in_bytes always 0

[Xaelias]

Hi, I was trying to test goflow on my local network (fortigate firewall). Hoping it would solve my predicament. It's been running a few hours (admittedly while I was out so little traffic), but I'm seeing this kind of data in MariaDB:

+----------+---------+
| in_bytes | in_pkts |
+----------+---------+
|        0 |      31 |
|        0 |      31 |
|        0 |     555 |
|        0 |     555 |
|        0 |       1 |
|        0 |       1 |
|        0 |       1 |
|        0 |       1 |
|        0 |       1 |
|        0 |       1 |
|        0 |     238 |
|        0 |     512 |
|        0 |     512 |
|        0 |     238 |
|        0 |     153 |
|        0 |     153 |
|        0 |      24 |
|        0 |      24 |
|        0 |      35 |
|        0 |       4 |

Even now that I've been back on a computer for a bit, still 0. I don't know at all what's happening, I just figured I would mention it :-)

[adambaumeister]

Hmm, that is strange. Would you happen to have a packet capture of a flow off the box?

I haven't tested against fortigate due to a lack of hardware - it may not be sending the expected record format.

[Xaelias]

I tried a few things without success. Not sure if it's because I'm failing or because the format is indeed wrong. How do you usually parse netflow packets on the wire?

[adambaumeister]

Wireshark. If you take a pcap of your netflow and attach it here I'll have a look if you like.