Description

This article describes how to troubleshoot Sflow and netflow issues.

Scope

FortiGate.

Solution

Viewing the Configuration:

diagnose test application sflowd 3
diagnose test application sflowd 4

Netflow does not have a separate daemon and is instead running under sflowd.
The Netflow configuration can be viewed by using test level 3 or 4.

For Netflow, the standard value is UDP port 2055, but other values like 9555, 9025, or 9026 can also be used.

For Sflow, the default port is 6343  and can use any random port.

Session 1:

diag sniffer packet any 'host x.x.x.x' 4 0 l

 x.x.x.x with sflow server IP/ netflow server IP.

To stop the Sniffer, use CTRL + C.

Session 2:

diag debug flow show function-name en

diag debug flow filter addr x.x.x.x    <----- Replace x.x.x.x with sflow server IP/NetFlow server IP.
diag debug flow trace start 1000

diag debug enable

To stop the debug logs:

diag debug reset
diag debug disable

Session 3:

    diag debug application sflowd -1
    diag debug enable

Note:

Configuring sFlow on any interface disables all NP7, NP6, NP6XLite, or NP6Lite offloading for all traffic on that interface.

Related articles:

Technical Tip: How to Configure Netflow

Technical Tip: How to configure sFlow