Exporting NetFlow with softflowd

softflowd is a NetFlow collector that can be deployed on pfSense® software.

Tip

This recipe requires an add-on package. pfSense Plus software contains a native solution which is easier to configure and more efficient: Firewall Packet Flow Data.

Installing softflowd

There is a package available under System > Packages on the Available Packages tab. Find it in the list, click fa-plus at the end of its row, and confirm the installation.

Configuring and Launching softflowd

Once the package has been installed, visit Services > softflowd to configure the service.

Interface:

Ctrl-click to select all of the interfaces upon which the daemon will gather NetFlow data.

Host:

The target NetFlow server which will receive flow data.

Port:

The port on the Host which is listening for NetFlow data.

Max Flows:

The number of flows to track before older flows expire.

NetFlow Version:

The desired version of the NetFlow protocol.

See also

See NetFlow Versions on Wikipedia for more information.

Controlling softflowd from the Command Line

To view statistics about the running softflowd process, run the following command, replacing igc0 with the actual network interface to query:

: softflowctl -c /var/run/softflowd.igc0.ctl statistics

To expire all flows and force an update to be sent to the netflow server, run the following command, replacing igc0 with the actual network interface to control:

: softflowctl -c /var/run/softflowd.igc0.ctl expire-all

Known issues

See also

The pfSense software issue tracker contains a list of known issues with this package.

Package Support

This package is currently supported by Netgate TAC to those with an active support subscription.