-
The following patch is suppose to fix the issue for softflowd
https://github.com/pwarren/softflowd/issues/3Oh well now I need to work out how to compile for a pfsense target
I hope someone more knowledgeable then us do it.
-
any idea if this is resolved ?
-
If you have a manged switch that supports netflow, you could make the switch(es) export flows to Solarwinds instead of the firewall itself.
-
If you have a manged switch that supports netflow, you could make the switch(es) export flows to Solarwinds instead of the firewall itself.
as this is a small network between few neighbours so no managed switch only 15-20 clients from one uplink .
i had earlier cisco 1841 which was working fine with this free solarwind tool for troubleshooting network performance on need basis.
any chance if it will be fixed in pfsense ?
-
I will hazard a guess:
The PFSense netflow output does not include the OUTPUT_SNMP field.
This is not a mandatory field but without it, netflow data reporting can be… less than 100% accurate.
The same is true (i.e. the same field is absent) on certain Meraki devices - see the very bottom of this page:
https://documentation.meraki.com/MX-Z/Monitoring_and_Reporting/NetFlow_Overview"SolarWinds NTA ignores NetFlow packets that do not contain either an SNMP ingress or egress interface index" - although that page says MX models do include this, plenty of other Meraki devices don't, meaning that their netflow data is discarded by SolarWinds.
I have recently checked the netflow output from a PFSense device and the OUTPUT_SNMP field was absent from that data. I suspect that this is why the OP is not seeing traffic within SolarWinds.
-
@antony@logicmonitor:
I will hazard a guess:
The PFSense netflow output does not include the OUTPUT_SNMP field.
This is not a mandatory field but without it, netflow data reporting can be… less than 100% accurate.
The same is true (i.e. the same field is absent) on certain Meraki devices - see the very bottom of this page:
https://documentation.meraki.com/MX-Z/Monitoring_and_Reporting/NetFlow_Overview"SolarWinds NTA ignores NetFlow packets that do not contain either an SNMP ingress or egress interface index" - although that page says MX models do include this, plenty of other Meraki devices don't, meaning that their netflow data is discarded by SolarWinds.
I have recently checked the netflow output from a PFSense device and the OUTPUT_SNMP field was absent from that data. I suspect that this is why the OP is not seeing traffic within SolarWinds.
Yes, that is the problem and a patch has been referenced above - not sure anyone knows how to apply the patch though!
-
I wish it to be applied in pfsense softflowd.. Or will it just remain a wish? :'(
