Packetwatch.net

Softflowd in pfSense



Last modified: May 17, 2012

Contents
1 - Summary
2 - Dependencies
3 - Softflowd installation
4 - Service configuration
5 - Service check


1 - Summary

This guide will show you how to install softflowd in pfSense. Softflowd is used
to export flow-based network traffic in netflow format. In this example, the
netflow data was exported to another server running nfsen. This has been tested
in pfSense 2.0.1 i386.


2 - Dependencies

Log into the pfSense website. Navigate to the System menu, then click on
Advanced. Click on the box next to Enable Secure Shell. Click on Save at the
bottom of the page.

Enable Secure Shell
SSH in as the admin user and select option 8 to get to the shell. Add the following to the tcsh profile file. setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/`uname -m`/\ packages-8.1-release/Latest/ export PACKAGESITE # cd ~ # cp /etc/skel/dot.tcshrc /etc/skell/dot.tcshrc.example # vi /etc/skel/dot.tcshrc # cp /etc/skel/dot.tcshrc /root/.tcshrc 3 - Softflowd installation Install the softflowd package. # pkg_add -r softflowd 4 - Service configuration Find where the apcupsd daemon was installed to. # pkg_info -L softflowd-* | grep sbin /usr/local/sbin/softflowd /usr/local/sbin/softflowctl Edit /etc/rc so that the softflowd service will start when the system starts up. Add the following after the line with /etc/rc.start_packages. Netflow version 5 has been chosen as there is a bug in softflowd affecting exporting of netflow version 9 flows. The bug in netflow version 9 shows the incorrect date and time. echo -n 'Starting custom applications:' echo -n ' softflowd'; /usr/local/sbin/softflowd -v 5 -i interface -n x.x.x.x:port echo '.' # cp /etc/rc /etc/rc.original # vi /etc/rc Start the softflowd service. # /usr/local/sbin/softflowd -v 5 -i interface -n x.x.x.x:port # cat /var/run/softflowd.pid 57019 5 - Service check Reboot your computer. SSH in as the admin user and select option 8 to get to the shell. Check to see that the softflowd service is running. That's is, now you have softflowd running in pfSense. # shutdown -r now # cat /var/run/softflowd.pid 20378

Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2017.