Description

This article describes how to troubleshoot Sflow and netflow issues.

Scope

FortiGate.

Solution

Viewing the Configuration:

diagnose test application sflowd 3
diagnose test application sflowd 4

Netflow does not have a separate daemon and is instead running under sflowd.
The Netflow configuration can be viewed by using test level 3 or 4.

For Netflow, the standard value is UDP port 2055, but other values like 9555, 9025, or 9026 can also be used.

For Sflow, the default port is 6343, and it can use any random port.

Session 1:

diagnose sniffer packet any 'host x.x.x.x' 4 0 l

 x.x.x.x with sflow server IP/ netflow server IP.

To stop the Sniffer, use CTRL + C.

Session 2:

diagnose debug flow show function-name en

diagnose debug flow filter addr x.x.x.x    <----- Replace x.x.x.x with sflow server IP/NetFlow server IP.
diagnose debug flow trace start 1000

diagnose debug enable

To stop the debug logs:

diagnose debug reset
diagnose debug disable

Session 3:

    diagnose debug application sflowd -1
    diagnose debug enable

Note:

Configuring sFlow on any interface disables all NP7, NP6, NP6XLite, or NP6Lite offloading for all traffic on that interface.

Related articles:

Technical Tip: How to Configure Netflow

Technical Tip: How to configure sFlow