Javier,
If I look at the collected packets and exported flows, they are absolutely
comparable between 7.4 and 8.1
7.4:
> 18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [2099368000
> bytes/2538000 pkts][767 flows/26 pkts sent]
> 18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [collected pkts:
> 213][processed flows: 0]
8.1:
> 18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [1083658 bytes/1294
> pkts][796 flows/27 pkts sent]
> 18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [collected pkts:
> 217][processed flows: 0]
So maybe there's some sampled traffic that is not properly re-scaled and this
results in smaller values. Indeed, if you look at v 7.4 bytes and packets, they
both end with 000 so an x1000 rescale is likely.
Have a look and tune the following options:
[--sample-rate|-S] <pkt rate>:<flow rate>
| Packet capture sampling rate and flow
| sampling rate. If <pkt rate> starts with
| '@' it means that nprobe will report
| the specified sampling rate but will
| not sample itself as incoming packets
| are already sampled on the specified
| capture device at the specified rate.
| This setup is meaningful only for
NetFlow/IPFIX
| as in sFlow this info is part of the
packet.
| Default: 1:1 [no sampling]
[--collector-sample-rate] <value> | Specify the bytes/pkts collection sample
rate (NetFlow only).
--upscale-traffic | In case of sampled traffic multiply the
packets/bytes
| according to the sampling packet rate.
| (See -S for more information)
Regards,
Simone
> On 18 Sep 2017, at 10:51, Javier Narváez <[email protected]> wrote:
>
> Hi Simone,
>
> Yes it is in demo mode because it was purchased more than a year ago, is that
> the problem? I haven't reached the 25000 flows of demo mode...
>
> Nprobe v7.4 in demo mode too receives a lot more of packets.
>
> I would like to get it working before renew it.
>
> Thank you in advance.
>
> Kind regards,
> Javi
>
> De: "Simone Mainardi" <[email protected]>
> Para: [email protected]
> Enviados: Lunes, 18 de Septiembre 2017 10:28:36
> Asunto: Re: [Ntop-misc] Nprobe receiving low number of packets after updating
> to v8.1
>
> Javier,
>
> nProbe is in DEMO mode:
>
>
> 18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR:
> *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: **
> **
> 18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE
> (missing valid license) **
> 18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: **
> **
> 18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license
> at **
> 18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/
> <https://shop.ntop.org/> **
> 18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: **
> **
> 18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR:
> *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR:
> ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version
> limited to 25000 flows export. *
> 18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR:
> ***************************************************************
>
>
>
> This means that your license is no longer valid. Very likely because it is
> older than 1 year. You should renew the maintenance. See:
> http://www.ntop.org/support/faq/how-can-i-renew-maintenance-for-commercial-products/
>
> <http://www.ntop.org/support/faq/how-can-i-renew-maintenance-for-commercial-products/>
>
> Regards,
> Simone
>
>
>
> On 18 Sep 2017, at 09:55, Javier Narváez <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hi! after upgrading to nprobe v8.1, it is receveing a very low number of
> packets, need I to change something in the config?
>
> v7.4 conf file:
> -i eth0
> --collector-port 9996
> --zmq "tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>"
> -u 1
> -Q 1
>
> Results after 10s running Nprobe v7.4:
> [root@ntopng /]# timeout 10s /usr/local/bin/nprobe /etc/nprobe/nprobe.conf
> 18/Sep/2017 09:36:48 [nprobe.c:3391] ERROR: Invalid nProbe license
> (/etc/nprobe.license) [License mismatch error]
> 18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR:
> *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: **
> **
> 18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE
> (missing valid license) **
> 18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: **
> **
> 18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license
> at **
> 18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/
> <https://shop.ntop.org/> **
> 18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: **
> **
> 18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR:
> *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR:
> ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version
> limited to 25000 flows export. *
> 18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR:
> ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:4916] -i is ignored as --collector-port|-3 has
> been used: using '-i none'
> 18/Sep/2017 09:36:48 [nprobe.c:4975] Welcome to nProbe v.7.4.170215
> ($Revision: 5334 $) for x86_64-unknown-linux-gnu with native PF_RING
> acceleration
> 18/Sep/2017 09:36:48 [nprobe.c:4985] Running on CentOS Linux release 7.3.1611
> (Core)
> 18/Sep/2017 09:36:48 [nprobe.c:4996] [LICENSE] nProbe SystemId:
> 910306039206AB23
> 18/Sep/2017 09:36:48 [nprobe.c:5085] WARNING: -n parameter is missing.
> 127.0.0.1:2055 will be used.
> 18/Sep/2017 09:36:48 [nprobe.c:7308] Welcome to nProbe v.7.4.170215 for
> x86_64-unknown-linux-gnu
> 18/Sep/2017 09:36:48 [plugin.c:1045] 0 plugin(s) enabled
> 18/Sep/2017 09:36:48 [nprobe.c:6836] Non IPv4/v6 traffic is discarded
> according to the template
> 18/Sep/2017 09:36:48 [util.c:434] GeoIP: loaded AS config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 18/Sep/2017 09:36:48 [util.c:445] GeoIP: loaded AS IPv6 config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 18/Sep/2017 09:36:48 [nprobe.c:5495] Using packet capture length 128
> 18/Sep/2017 09:36:48 [nprobe.c:7484] IPv6 traffic will NOT be
> exported/accounted by this probe
> 18/Sep/2017 09:36:48 [nprobe.c:7485] due to configuration options (e.g. use
> NetFlow v9)
> 18/Sep/2017 09:36:48 [nprobe.c:7631] Not capturing packet from interface
> (collector mode)
> 18/Sep/2017 09:36:48 [util.c:4036] Initializing ZMQ as server
> 18/Sep/2017 09:36:48 [util.c:4079] Succesfully created ZMQ endpoint
> tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>
> 18/Sep/2017 09:36:48 [collect.c:147] Flow collector listening on port 9996
> (IPv4/v6)
> 18/Sep/2017 09:36:48 [nprobe.c:7856] nProbe started successfully
> 18/Sep/2017 09:36:58 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0
> total/0.0 set/sec]
> 18/Sep/2017 09:36:58 [nprobe.c:499] Received shutdown request... [signal: 15]
> 18/Sep/2017 09:36:58 [engine.c:2944] About to flush hash (threadId 0)
> 18/Sep/2017 09:36:58 [engine.c:2946] Completed hash walk (thread 0)
> 18/Sep/2017 09:37:01 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0
> total/0.0 set/sec]
> 18/Sep/2017 09:37:01 [nprobe.c:2713] Processed packets: 1294 (max bucket
> search: 0)
> 18/Sep/2017 09:37:01 [nprobe.c:2696] Fragment queue length: 1
> 18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [2099368000
> bytes/2538000 pkts][767 flows/26 pkts sent]
> 18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [collected pkts:
> 213][processed flows: 0]
> 18/Sep/2017 09:37:01 [nprobe.c:2732] Flow drop stats: [0 bytes/0 pkts][0
> flows]
> 18/Sep/2017 09:37:01 [nprobe.c:2737] Total flow stats: [2099368000
> bytes/2538000 pkts][767 flows/26 pkts sent]
>
> Results after 10s running v8.1:
> [root@ntopng ~]# timeout 10s nprobe –zmq "tcp://127.0.0.1:5556
> <tcp://127.0.0.1:5556>" --collector-port 9996 -u 1 -Q 1
> 18/Sep/2017 09:50:25 [plugin.c:176] No plugins found in ./plugins
> 18/Sep/2017 09:50:25 [plugin.c:184] Loading 24 plugins [.so] from
> /usr/local/lib/nprobe/plugins
> 18/Sep/2017 09:50:25 [nprobe.c:3730] ERROR: Invalid nProbe license
> (/etc/nprobe.license) [Missing license file]
> 18/Sep/2017 09:50:25 [nprobe.c:3737] ERROR:
> *****************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:3738] ERROR: **
> **
> 18/Sep/2017 09:50:25 [nprobe.c:3739] ERROR: ** Switching to DEMO MODE
> (missing valid license) **
> 18/Sep/2017 09:50:25 [nprobe.c:3740] ERROR: **
> **
> 18/Sep/2017 09:50:25 [nprobe.c:3741] ERROR: ** Purchase your nProbe license
> at **
> 18/Sep/2017 09:50:25 [nprobe.c:3742] ERROR: ** https://shop.ntop.org/
> <https://shop.ntop.org/> **
> 18/Sep/2017 09:50:25 [nprobe.c:3743] ERROR: **
> **
> 18/Sep/2017 09:50:25 [nprobe.c:3744] ERROR:
> *****************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:5710] -i is ignored as --collector-port|-3 has
> been used: using '-i none'
> 18/Sep/2017 09:50:25 [nprobe.c:5769] Welcome to nProbe v.8.1.170918
> ($Revision: 5887 $) for x86_64-unknown-linux-gnu with native PF_RING
> acceleration
> 18/Sep/2017 09:50:25 [nprobe.c:5779] Running on CentOS Linux release 7.3.1611
> (Core)
> 18/Sep/2017 09:50:25 [nprobe.c:5790] [LICENSE] nProbe SystemId:
> 28BEC22B1C001090
> 18/Sep/2017 09:50:25 [nprobe.c:5878] WARNING: -n parameter is missing.
> 127.0.0.1:2055 will be used.
> 18/Sep/2017 09:50:25 [nprobe.c:5903] Sample rate [packet: 1][flow: 1]
> 18/Sep/2017 09:50:25 [nprobe.c:8320] ERROR:
> ***************************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:8321] ERROR: * NOTE: This is a DEMO version
> limited to 25000 flows export. *
> 18/Sep/2017 09:50:25 [nprobe.c:8322] ERROR:
> ***************************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:8328] Welcome to nProbe v.8.1.170918 for
> x86_64-unknown-linux-gnu
> 18/Sep/2017 09:50:25 [plugin.c:1070] 0 plugin(s) enabled
> 18/Sep/2017 09:50:25 [nprobe.c:7824] Non IPv4/v6 traffic is discarded
> according to the template
> 18/Sep/2017 09:50:25 [util.c:440] GeoIP: loaded AS config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 18/Sep/2017 09:50:25 [util.c:451] GeoIP: loaded AS IPv6 config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 18/Sep/2017 09:50:25 [nprobe.c:8507] IPv6 traffic will NOT be
> exported/accounted by this probe
> 18/Sep/2017 09:50:25 [nprobe.c:8508] due to configuration options (e.g. use
> NetFlow v9)
> 18/Sep/2017 09:50:25 [nprobe.c:8509] Please use -V to set the version to
> other than NetFlow V5
> 18/Sep/2017 09:50:25 [nprobe.c:8662] Not capturing packet from interface
> (collector mode)
> 18/Sep/2017 09:50:25 [util.c:3589] nProbe changed user to 'nobody'
> 18/Sep/2017 09:50:25 [collect.c:143] Flow collector listening on port 9996
> (IPv4/v6)
> 18/Sep/2017 09:50:25 [nprobe.c:8879] nProbe started successfully
> 18/Sep/2017 09:50:35 [nprobe.c:533] Received shutdown request... [signal: 15]
> 18/Sep/2017 09:50:35 [engine.c:3019] About to flush hash (threadId 0)
> 18/Sep/2017 09:50:35 [engine.c:3021] Completed hash walk (thread 0)
> 18/Sep/2017 09:50:38 [nprobe.c:2998] Processed packets: 1314 (max bucket
> search: 1)
> 18/Sep/2017 09:50:38 [nprobe.c:2981] Fragment queue length: 1
> 18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [1083658 bytes/1294
> pkts][796 flows/27 pkts sent]
> 18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [collected pkts:
> 217][processed flows: 0]
> 18/Sep/2017 09:50:38 [nprobe.c:3017] Flow drop stats: [0 bytes/0 pkts][0
> flows]
> 18/Sep/2017 09:50:38 [nprobe.c:3022] Total flow stats: [1083658 bytes/1294
> pkts][796 flows/27 pkts sent]
>
> Anybody knows how to solve it?
>
> Thanks in advance.
>
> Kind regards.
> Javi
> _______________________________________________
> Ntop-misc mailing list
> [email protected] <mailto:[email protected]>
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
