pfSense » pfSense Packages

I used to run pfsense 2.1 on several machines, all of which sent NetFlow data to a PRTG collector without any problem.
I was using the softflowd package for that.
Since I've upgraded pfsense to 2.2 on two of those (three) machines, the upgraded machines only sporadically send flow data to the collector, whereas the 2.1 machine still works correctly.
I have extensively tried to troubleshoot, and was able to determine that the cause of the flow data not being generated by softflowd seems to be the low amount of traffic on the interface.
Watching the softflowd statistics, I noticed that (since the interfaces softflowd was monitoring were nearly idle) the number of active flows stayed to 0 or to a very low number as the libpcap packets counter was below a certain threshold. But as soon as I start some big data transfer (eg. downloading the Ubuntu ISO from a LAN machine), the libpcap captured packets counter starts to increase rapidly, and flows start to be generated, and eventually softflowd starts sending them to the collector. As soon as the download was over, and the interface once more idle, softflowd stopped sending data again.
With pfsense 2.1, no matter how low the traffic was on the interface, softflowd was always sending some data to the collector, which duly reported the sensor as "active"; with 2.2 softflowd seems to send flow data to the collector only when there is a substantial amount of traffic, which causes the collector to report the sensor as "unknown/down" since it does not receive any flow data for a long time.
This may very well be related to freebsd, but maybe it can be worked around with a new release of the softflowd package,perhaps making sure that some data is always sent to "keep alive" the flow.
This user on FreeBSD 9 had the exact same problem and drew the same conclusions: https://forums.freebsd.org/threads/cannot-get-flows-again.42523/