Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
js2
Staff
Staff

Created on ‎11-30-2020 02:03 AM Edited on ‎10-23-2024 06:13 AM By Moderator

Article Id 192171

Troubleshooting Tip: Sflow and netflow issues

Description


This article describes how to troubleshoot Sflow and netflow issues.

 

Scope

 

FortiGate.

Solution


Viewing the Configuration:

 

diagnose test application sflowd 3
diagnose test application sflowd 4

 

Netflow does not have a separate daemon and is instead running under sflowd.
The Netflow configuration can be viewed by using test level 3 or 4.

For Netflow, the standard value is UDP port 2055, but other values like 9555, 9025, or 9026 can also be used.


Session 1:

 

diag sniffer packet any 'host x.x.x.x' 4 0 l

 

 x.x.x.x with sflow server IP/ netflow server IP.

 

To stop the Sniffer, use CTRL + C.

Session 2:

 

diag debug flow show function-name en

diag debug flow filter addr x.x.x.x    <----- Replace x.x.x.x with sflow server IP/NetFlow server IP.
diag debug flow trace start 1000

diag debug enable

 

To stop the debug logs:

 

diag debug reset
diag debug disable

 

Session 3:

 

    diag debug application sflowd -1
    diag debug en

 

Related articles:

Technical Tip: How to Configure Netflow

Technical Tip: How to configure sFlow

10239
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.