[18.1.r2] ***** is Insight working?

[nas7]

Hi.

I have been unable to see any report in the Insight since 18.1.  Netflow is enabled (interfaces: WAN,LAN, egress:WAN, capture local, v9, dest: 127.0.0.1:2056), Netflow data and RRD data has been reset and firewall rebooted.  Data is being captured (/var/log/flowd.log is being updated) but no graphics nor detail appear when entering in Reporting->Insight.  flowd.conf is:

Code Select Expand


logfile "/var/log/flowd.log"
listen on 127.0.0.1:2056
flow source 0.0.0.0/0
store ALL


I am just in OPNsense 18.1.r2-amd64 (FreeBSD 11.1-RELEASE-p6, OpenSSL 1.0.2n 7 Dec 2017) upgraded from 18.1.r1 (no patches).

Any hints how to debug this?

[elektroinside]

Nope, not working. I can confirm this as well (same build).

[cardins2u]

Netflow data is sent to SolarWinds. I can see data. I can confirm "insights" isn't working.

[elektroinside]

Solarwinds?? What? Where did you see this please? Wireshark? Can you please define what do you mean by "Solarwinds"?
Thank you.

[cardins2u]

https://solarwinds.com

its just an app that I forward all my netflow too. It works....the built on netflow opnsense isn't working.

I cleared the RD and net flow data on opnense . that didnt fix it.

[elektroinside]

Ah, i know what solarwinds is, just didn't know what is the connection between opnsense and solarwinds. Ok, thank you :)

[franco]

Weird, very weird. The package from 17.7 works well, but won't compile the same way on 18.1. I added this to make it work...

https://github.com/opnsense/ports/commit/46c3c0a96c

You can install this version for amd64 from here...

# pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/flowd-0.9.1_3.txz

It will be automatically fixed in 18.1.


Cheers,
Franco

[nas7]

Hello.

I installed the flowd 0.9.1_3 but this didn't fix the error.  The previous version of flowd seemed to work too.  I checked with flowd-reader /var/log/flowd.log and I can confirm data is being captured, but the Insight views don't seem to get the data from the captures.

Just to let you know that the problem persists.

[franco]

Did you reboot then? flowd is ok, but the python bindings are not, causing flowd_aggregate to fail, which crawls flowd logs to produce insight output...


Cheers,
Franco

[nas7]

No I didn't.  Rebooted and now I confirm it working.  Fixed.  Thank you.

[elektroinside]

I too installed flowd-0.9.1_3.txz.
Unfortunately, i still don't have any data in insight. Rebooted, twice.

Maybe it's worth mentioning that i use ram disk for /var & /temp. I have no idea if this affects this, just saying :)

[elektroinside]

I spoke too soon. Guess it didn't have any data to display yet.
Confirming, Insights works :)

Great job Franco, as usual, thank you!

[franco]

It may take a reset of the netflow databases under Reporting: Settings.

I've verified this package to be now working on two separate installs, one of those with /var + /tmp MFS.

To see if everything is ok, this is what the system output would look like:

# ps aux | grep flowd
root   84109   0.0  0.1    8328  2212  -  Is   15:52   0:00.00 flowd: monitor (flowd)
_flowd 84159   0.0  0.1    8328  2228  -  Ss   15:52   0:00.00 flowd: net (flowd)
root   85149   0.0  0.6   99128 23000  -  Ss   15:52   0:02.00 /usr/local/bin/python2.7 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py
root   85870   0.0  0.1 1080528  2852  0  S+   15:53   0:00.00 grep flowd


Cheers,
Franco

[elektroinside]

Yep, all good, guess we were replying at the same time, i just hit POST sooner :)