Hi all,
So we are using vyos in various places and we have successfully set up flow accounting using netflow in 4 of 9 sites.
Versions and builds are the same, and commands used to enable netflow at each site are as follows:
set system flow-accounting interface
set system flow-accounting interface
set system flow-accounting netflow sampling-rate ‘5000’
set system flow-accounting netflow server <collector_ip> port
set system flow-accounting netflow version ‘9’
On 4 boxes this works gangbusters, the collector collects and I can do what I need to.
On the boxes where it didn’t work, flow accounting seems to start and immediately fail or fail silently without starting, running “show flow-accounting” returns “flow-accounting is not running”.
Running “show log” I see no events that would relate to flow accounting.
On the boxes that work flow-accounting is returned as expected from “show flow-accounting” , and in the logs I can see events for pmacctd, but can’t see any pmacctd logs in the non-working boxes.
All boxes bar one are on 1.1.5 build 1503250033-88bcbc8 so its not a version thing.
Is the pmacctd the right tree to be barking up? the overall level of traffic across each box is in the same region of magnitude, with roughly the same flows so it’s not that there is a huge preformance difference at work. All vyos are hosted with way more CPU and memory than needed as well. Using less than 1% during normal work.
Ive been round and round with this, can’t rebuild the boxes as they are in prod.
Any advice on what to check next gratefully received.
EDIT/UPDATE
I was able to get the box workable-on and was able to get flow accounting running by not specifying a server, e.g.
set system flow-accounting interface eth0
set system flow-accounting interface eth1
set system flow-accounting netflow sampling-rate 5000
set system flow-accounting netflow version 9
after this can see pmacctd events in logs, and show flow-accounting shows, you know, flows
will update for posterity if I figure it out