Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Netflow + external host incomplete traffic metadata
« previous
next »
Print
Pages: [
1
]
Author
Topic: Netflow + external host incomplete traffic metadata (Read 3524 times)
it guy
Newbie
Posts: 1
Karma: 0
Netflow + external host incomplete traffic metadata
«
on:
April 07, 2017, 12:54:04 am »
I have netflow set up to send the metadata to an external host. For a collector I tried using:
1) Logstash - logging to a file
2) Logstash - loggin to an elastic search index
3) Management engine - (
https://www.manageengine.com/products/netflow/
)
It appears the metadata being sent to the collector is not complete. When downloading a large file for example I was expecting to see the aggregate of all in_bytes fields to be equal the file size. The metadata I saw was only a fraction of traffic actually occurring. Is this behavior by design and is there a way to change it to send complete metadata about all the traffic coming through OPNSense interfaces?
OPNSense netflow is configured as follows:
Interfaces: LAN/WAN
Egress only: WAN
Capture local: check
Version: v9
Destinations: COLLECTOR_IP:port, LOOP_BACK_IP:port
Thank you
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Netflow + external host incomplete traffic metadata