Docker Container nfcollector not sending data to influxdb container #29
Comments
|
On further investigation, looks like the Pfsense's netflow 9 (softflowd) does not get decoded and sent to influxdb from gonfcollector. If I use a netflow generator using Solarwind, it works fine. |
|
Update, had to go all the way to Netflow V5 and that works well. |
|
My experiences: IPFIX from Mikrotik or Juniper not working / no data in influxdb (old nfCollector worked fine with IPFIX) netflow v5 works ok. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I deployed these three containers as defined by bash script and All three containers are up.
I am able to jump within container and able to ping the containers using there names. That verifys network connectivity
I installed tcpdump on nfcollector container and confirmed I am recieving ipfix packets.
I am not seeing any data sent out of the container to other container (InfluxDB)
I use your troubleshooting steps from another issue to decode the ipfix packet from pfsense and its decoding packets properly
using nfcollector-logger
IPFIX message
data set
5 records:
record 0:
sourceIPv4Address: 54.226.244.137
destinationIPv4Address: 172.16.0.154
flowStartSeconds: 2022-02-27 00:33:19 -0700 MST
flowEndSeconds: 2022-02-27 00:33:19 -0700 MST
octetDeltaCount: 40
packetDeltaCount: 1
ingressInterface: 1
egressInterface: 1
sourceTransportPort: 443
destinationTransportPort: 53966
protocolIdentifier: 6
tcpControlBits: 4
ipVersion: 4
ipClassOfService: 0
record 1:
sourceIPv4Address: 172.16.0.154
destinationIPv4Address: 54.226.244.137
flowStartSeconds: 2022-02-27 00:33:19 -0700 MST
flowEndSeconds: 2022-02-27 00:33:19 -0700 MST
octetDeltaCount: 135
packetDeltaCount: 2
ingressInterface: 1
egressInterface: 1
sourceTransportPort: 53966
destinationTransportPort: 443
protocolIdentifier: 6
tcpControlBits: 28
ipVersion: 4
ipClassOfService: 0
record 2:
sourceIPv4Address: 52.143.81.222
destinationIPv4Address: 172.16.0.44
flowStartSeconds: 2022-02-27 00:33:36 -0700 MST
flowEndSeconds: 2022-02-27 00:33:36 -0700 MST
octetDeltaCount: 40
packetDeltaCount: 1
ingressInterface: 1
egressInterface: 1
sourceTransportPort: 443
destinationTransportPort: 61726
protocolIdentifier: 6
tcpControlBits: 20
ipVersion: 4
ipClassOfService: 32
record 3:
sourceIPv4Address: 69.147.92.33
destinationIPv4Address: 172.16.0.44
flowStartSeconds: 2022-02-27 00:33:58 -0700 MST
flowEndSeconds: 2022-02-27 00:33:58 -0700 MST
octetDeltaCount: 4161
packetDeltaCount: 7
ingressInterface: 1
egressInterface: 1
sourceTransportPort: 443
destinationTransportPort: 61759
protocolIdentifier: 6
tcpControlBits: 27
ipVersion: 4
ipClassOfService: 0
record 4:
sourceIPv4Address: 172.16.0.44
destinationIPv4Address: 69.147.92.33
flowStartSeconds: 2022-02-27 00:33:58 -0700 MST
flowEndSeconds: 2022-02-27 00:33:58 -0700 MST
octetDeltaCount: 926
packetDeltaCount: 7
ingressInterface: 1
egressInterface: 1
sourceTransportPort: 61759
destinationTransportPort: 443
protocolIdentifier: 6
tcpControlBits: 31
ipVersion: 4
ipClassOfService: 0
Docker logs shows no errors. I am unable to figure out why the data is not being sent to influxDB. Please help.
Logs:
nfcollector container:
--- DEBUGGING IS ENABLED ---
DEBUG[2022-02-27T08:16:03Z] File: type.go Function: github.com/goNfCollector/influxdb.New Line: 80 new influxDB exporter influxdb:8086 bucket:nfCollector org:OPENINTELLIGENCE is created debug="File: type.go Function: github.com/goNfCollector/influxdb.New Line: 80"
DEBUG[2022-02-27T08:16:03Z] File: collector.go Function: github.com/goNfCollector/collector.(*Collector).listen Line: 165 listening on 0.0.0.0:6859 debug="File: collector.go Function: github.com/goNfCollector/collector.(*Collector).listen Line: 165"
INFO[2022-02-27T08:16:03Z] Server is now listening on 0.0.0.0:6859 (UDP)...! debug="File: collector.go Function: github.com/goNfCollector/collector.(*Collector).listen Line: 183"
All th config are standard configuration. No Customization.
The text was updated successfully, but these errors were encountered: