Hi.
I have been unable to see any report in the Insight since 18.1. Netflow is enabled (interfaces: WAN,LAN, egress:WAN, capture local, v9, dest: 127.0.0.1:2056), Netflow data and RRD data has been reset and firewall rebooted. Data is being captured (/var/log/flowd.log is being updated) but no graphics nor detail appear when entering in Reporting->Insight. flowd.conf is:
logfile "/var/log/flowd.log"
listen on 127.0.0.1:2056
flow source 0.0.0.0/0
store ALL
I am just in OPNsense 18.1.r2-amd64 (FreeBSD 11.1-RELEASE-p6, OpenSSL 1.0.2n 7 Dec 2017) upgraded from 18.1.r1 (no patches).
Any hints how to debug this?
Nope, not working. I can confirm this as well (same build).
Netflow data is sent to SolarWinds. I can see data. I can confirm "insights" isn't working.
Solarwinds?? What? Where did you see this please? Wireshark? Can you please define what do you mean by "Solarwinds"?
Thank you.
https://solarwinds.com
its just an app that I forward all my netflow too. It works....the built on netflow opnsense isn't working.
I cleared the RD and net flow data on opnense . that didnt fix it.
Ah, i know what solarwinds is, just didn't know what is the connection between opnsense and solarwinds. Ok, thank you :)
Weird, very weird. The package from 17.7 works well, but won't compile the same way on 18.1. I added this to make it work...
https://github.com/opnsense/ports/commit/46c3c0a96c
You can install this version for amd64 from here...
# pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/flowd-0.9.1_3.txz
It will be automatically fixed in 18.1.
Cheers,
Franco
Hello.
I installed the flowd 0.9.1_3 but this didn't fix the error. The previous version of flowd seemed to work too. I checked with flowd-reader /var/log/flowd.log and I can confirm data is being captured, but the Insight views don't seem to get the data from the captures.
Just to let you know that the problem persists.
Did you reboot then? flowd is ok, but the python bindings are not, causing flowd_aggregate to fail, which crawls flowd logs to produce insight output...
Cheers,
Franco
No I didn't. Rebooted and now I confirm it working. Fixed. Thank you.
I too installed flowd-0.9.1_3.txz.
Unfortunately, i still don't have any data in insight. Rebooted, twice.
Maybe it's worth mentioning that i use ram disk for /var & /temp. I have no idea if this affects this, just saying :)
I spoke too soon. Guess it didn't have any data to display yet.
Confirming, Insights works :)
Great job Franco, as usual, thank you!
It may take a reset of the netflow databases under Reporting: Settings.
I've verified this package to be now working on two separate installs, one of those with /var + /tmp MFS.
To see if everything is ok, this is what the system output would look like:
# ps aux | grep flowd
root 84109 0.0 0.1 8328 2212 - Is 15:52 0:00.00 flowd: monitor (flowd)
_flowd 84159 0.0 0.1 8328 2228 - Ss 15:52 0:00.00 flowd: net (flowd)
root 85149 0.0 0.6 99128 23000 - Ss 15:52 0:02.00 /usr/local/bin/python2.7 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py
root 85870 0.0 0.1 1080528 2852 0 S+ 15:53 0:00.00 grep flowd
Cheers,
Franco
Yep, all good, guess we were replying at the same time, i just hit POST sooner :)