Help with softflowd on pfsense

Scrutinizer is an enterprise/business class NetFlow and sFlow analysis tool. Scrutinizer provides historical trends of the company's critical network interfaces as well as the details on:

Who: The end system causing the traffic
What: The application/protocol that is being used
When: The time frame it has been occurring for
Where: The network connection that is affected

Moderators: scottr, Moderator Team

Post Reply
fossicker
Posts: 2
Joined: Mon Jan 30, 2017 9:39 am

Help with softflowd on pfsense

Post by fossicker » Mon Jan 30, 2017 11:10 am

I am a big fan of pfsense and am running it on my TimeWarner Cable Business Class Internet provision. No VLANs, with interfaces WAN (fxp0), LAN (em0) and Voice (dc0) on three separate NICs on the machine running pfsense. LAN and Voice networks are physically segregated and pfsense is the router and firewall for NAT'ing IPv4 and native IPv6.

I have softflowd configured on pfsense in the GUI, per http://doc.pfsense.org/index.php/Export ... _softflowd
I am interested in exporting flows from my WAN interface fxp0 so I have softflowd configured as recommended. I also have the snmpd package running and Scrutinizer is using the correct snmp community to poll pfsense. But Scrutinizer doesn't detect any interfaces at all (I am looking for WAN fxp0 to appear). I can get the default Report to run and I see meaningful results ostensibly on fxp0 since that's the only interface that softflowd is configured to watch. Can you help me get fxp0 to appear as an interface for my pfsense in Scrutinizer?

[2.3.2-RELEASE][admin@OPSISENSE.opsimath.org]/root: softflowctl -c /var/run/softflowd.fxp0.ctl statistics
softflowd[30286]: Accumulated statistics:
Number of active flows: 740
Packets processed: 53237765
Fragments: 12559
Ignored packets: 15651823 (15651823 non-IP, 0 too short)
Flows expired: 960845 (5983 forced)
Flows exported: 960845 in 157885 packets (0 failures)
Packets received by libpcap: 68891823
Packets dropped by libpcap: 0
Packets dropped by interface: 0

Expired flow statistics: minimum average maximum
Flow bytes: 32 45414 2188296472
Flow packets: 1 50 2096582
Duration: 0.00s 17.08s 248635.70s

Expired flow reasons:
tcp = 16601 tcp.rst = 19524 tcp.fin = 44032
udp = 870251 icmp = 2136 general = 2317
maxlife = 0
over 2Gb = 1
maxflows = 5983
flushed = 0

Per-protocol statistics: Octets Packets Avg Life Max Life
ip (0): 2155918 3182 0.35s 60.43s
icmp (1): 2884813 34709 1141.79s 89255.94s
tcp (6): 35339073871 36663624 162.45s 248635.70s
udp (17): 8291334578 11589522 2.38s 93578.92s
gre (47): 13872 60 0.00s 0.00s
ipv6-icmp (58): 781638 2897 13.58s 582.99s
Attachments
Capture2.PNG
Capture2.PNG (107.4 KiB) Viewed 2581 times
Capture.PNG
Capture.PNG (11.63 KiB) Viewed 2581 times

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests