OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: guest17399 on July 03, 2018, 10:11:13 pm

Title: Questions about configuring netflow
Post by: guest17399 on July 03, 2018, 10:11:13 pm

In the settings for netflies, you can specify a remote collector address.
1. Why when I leave ONLY the remote collector address, then netflow does not work and prompts it to configure?

Local data collection is not enabled at the moment, please configure netflow first
Go to netflow configuration

1.PNG


2. If I do it all the same, then everything will work.

image.PNG


If you specify such settings, then I have data on the remote server (collector).
Whence all the same opnsense will take data for statistics? From a remote server (192.168.1.2X) or local (127.0.0.1)?
If there is a remote (192.168.1.2X), then why local (127.0.0.1)?

Title: Re: Questions about configuring netflow
Post by: guest17399 on July 04, 2018, 01:54:09 pm

I wish the Wiki had more details ...

Title: Re: Questions about configuring netflow
Post by: mimugmail on July 04, 2018, 02:39:07 pm

Because there is a check in the backend if this "Enable local collector" is checked, and if not, then throw this message. The GUI doesn't check if there is a 127.0.0.1 in the destinations field.

If you want to do both you should go for 2. I think .. this sounds most logic to me.

Title: Re: Questions about configuring netflow
Post by: guest17399 on July 04, 2018, 03:06:27 pm

Quote from: mimugmail on July 04, 2018, 02:39:07 pm

Because there is a check in the backend if this "Enable local collector" is checked, and if not, then throw this message. The GUI doesn't check if there is a 127.0.0.1 in the destinations field.

If you want to do both you should go for 2. I think .. this sounds most logic to me.

That's just the point, the check box is cleared. When I call in the analysis, I get the message:

Local data collection is not enabled at the moment, please configure netflow first
Go to netflow configuration

That is, it requires a 127.0.0.1 collector.
That is, without using 127.0.0.1 I have netflow does not work at all. And if you include in the list 127.0.0.1, then the data is sent to the remote collector

Title: Re: Questions about configuring netflow
Post by: mimugmail on July 04, 2018, 03:10:12 pm

When you only tick local and dont write anything in destinations, you'll have localhost in this field too .. perhaps there's something missing in the template.

Title: Re: Questions about configuring netflow
Post by: guest17399 on July 04, 2018, 03:16:33 pm

At me now settings are identical to those indicated in the picture 1.png.
In addition, I have netflow version 9. As a collector, I use a set of utilities from nfdump (nfcapd) with the start parameter:
nfcapd -w -D -l /var/cache/nfdump/router1 -p 9999.
Accordingly, I have data and through nfdump I open them.
I also tried collector from net-tools for netflow v5 - the problem is similar

Title: Re: Questions about configuring netflow
Post by: franco on July 05, 2018, 09:00:26 am

Hi,

I'm not seeing this error. Local capture is for the Insight reports.

I can configure local-only, remote-only or both and change between these.

What am I missing?


Cheers,
Franco

Title: Re: Questions about configuring netflow
Post by: franco on July 05, 2018, 09:21:01 am

Export without local flow works too, I see my Netflow packets going out, but I can't test their content at this time. I've used tcpdump to confirm.

Title: Re: Questions about configuring netflow
Post by: guest17399 on July 05, 2018, 09:25:40 am

1. Uncheck Capture local
2. In Destinations add the IP address of the remote collector and remove the address 127.0.0.1
3. Apply.
4. We go in the insight -> Info:

Local data collection is not enabled at the moment, please configure netflow first
Go to netflow configuration

Title: Re: Questions about configuring netflow
Post by: mimugmail on July 05, 2018, 09:37:08 am

Insight is only for local collector. If you send netflows to a remote location you need some UI on the remote location ....

Title: Re: Questions about configuring netflow
Post by: guest17399 on July 05, 2018, 09:51:33 am

So I need to store the data on another server and process it via netflow opnsense

Title: Re: Questions about configuring netflow
Post by: mimugmail on July 05, 2018, 09:57:58 am

Errr .. I think you did not understand how things go.

Netflows are just packets with traffic informations. You can send them to a collector and do whatever you want with that data. If you have a central device for collecting logs you set this in "Destinations" and the external collector must produce some graphics. If you dont have such a device you can enable local capture and the tool "Insight" will create the graphs. But this only works for local collection.

Title: Re: Questions about configuring netflow
Post by: franco on July 06, 2018, 07:51:24 am

Yes, Michael is right. Netflow export works. If you don't use local there is no Insight. Insight is not NetFlow, but it uses NetFlow as a source of its data to fill the reporting database.

1. If you disable local NetFlow export, you have no data for Insight so it's disabled in the GUI.
2. If you set external drains for your NetFlow exporter, you can feed all kinds of systems with raw NetFlow data and those systems may or may not draw fancy graphs.
3. You can do local and remote export at the same time if you want both Insight *and* export.


Cheers,
Franco

Title: Re: Questions about configuring netflow
Post by: guest17399 on July 09, 2018, 08:59:23 pm

Thanks friends. You answered all my questions!