[netflow-tools] Problem with softflowd since upgrading to pfsense 2.2 (freebsd 10)
MaxFrames
maxframes at hotmail.com
Tue Feb 10 19:53:53 AEDT 2015
I used to run softflowd on pfsense 2.1.x (which was based upon freebsd
8) to send flow data to a prtg collector.
Recently I have upgraded to pfsense 2.2 (which is based upon freebsd 10)
and I am encountering an issue.
softflowd does listen on the assigned interface, but it seems to send no
flow data to the collector when the traffic on the interface is
particularly sparse. I cannot be more precise, but when there's just a
minimum of activity on the interface (I cannot put my finger on it, it
may be related to the number of packets or to their size) softflowd
seems to skip creating flows and/or to send them to the collector. If
this goes on for more than the timeout value on the collector, the
collector will report a warning on the sensor ("no data since..."). As
soon as there is some substantial activity on the interface (for
example, I can trigger this by initiating a large download), flow data
are once again sent to the collector.
It may or may not be related to libpcap. By all means, this issue was
not present with pfsense 2.1: regardless of the activity on the
interface, some flow data was always sent to the collector.
I have found evidence of the same problem on freebsd 9.x, so it would
seem that all was OK up to 8.x:
https://forums.freebsd.org/threads/cannot-get-flows-again.42523/
Thanks in advance, I hope it can be fixed without rolling back to an
older version of pfsense; best regards
--
MaxFrames
More information about the netflow-tools
mailing list