On 07/31/2015 12:36 PM, Steve Clark wrote:
On 07/31/2015 10:14 AM, Maurizio Molina wrote:
Hi Gerhard,
thanks for the tip... obviously it couldn't work like this as the ES in in my
host machine (a MAC) while ntopng is running in a Ubuntu Guest inside a
Virtualbox VM.
Now I changed the configuration. The target ES is 192.168.1.11:
maurizio@ubuntuMauriPC:~$ cat /etc/ntopng/ntopng.conf
-G=/var/tmp/ntopng.pid
-i=eth0
ntopng -F “es;flows;ntopng-%Y.%m.%d;http://192.168.1.11:9200/_bulk;”
Still, I don't see anything going from ntopng to the target ES (which is
192.168.1.11). The ntopng is 192.168.1.13:
new-host-2:~ mauriziomolina$ sudo tcpdump -i en1 -n src host 192.168.1.13 and
dst host 192.168.1.11
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
1740 packets received by filter
0 packets dropped by kernel
and this is the same tcpdump issuing from the ntopng host a test connection on
port 9200:
maurizio@ubuntuMauriPC:~$ telnet 192.168.1.11 9200
Trying 192.168.1.11...
^C
If you run this on 192.168.1.11 do you get a connection? It looks like
something is blocking the traffic from .13 to .11.
as you see, the connection opening attempt packets are correctly received on
the ES target.
new-host-2:~ mauriziomolina$ sudo tcpdump -i en1 -n src host 192.168.1.13 and
dst host 192.168.1.11
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:02:47.049771 IP 192.168.1.13.57671 > 192.168.1.11.9200: Flags [S], seq
2612417961, win 29200, options [mss 1460,sackOK,TS val 509452 ecr 0,nop,wscale 7],
length 0
16:02:48.048740 IP 192.168.1.13.57671 > 192.168.1.11.9200: Flags [S], seq
2612417961, win 29200, options [mss 1460,sackOK,TS val 509702 ecr 0,nop,wscale 7],
length 0
16:02:50.052887 IP 192.168.1.13.57671 > 192.168.1.11.9200: Flags [S], seq
2612417961, win 29200, options [mss 1460,sackOK,TS val 510203 ecr 0,nop,wscale 7],
length 0
^C
3 packets captured
1588 packets received by filter
0 packets dropped by kernel
Is there a FW blocking your connection to the 192.168.1.11 host - you are not
getting SYN-ACK responses from it.
Oops meant SYN response. If you tcpdump on .11 do you see the SYN packets from
.13?
Am I still missing some configuration on the ntopng side?
regards,
Maurizio
On 31/07/15 14:46, Gerhard Mourani wrote:
Hello,
Change ‘localhost' for the IP address of your ES, restart ntopng and check
again.
Gerhard,
On Jul 31, 2015, at 8:42 AM, Maurizio Molina <[email protected]
<mailto:[email protected]>> wrote:
Hi Steve,
my ntopng.conf is as follows:
maurizio@ubuntuMauriPC:~$ more /etc/ntopng/ntopng.conf
-G=/var/tmp/ntopng.pid
-i=eth0
ntopng -F “es;flows;ntopng-%Y.%m.%d;http://localhost:9200/_bulk;”
Any suggestion on how to debug this?
rgds,
Maurizio
On 31/07/15 14:12, Steve Clark wrote:
Hmmm...looks like maybe ntopng is not configured correctly to send to ES. You
should see and index
like
yellow open ntopng2-2015.06.18 5 1 4546602 0 997.5mb
997.5mb
On 07/31/2015 07:17 AM, Maurizio Molina wrote:
Hi,
I'd like to start using es/kibana to visualize ntopng results. I've seen the
instructions on:
http://www.ntop.org/ntopng/exploring-your-traffic-using-ntopng-with-elasticsearchkibana/
to configure the ntopng es export and implemented them.
But (as I'm a newbie in es/kibana) I'd like to know the basic steps (on the
kibana/es side) to connect and view to the defined index ntopng-%Y.%m.%d
I installed both es and kibana (and marvel too!) and they appear to be
up'n'running.
The following command shows the available indexes, but obviously I need to do
something to view also the ntopng... one. What?
new-host-2:~ mauriziomolina$ curl 'localhost:9200/_cat/indices?v'
health status index pri rep docs.count docs.deleted store.size
pri.store.size
yellow open .marvel-2015.06.24 1 1 1280 0 2.4mb
2.4mb
yellow open accounts 5 1 1000 0 417.3kb
417.3kb
yellow open .marvel-2015.07.28 1 1 23638 0 30.1mb
30.1mb
yellow open logstash-2015.05.18 5 1 4631 0 16.8mb
16.8mb
yellow open .kibana 5 1 4 0 15.6kb
15.6kb
yellow open .marvel-2015.07.31 1 1 3785 0 7.8mb
7.8mb
yellow open logstash-2015.05.20 5 1 4750 0 17.3mb
17.3mb
yellow open logstash-2015.05.19 5 1 4624 0 16.1mb
16.1mb
yellow open shakespeare 5 1 111396 0 17.9mb
17.9mb
yellow open .marvel-kibana 1 1 1 0 6.4kb 6.4kb
new-host-2:~ mauriziomolina$
Thanks,
Maurizio
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: [email protected]
http://www.netwolves.com
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
--
Maurizio Molina
CTO - Talaia Solutions S.R.L.
+33.688431840
email:[email protected]
skype: mauriziomolina
www.talaiasolutions.com
_______________________________________________
Ntop mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
--
Maurizio Molina
CTO - Talaia Solutions S.R.L.
+33.688431840
email:[email protected]
skype: mauriziomolina
www.talaiasolutions.com
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: [email protected]
http://www.netwolves.com
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: [email protected]
http://www.netwolves.com
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
