Hello,
I have started with a RB2011iL-RM and I am trying to set up a Netflow structure to analyze the traffic from LAN to WAN. My impression is that I see all of the connections but only with a very small amount of traffic. I have tried several netflow analyzers (PRTG Network Monitor, Manageengine), both the same. PRTG offers a streamlog function which I can use for logging the flows. This logging also gives a very small amount of packet sizes, so I assume the problem on Mikrotik side or a handling error.
For example when downloading a 7 MB file from southforge, I get in the flow logfile about 25 records with a total byte sum of 6 KB (Outgoing/Incoming). Not going into that detail, the dashbords of the analyzer tools also offer me total traffic far < 7 MB for the download period.
In Mikrotik I have tried to enable Netflow for all interfaces and only for the Gateway Interface LAN/WAN (behind the provider router) as well (standard configuration on port 1). I have also tried several settings at Active Flow Timeouts according to recommendations of collecting/analyzing tools.
Is there any idea of a known handling error? The collection of flows seems to be sent successfully to the collecting machine but with very small sizes (surfing, streaming youtube videos as well) and in my opinion I should get correct traffic information at least when I enable Network flow for all interfaces?
Thanks and kind regards
Thomas