cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

netfow seems broken on 1500

i enabled netflow to send data to an elk stack instance. Nothing showed up. Ran a packet capture.. nothing in capture..

netstat -an | grep 2055 ...nada

 

did a strace on the netflow process and i see over and over

9984 openat(AT_FDCWD, "/proc/ppk/netflow-conf", O_RDWR) = -1 ENOENT (No such file or directory)

 

which for sure doesn't exist. Sad panda, case opened. Oh and yes I rebooted after turned on netflow.

0 Kudos
4 Replies
Employee++
Employee++

Re: netfow seems broken on 1500

Hi

Per sk159772 it should be supported, which version/build are you running?

0 Kudos

Re: netfow seems broken on 1500

This is Check Point's 1550 Appliance R80.20.01 - Build 909 - this is to fix the kernel panic in the other thread. 

I noticed some extra config options opened up now and I don't understand what they do. The docs are good enough to tell me the arguments are IP and port. That cleared up a lot.

set netflow collector for-ip x.x.x.x for-port 2055 

I have no idea what a for-ip and for-port is but it seems to auto fill with the collector ip and port.  ¯\_(ツ)_/¯

0 Kudos
Highlighted

Re: netfow seems broken on 1500

Did you configure the net flow collector following SMB 1500 Appliance Series R80.20.01 CLI Reference Guide p.627ff ?

0 Kudos
Employee
Employee

Re: netfow seems broken on 1500

Indeed, this is broken on 15xx; We suspect similar issue on other releases

We are working to fix it

Thanks

Amir