Log is showing the following error
pmacctd[3506]: ERROR ( default_nfprobe/nfprobe ): parse_engine(): engine_type:engine_id is only supported on NetFlow v5 export
I have the following config:
interface eth0
netflow {
sampling-rate 100
server netflow-server {
port 2261
}
version 9
}
syslog-facility daemonhttps://github.com/pmacct/pmacct/blob/master/UPGRADE
Until version 1.7.0 it was possible to (mistakenly) configure the
NetFlow v9 SourceID field/IPFIX Observation Domain ID with the old
NetFlow v5 jargon, ie. '1:1'. This is now threated as invalid and
a positive 32-bit number, ie. '100000', is expected. If exporting
NetFlow v5, nothing changed: the Engine ID/Engine Type input, ie.
'1:1', is still valid and expected.
Solved by disabling engine ID when the version is 9, not sure if this is enough but on my router it works.
--- /opt/vyatta/sbin/vyatta-netflow.pl.orig 2019-01-02 23:06:11.914045003 +0100 +++ /opt/vyatta/sbin/vyatta-netflow.pl 2019-01-02 23:04:08.951424305 +0100 @@ -173,7 +173,7 @@ $output .= "nfprobe_receiver: $server_port\n"; $output .= "nfprobe_version: $version\n" if defined $version; $output .= "nfprobe_source_ip: $source_ip\n" if defined $source_ip; - $output .= "nfprobe_engine: $engine_id:0\n"; + $output .= "nfprobe_engine: $engine_id:0\n" if $version ne '9'; $output .= "nfprobe_timeouts: $timeout_str\n" if $timeout_str ne ''; $output .= "nfprobe_maxflows: $maxflows\n" if defined $maxflows;