Netflow not logging?

Started by jnaughto, August 01, 2022, 03:26:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 01, 2022, 03:26:59 PM
Hi All,

I"m running:

OPNsense 22.1.10-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1q 5 Jul 2022

Everything is working fine except for the Insight flowd.   The Daemon is running as it's showing up on the dashboard with a big old green arrow beside the service name.   I've restarted it a few times without any further logging.

Netflow/Insight has been configured to work Reporting -> Settings and Reporting -> Netflow has  the interfaces selected to be listening on and the "Capture Local" is checked off.   I have the "Round-Robin-Database" also checked off to enable RRD graphing in the backend.   I've clicked on Reset RDD Data, Reset Netflow Data and Repair Netflow Data with no change.   

I used to have data being collected when I first started out but somewhere along the path it stopped.  If I click on Reporting -> Netflow -> Cache it looks like there i some packets getting collected:

ksocket_netflow_em0   netflow_em0   0   0   0
ksocket_netflow_em1   netflow_em1   0   0   0
netflow_em0   em0   55   2   24369
netflow_em1   em1   65   69   63039

I did notice the following error in System -> Log Files -> Backend:

[405217fb-15e4-4a0e-8982-873dedd10290] Script action failed with Command '/usr/local/opnsense/scripts/interfaces/traffic_top.py --interfaces 'em1,em0'' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 482, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/interfaces/traffic_top.py --interfaces 'em1,em0'' returned non-zero exit status 1.

It seems to repeat itself hourly.  I'm not sure whether this has anything to do with flowd.  Any assistance on getting the reporting back up and running would be awesome.   BTW I have no issues seeing Reporting -> Traffic but it's a bit less insightful.

Cheers

Jason
August 05, 2022, 03:29:17 AM #1
Can someone please simply open up their OPNsense server hopefully that is running:

OPNsense 22.7_4-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1q 5 Jul 2022

click on Reporting -> Netflow -> Cache and tell  me if they see something like:

[Flow   Interface   Destinations   Sources   Pkts
ksocket_netflow_em0   netflow_em0   0   0   0
ksocket_netflow_em1   netflow_em1   0   0   0
netflow_em0   em0   86   3   138730
netflow_em1   em1   76   78   437655


You may have different network interfaces.  I'm using Intel 1 gig cards (em0 and em1) but I'm curious about the kscoket_netflow_em0 showing 0 for everything.   I'm not sure but I believe this maybe why I cannot see anything in Insight as there seems to be a disconnection from the actual em0 which does show packets collected to ksocket_netflow_em0
August 05, 2022, 09:02:26 AM #2 Last Edit: August 05, 2022, 09:04:00 AM by RamSense
just enabled it for you and to share the results:

running:
Versions    OPNsense 22.7_4-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1q 5 Jul 2022

Flow    Interface    Destinations    Sources    Pkts
ksocket_netflow_igb0   netflow_igb0   0   0   0
ksocket_netflow_igb1   netflow_igb1   0   0   0
netflow_igb0   igb0   18   3   523
netflow_igb1   igb1   33   30   472
Deciso DEC850v2
August 09, 2022, 12:34:06 AM #3
Awesome thanks.  So I assume you have netflow working?   I was wondering if the 0's for the ksocket were the issue.
August 12, 2022, 07:33:13 PM #4
Ok so I re-installed an Opensense box.   While configuring it I connected up the LAN side and set a gateway address so that I could do updates and such.  While the Opensense server wasn't in use the flowd was showing traffic and revealing the IP deligation that was passing through the opensense box.


Yet once I put the newly configured/installed opensense server in place all flowd information stopped and I no longer have any sort of insight traffic.  I did another update but noticed the update went from 22.7_4 to 22.7.1 but the issue hasn't gone away.  Still looking to see how to fix this issue.

OPNsense 22.7.1-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1q 5 Jul 2022

Note that the opnsense server is sitting behind a ISP router.  I still haven't gone to bridge mode but didn't think this should have effected the flowd traffic analyzer


August 19, 2022, 04:58:10 AM #5
Anyone have a suggestion how to start debugging this... Apparently there doesn't seem to be any blatant errors.  Yet I have a number of systems behind this opnsense box and I've pounded the traffic thinking maybe I'm just not generating enough traffic and yet nothing...  Yet flowd_aggregate is running...  Open for any suggestions.
Print
Go Up Pages1
User actions