NetFlow Configuration


#1

Hi,

I’ve configured NetFlow exporter on a Cisco switch and an input source on Graylog.
I can see messages hitting that input on the network statistics but no messages are there.

Can you please help me?


(Jan Doberstein) #2

is this your only source and you see no message or did you have multiple sources that send in data to graylog and netflow is the only that you do not see?

Did you checked your Graylog server.log?


#3

Hi, Jan

No, it is not the only source; I have two more which are working just fine - mainly Syslog.
Only this kind (one and only) NetFlow input is not working.
If it helps, I didn’t install any extra plugin, but just configured one from the built-in inputs.

I checked the logs but didn’t notice anything significant.


#4

Hi again,

So I ran a couple of troubleshooting commands and I concluded that the problem was not in the Graylog server.
Running sudo softflowd -D -i eth0 -v 5 -t maxlife=1 -n 192.168..:2055
and sudo softflowd -D -i eth0 -v 9 -t maxlife=1 -n 192.168..:2055
made it safely in the input and messages were parsed correctly.

The problem must reside on the other end and I will look into it.

Thank you for your help.


(system) closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.