Security

Why is the Netflow stream not listening on the defined port?

jamessinton
New Member

I'm struggling to get the Splunk Stream Forwarder to listen on the port that I have configured to receive sFlow packets. It is driving me nuts. I can't find an error message in the log files. I have tried the tool on CentOS 7 and Ubuntu 16.04 with exactly the same result. The process seems to never attempt to bind to port 6343. SELinux is disabled on CentOS. Apparmor is enabled on Ubuntu, but I can't see any errors being thrown.

My Config
[streamfwd]
port = 8889
ipAddr = 0.0.0.0
processingThreads = 32
dedicatedCatureMode = 0
httpRequestSenderThreads=4
httpRequestSenderConnections=40

netflowReceiver.1.interface = eth0
netflowReceiver.1.port = 6343
netflowReceiver.1.protocol = udp
netflowReceiver.1.decoder = sflow

Log Extract

2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Found DataDirectory: /opt/streamfwd/data
2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Found UIDirectory: /opt/streamfwd/ui
2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Default configuration directory: /opt/streamfwd/default
2018-04-17 11:32:47 INFO 140290129086336 stream.CaptureServer - Netflow receiver configuration defined; disabling default automatic promiscuous mode packet capture on all available interfaces. Configure one or more streamfwdcapture parameters in streamfwd.conf to enable network packet capture.
2018-04-17 11:32:47 INFO 140290129086336 stream.CaptureServer - Starting data capture
2018-04-17 11:32:47 INFO 140290129086336 stream.SnifferReactor - Starting network capture: sniffer
2018-04-17 11:32:47 INFO 140290129086336 stream.main - streamfwd has started successfully (version 7.1.1 build 137)
2018-04-17 11:32:47 INFO 140290129086336 stream.main - web interface listening on port 8889

0 Karma

bambarit
Explorer

I have the same question, have you solved it?

netflow is enable, but no data received in forwarder

Hamidreza74
Explorer

I have the same problem too

0 Karma

yuanjm
Engager

You need enable netflow on splunk stream app gui

Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...