Security

Why is the Netflow stream not listening on the defined port?

jamessinton
New Member

I'm struggling to get the Splunk Stream Forwarder to listen on the port that I have configured to receive sFlow packets. It is driving me nuts. I can't find an error message in the log files. I have tried the tool on CentOS 7 and Ubuntu 16.04 with exactly the same result. The process seems to never attempt to bind to port 6343. SELinux is disabled on CentOS. Apparmor is enabled on Ubuntu, but I can't see any errors being thrown.

My Config
[streamfwd]
port = 8889
ipAddr = 0.0.0.0
processingThreads = 32
dedicatedCatureMode = 0
httpRequestSenderThreads=4
httpRequestSenderConnections=40

netflowReceiver.1.interface = eth0
netflowReceiver.1.port = 6343
netflowReceiver.1.protocol = udp
netflowReceiver.1.decoder = sflow

Log Extract

2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Found DataDirectory: /opt/streamfwd/data
2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Found UIDirectory: /opt/streamfwd/ui
2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Default configuration directory: /opt/streamfwd/default
2018-04-17 11:32:47 INFO 140290129086336 stream.CaptureServer - Netflow receiver configuration defined; disabling default automatic promiscuous mode packet capture on all available interfaces. Configure one or more streamfwdcapture parameters in streamfwd.conf to enable network packet capture.
2018-04-17 11:32:47 INFO 140290129086336 stream.CaptureServer - Starting data capture
2018-04-17 11:32:47 INFO 140290129086336 stream.SnifferReactor - Starting network capture: sniffer
2018-04-17 11:32:47 INFO 140290129086336 stream.main - streamfwd has started successfully (version 7.1.1 build 137)
2018-04-17 11:32:47 INFO 140290129086336 stream.main - web interface listening on port 8889

0 Karma

bambarit
Explorer

I have the same question, have you solved it?

netflow is enable, but no data received in forwarder

Hamidreza74
Explorer

I have the same problem too

0 Karma

yuanjm
Engager

You need enable netflow on splunk stream app gui

Get Updates on the Splunk Community!

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...

Thank You for Celebrating CX Day with Splunk!

Yesterday the entire team at Splunk + Cisco joined the global celebration of CX Day - celebrating our ...