I'm struggling to get the Splunk Stream Forwarder to listen on the port that I have configured to receive sFlow packets. It is driving me nuts. I can't find an error message in the log files. I have tried the tool on CentOS 7 and Ubuntu 16.04 with exactly the same result. The process seems to never attempt to bind to port 6343. SELinux is disabled on CentOS. Apparmor is enabled on Ubuntu, but I can't see any errors being thrown.
My Config
[streamfwd]
port = 8889
ipAddr = 0.0.0.0
processingThreads = 32
dedicatedCatureMode = 0
httpRequestSenderThreads=4
httpRequestSenderConnections=40
netflowReceiver.1.interface = eth0
netflowReceiver.1.port = 6343
netflowReceiver.1.protocol = udp
netflowReceiver.1.decoder = sflow
Log Extract
2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Found DataDirectory: /opt/streamfwd/data
2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Found UIDirectory: /opt/streamfwd/ui
2018-04-17 11:32:44 INFO 140290129086336 stream.CaptureServer - Default configuration directory: /opt/streamfwd/default
2018-04-17 11:32:47 INFO 140290129086336 stream.CaptureServer - Netflow receiver configuration defined; disabling default automatic promiscuous mode packet capture on all available interfaces. Configure one or more streamfwdcapture parameters in streamfwd.conf to enable network packet capture.
2018-04-17 11:32:47 INFO 140290129086336 stream.CaptureServer - Starting data capture
2018-04-17 11:32:47 INFO 140290129086336 stream.SnifferReactor - Starting network capture: sniffer
2018-04-17 11:32:47 INFO 140290129086336 stream.main - streamfwd has started successfully (version 7.1.1 build 137)
2018-04-17 11:32:47 INFO 140290129086336 stream.main - web interface listening on port 8889
I have the same question, have you solved it?
netflow is enable, but no data received in forwarder
I have the same problem too
You need enable netflow on splunk stream app gui