search

irino / softflowd

softflowd: A flow-based network traffic analyser capable of Cisco NetFlow data export software.
https://github.com/irino/softflowd
Other
162 stars 29 forks source link

softflowd stops reporting flows after around 12 hours of consistent operation #26

Closed PeterGrace closed 4 years ago

PeterGrace commented 4 years ago

I installed softflowd over the weekend. So far I've been very happy with the tool. I am running softflowd on pfSense, the freebsd port package is 1.2.6, which is running version 1.0.0.

I notice that softflowd stops reporting flows to my pipeline after approximately 12 hours. It has done this consistently over the past few days.

The below lines are the commands according to ps output. I'm not sure what other info I can give to help diagnose. I've got limited tools inside of a pfsense router.

/usr/local/bin/softflowd -b -i 1:re1.3 -n 10.65.0.253:2055 -v 10 -T ether -A sec -p /var/run/softflowd.re1.3.pid -c /var/run/softflowd.re1.3.ctl
/usr/local/bin/softflowd -b -i 2:re0 -n 10.65.0.253:2055 -v 10 -T ether -A sec -p /var/run/softflowd.re0.pid -c /var/run/softflowd.re0.ctl
irino commented 4 years ago

In my environment, On Ubuntu 20.04, git newest version of softflowd (with your argument options) can continue to run 20 hours. I have no idea. I think this is pfSense matter.

PeterGrace commented 4 years ago

The problem occurred for a couple instantiations but then ceased. I'm not 100% convinced it was softflowd; it might instead have been my metrics consumer. Thank you for having a look.