Open amkupan opened 2 years ago
amkupan
commented
2 years ago On further investigation, looks like the Pfsense's netflow 9 (softflowd) does not get decoded and sent to influxdb from gonfcollector.
If I use a netflow generator using Solarwind, it works fine.
amkupan
commented
2 years ago Update, had to go all the way to Netflow V5 and that works well.
MatKra84
commented
1 year ago My experiences: IPFIX from Mikrotik or Juniper not working / no data in influxdb (old nfCollector worked fine with IPFIX) netflow v5 works ok.
Hi, I deployed these three containers as defined by bash script and All three containers are up. I am able to jump within container and able to ping the containers using there names. That verifys network connectivity I installed tcpdump on nfcollector container and confirmed I am recieving ipfix packets. I am not seeing any data sent out of the container to other container (InfluxDB)
I use your troubleshooting steps from another issue to decode the ipfix packet from pfsense and its decoding packets properly using nfcollector-logger
IPFIX message data set 5 records: record 0: sourceIPv4Address: 54.226.244.137 destinationIPv4Address: 172.16.0.154 flowStartSeconds: 2022-02-27 00:33:19 -0700 MST flowEndSeconds: 2022-02-27 00:33:19 -0700 MST octetDeltaCount: 40 packetDeltaCount: 1 ingressInterface: 1 egressInterface: 1 sourceTransportPort: 443 destinationTransportPort: 53966 protocolIdentifier: 6 tcpControlBits: 4 ipVersion: 4 ipClassOfService: 0 record 1: sourceIPv4Address: 172.16.0.154 destinationIPv4Address: 54.226.244.137 flowStartSeconds: 2022-02-27 00:33:19 -0700 MST flowEndSeconds: 2022-02-27 00:33:19 -0700 MST octetDeltaCount: 135 packetDeltaCount: 2 ingressInterface: 1 egressInterface: 1 sourceTransportPort: 53966 destinationTransportPort: 443 protocolIdentifier: 6 tcpControlBits: 28 ipVersion: 4 ipClassOfService: 0 record 2: sourceIPv4Address: 52.143.81.222 destinationIPv4Address: 172.16.0.44 flowStartSeconds: 2022-02-27 00:33:36 -0700 MST flowEndSeconds: 2022-02-27 00:33:36 -0700 MST octetDeltaCount: 40 packetDeltaCount: 1 ingressInterface: 1 egressInterface: 1 sourceTransportPort: 443 destinationTransportPort: 61726 protocolIdentifier: 6 tcpControlBits: 20 ipVersion: 4 ipClassOfService: 32 record 3: sourceIPv4Address: 69.147.92.33 destinationIPv4Address: 172.16.0.44 flowStartSeconds: 2022-02-27 00:33:58 -0700 MST flowEndSeconds: 2022-02-27 00:33:58 -0700 MST octetDeltaCount: 4161 packetDeltaCount: 7 ingressInterface: 1 egressInterface: 1 sourceTransportPort: 443 destinationTransportPort: 61759 protocolIdentifier: 6 tcpControlBits: 27 ipVersion: 4 ipClassOfService: 0 record 4: sourceIPv4Address: 172.16.0.44 destinationIPv4Address: 69.147.92.33 flowStartSeconds: 2022-02-27 00:33:58 -0700 MST flowEndSeconds: 2022-02-27 00:33:58 -0700 MST octetDeltaCount: 926 packetDeltaCount: 7 ingressInterface: 1 egressInterface: 1 sourceTransportPort: 61759 destinationTransportPort: 443 protocolIdentifier: 6 tcpControlBits: 31 ipVersion: 4 ipClassOfService: 0
Docker logs shows no errors. I am unable to figure out why the data is not being sent to influxDB. Please help.
Logs: nfcollector container: --- DEBUGGING IS ENABLED --- DEBUG[2022-02-27T08:16:03Z] File: type.go Function: github.com/goNfCollector/influxdb.New Line: 80 new influxDB exporter influxdb:8086 bucket:nfCollector org:OPENINTELLIGENCE is created debug="File: type.go Function: github.com/goNfCollector/influxdb.New Line: 80" DEBUG[2022-02-27T08:16:03Z] File: collector.go Function: github.com/goNfCollector/collector.(Collector).listen Line: 165 listening on 0.0.0.0:6859 debug="File: collector.go Function: github.com/goNfCollector/collector.(Collector).listen Line: 165" INFO[2022-02-27T08:16:03Z] Server is now listening on 0.0.0.0:6859 (UDP)...! debug="File: collector.go Function: github.com/goNfCollector/collector.(*Collector).listen Line: 183"
All th config are standard configuration. No Customization.