Bob do you see flows collected in nprobe ? Pehaps the problem is there Luca
> On 03 Dec 2014, at 17:52, Bob Caddell <[email protected]> wrote: > > Hi Yuri, > I enclosed the command in quotes like your example yet still no data in > ntopng. > I have also turned off iptables to test. > > Here is the output when I start nprobe: > nprobe --zmq "tcp://*:5556" -i none -n none -b 2 -3 2055 > 03/Dec/2014 08:00:00 [nprobe.c:6118] Valid nProbe license found > > 03/Dec/2014 08:00:00 [plugin.c:160] No plugins found in ./plugins > > 03/Dec/2014 08:00:00 [plugin.c:166] Loading plugins [.so] from > /usr/local/lib/nprobe/plugins > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin RTP Plugin: > missing license [/etc/nprobe.license.voippro] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin SMTP Protocol: > missing license [/etc/nprobe.license.email] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin Radius Protocol: > missing license [/etc/nprobe.license.radius] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin HTTP Protocol: > missing license [/etc/nprobe.license.http] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin Netflow-Lite > Plugin: missing license [/etc/nprobe.license.nflite] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin DNS Protocol: > missing license [/etc/nprobe.license.dns] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin GTPv0 Signaling > Protocol: missing license [/etc/nprobe.license.gtpv0] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin L7 Plugin: > missing license [/etc/nprobe.license.l7] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin SIP Plugin: > missing license [/etc/nprobe.license.voippro] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin GTPv2 Signaling > Protocol: missing license [/etc/nprobe.license.gtpv2] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin GTPv1 Signaling > Protocol: missing license [/etc/nprobe.license.gtpv1] > > 03/Dec/2014 08:00:00 [plugin.c:725] Unable to enable plugin System process > information: missing license [/etc/nprobe.license.process] > > 03/Dec/2014 08:00:00 [nprobe.c:4172] WARNING: The output interfaceId is set > to 0: did you forget to use -Q perhaps ? > > 03/Dec/2014 08:00:00 [nprobe.c:4175] WARNING: The input interfaceId is set to > 0: did you forget to use -u perhaps ? > > 03/Dec/2014 08:00:00 [nprobe.c:4230] Welcome to nprobe v.7.0.141119 > ($Revision: 4541 $) for x86_64-unknown-linux-gnu with native PF_RING > acceleration > > 03/Dec/2014 08:00:00 [nprobe.c:4248] nProbe SystemId: xxxxxxxxxxxxxxxxxxxxx > > 03/Dec/2014 08:00:00 [nprobe.c:4260] nProbe License: xxxxxxxxxxxxxxxxxxxxx > > 03/Dec/2014 08:00:00 [nprobe.c:4263] Tracing enabled > > 03/Dec/2014 08:00:00 [mysqlPlugin.c:117] Initialized MySQL plugin > > 03/Dec/2014 08:00:00 [bgpPlugin.c:381] BGP plugin is disabled (--bgp-port has > not been specified) > > 03/Dec/2014 08:00:00 [dbPlugin.c:78] Initializing DB plugin > > 03/Dec/2014 08:00:00 [plugin.c:241] 3 plugin(s) loaded [3 delete][2 packet]. > > 03/Dec/2014 08:00:00 [nprobe.c:6153] Welcome to nprobe v.7.0.141119 for > x86_64-unknown-linux-gnu > > 03/Dec/2014 08:00:00 [nprobe.c:5385] Compiling flow templates... > > 03/Dec/2014 08:00:00 [plugin.c:834] Scanning plugin MySQL Plugin [mysql] > > 03/Dec/2014 08:00:00 [plugin.c:834] Scanning plugin BGP Update Listener [bgp] > > 03/Dec/2014 08:00:00 [plugin.c:834] Scanning plugin MySQL DB [db] > > 03/Dec/2014 08:00:00 [plugin.c:977] 0 plugin(s) enabled > > 03/Dec/2014 08:00:00 [util.c:298] GeoIP: loaded AS config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat > > 03/Dec/2014 08:00:00 [util.c:307] GeoIP: loaded AS IPv6 config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat > > 03/Dec/2014 08:00:00 [nprobe.c:4757] Using packet capture length 128 > > 03/Dec/2014 08:00:00 [nprobe.c:6321] IPv6 traffic will NOT be > exported/accounted by this probe > > 03/Dec/2014 08:00:00 [nprobe.c:6322] due to configuration options (e.g. use > NetFlow v9) > > 03/Dec/2014 08:00:00 [nprobe.c:6325] The flows hash has 131072 buckets > > 03/Dec/2014 08:00:00 [nprobe.c:6327] Flows older than 120 seconds will be > exported > > 03/Dec/2014 08:00:00 [nprobe.c:6330] Flows inactive for at least 30 seconds > will be exported > > 03/Dec/2014 08:00:00 [nprobe.c:6333] Expired flows will not be queued for > more than 30 seconds > > 03/Dec/2014 08:00:00 [nprobe.c:6340] Exported flows with engineType 0 and > engineId 128 > > 03/Dec/2014 08:00:00 [nprobe.c:6362] TCP TOS will be ignored and set to 0. > > 03/Dec/2014 08:00:00 [nprobe.c:6380] After 1 flow packets are sent, we'll > delay at least 1 ms > > 03/Dec/2014 08:00:00 [nprobe.c:6400] Flows will be emitted in NetFlow 5 format > > 03/Dec/2014 08:00:00 [nprobe.c:6430] Flow input interface index is set to 0 > > 03/Dec/2014 08:00:00 [nprobe.c:6436] Flow output interface index is set to 0 > > 03/Dec/2014 08:00:00 [nprobe.c:6450] Not capturing packet from interface > (collector mode) > > 03/Dec/2014 08:00:00 [util.c:3726] Succesfully created ZMQ endpoint > tcp://*:5556 > > 03/Dec/2014 08:00:00 [plugin.c:796] Disabling plugin MySQL Plugin (no > template is using it) > > 03/Dec/2014 08:00:00 [plugin.c:796] Disabling plugin BGP Update Listener (no > template is using it) > > 03/Dec/2014 08:00:00 [plugin.c:796] Disabling plugin MySQL DB (no template is > using it) > > 03/Dec/2014 08:00:00 [collect.c:99] Created UDP sockets > > 03/Dec/2014 08:00:00 [collect.c:158] Flow collector listening on port 2055 > (IPv4/v6) > > 03/Dec/2014 08:00:00 [nprobe.c:6570] Starting 1 packet fetch thread(s) > > 03/Dec/2014 08:00:00 [engine.c:3055] Starting bucket dequeue thread > > 03/Dec/2014 08:00:00 [nprobe.c:6658] nProbe started successfully > > > > When starting ntopng: > > ntopng -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> & > > [1] 2736 > > [root@newmail ~]# 03/Dec/2014 07:55:37 [Ntop.cpp:683] Setting local networks > to > 192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8 > > <http://192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8> > 03/Dec/2014 07:55:37 [Redis.cpp:84] Successfully connected to Redis > 127.0.0.1:6379 <http://127.0.0.1:6379/> > 03/Dec/2014 07:55:37 [Ntop.cpp:807] Registered interface tcp://127.0.0.1:5556 > <http://127.0.0.1:5556/> [id: 0] > > 03/Dec/2014 07:55:37 [Utils.cpp:252] User changed to nobody > > 03/Dec/2014 07:55:37 [main.cpp:183] PID stored in file /var/tmp/ntopng.pid > > 03/Dec/2014 07:55:37 [HTTPserver.cpp:387] HTTPS Disabled: missing SSL > certificate /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem > > 03/Dec/2014 07:55:37 [HTTPserver.cpp:389] Please read > https://svn.ntop.org/svn/ntop/trunk/ntopng/README.SSL > <https://svn.ntop.org/svn/ntop/trunk/ntopng/README.SSL> if you want to enable > SSL. > > 03/Dec/2014 07:55:37 [HTTPserver.cpp:434] Web server dirs > [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] > > 03/Dec/2014 07:55:37 [HTTPserver.cpp:437] HTTP server listening on port 3000 > > 03/Dec/2014 07:55:37 [main.cpp:231] Working directory: /var/tmp/ntopng > > 03/Dec/2014 07:55:37 [main.cpp:233] Scripts/HTML pages directory: > /usr/share/ntopng > > 03/Dec/2014 07:55:37 [Ntop.cpp:218] Welcome to ntopng x86_64 v.1.2.2 (r1.2.2) > - (C) 1998-14 ntop.org <http://ntop.org/> > 03/Dec/2014 07:55:37 [PeriodicActivities.cpp:53] Started periodic activities > loop... > > 03/Dec/2014 07:55:37 [RuntimePrefs.cpp:32] Dump alerts into syslog > > 03/Dec/2014 07:55:37 [NetworkInterface.cpp:842] Started packet polling on > interface tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> [id: 5]... > > > 03/Dec/2014 07:55:37 [CollectorInterface.cpp:92] Collecting flows on > tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> > > On Tue, Dec 2, 2014 at 11:27 PM, Yuri Francalacci <[email protected] > <mailto:[email protected]>> wrote: > Bob, > did you enclose the âzmq param in nprobe with â' > Otherwise the shell will expand the â*â sign > it should be something like >> nprobe --zmq "tcp://*:5556 <>" -i none -n none -b 2 -3 2055 >> > > Yuri > ############################################### > Yuri Francalacci - [email protected] <mailto:[email protected]> - > http://www.ntop.org <http://www.ntop.org/> > "Simplicity is the ultimate sophistication" - Leonardo da Vinci > ############################################### > >> On 03 Dec 2014, at 05:53, Bob Caddell <[email protected] >> <mailto:[email protected]>> wrote: >> >> Luca, >> Please excuse my inattention to this thread as I was out of the office the >> past week. >> >> Here is the the line I start nprobe with: >> nprobe --zmq tcp://*:5556 <> -i none -n none -b 2 -3 2055 >> >> I am seeing traffic from my router on port 2055 using tcpdump. I've used >> Solarwinds netflow scanner to verify the router is dumping flow packets. >> >> I am running ntopng with the following line: >> >> >> ntopng -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> >> I can access the web interface and it reports no talkers. >> >> I have run ntopng and captured packets from the ethernet interface but >> cannot get the nprobe to work with it. >> >> I can see where this will be a really powerful tool once I can get it to >> work. >> >> Thanks, >> Bob >> >> >> >> >> >> >> >> On Tue, Dec 2, 2014 at 1:11 PM, Luca Deri <[email protected] >> <mailto:[email protected]>> wrote: >> Bob >> -b 2 will display if flows populate the nProbe cache: so you see some >> activity happening? >> >> Luca >> >>> On 20 Nov 2014, at 23:30, Bob Caddell <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi, >>> I have installed ntopng, nprobe and all the other requirements. I have >>> configured my Cisco router to export netflow data to the nprobe in >>> collector mode on port 2055. >>> I start the nProbe like this : nprobe --zmq "tcp://*:5556 <>" -i none -n >>> none -b 2 -3 2055 >>> The ntopng with: ntopng -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> >>> When I do a tcpdump on the nprobe/ntopng host I can see traffic from my >>> Cisco router: >>> tcpdump port 2055 >>> >>> >>> 14:10:20.618537 IP 10.0.254.1.58944 > 198.189.xxx.3.iop: UDP, length 1464 >>> >>> 14:10:20.618616 IP 10.0.254.1.58944 > 198.189.xxx.3.iop: UDP, length 1464 >>> >>> 14:10:20.618664 IP 10.0.254.1.58944 > 198.189.xxx.3.iop: UDP, length 1464 >>> >>> 14:10:20.618705 IP 10.0.254.1.58944 > 198.189.xxx.3.iop: UDP, length 1464 >>> >>> 14:10:20.618750 IP 10.0.254.1.58944 > 198.189.xxx.3.iop: UDP, length 1464 >>> >>> >>> 14:10:20.618804 IP 10.0.254.1.58944 > 198.189.xxx.3.iop: UDP, length 1464 >>> >>> My problem is that nothing shows up on the web interface after I log in. >>> >>> Does anyone see a problem? >>> >>> Thank you, >>> Bob >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> Bob Caddell, Supervisor of Technology, Maintenance & Operations >>> Siskiyou County Office of Education >>> 609 South Gold Street, Yreka CA 96097-3110 >>> 530.842.8420 <tel:530.842.8420> - 530.842.8436 <tel:530.842.8436> Fax >>> http://www.siskiyoucoe.net <http://www.siskiyoucoe.net/> >>> >>> Providing Educational Leadership, Resources and Services to Districts and >>> Schools to Ensure Learning For All Students >>> CONFIDENTIALITY NOTICE: This communication with its contents may contain >>> confidential and/or legally privileged information. It is solely for the >>> use of the intended recipient(s). Unauthorized interception, review, use or >>> disclosure is prohibited and may violate applicable laws including the >>> Electronic Communications Privacy Act. If you are not the intended >>> recipient, please contact the sender and destroy all copies of the >>> communication. >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] <mailto:[email protected]> >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> >> >> >> -- >> Bob Caddell, Supervisor of Technology, Maintenance & Operations >> Siskiyou County Office of Education >> 609 South Gold Street, Yreka CA 96097-3110 >> 530.842.8420 <tel:530.842.8420> - 530.842.8436 <tel:530.842.8436> Fax >> http://www.siskiyoucoe.net <http://www.siskiyoucoe.net/> >> >> Providing Educational Leadership, Resources and Services to Districts and >> Schools to Ensure Learning For All Students >> CONFIDENTIALITY NOTICE: This communication with its contents may contain >> confidential and/or legally privileged information. It is solely for the use >> of the intended recipient(s). Unauthorized interception, review, use or >> disclosure is prohibited and may violate applicable laws including the >> Electronic Communications Privacy Act. If you are not the intended >> recipient, please contact the sender and destroy all copies of the >> communication. >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > > > -- > Bob Caddell, Supervisor of Technology, Maintenance & Operations > Siskiyou County Office of Education > 609 South Gold Street, Yreka CA 96097-3110 > 530.842.8420 - 530.842.8436 Fax > http://www.siskiyoucoe.net <http://www.siskiyoucoe.net/> > > Providing Educational Leadership, Resources and Services to Districts and > Schools to Ensure Learning For All Students > CONFIDENTIALITY NOTICE: This communication with its contents may contain > confidential and/or legally privileged information. It is solely for the use > of the intended recipient(s). Unauthorized interception, review, use or > disclosure is prohibited and may violate applicable laws including the > Electronic Communications Privacy Act. If you are not the intended recipient, > please contact the sender and destroy all copies of the communication. > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
