Hi Robert, see below On Tue, Mar 8, 2016 at 9:43 AM, Finze, Robert <[email protected] > wrote:
> Hi Simone, > > thanks for testing the configuration. > Yesterday I've started over with a fresh DB. > ntopng does have all privileges. It does create two tables "ntopngv4_2" > and "ntopngv6_2". > When I manually search for a IP, I can see corresponding entries (after > doing ip to integer conversion). > > Yet, using the search field in the ntop web-ui it says: > > "Host 10.0.2.4 cannot be found. > Perhaps this host has been previously purged from memory or it has never > been observed by this instance." > > This morning I've restarted (and updated) ntopng. An assumption is that > the search only show hosts which were visible since it's running. I will > try to confirm this. > right, only active hosts are shown. If you are looking for hosts that appeared in the past, then you should browse the interface historical page and look for the 'talkers' tab (feature available in the pro. version) > > ------------------- > > For redundancy reasons I want 2 probes which will be capturing the same > traffic. If one probe dies, the other will continue sending flows to the > collector. So I don't need to know which from which probe the flows are > coming (rather from which interface on each probe). > > Also for redundancy reasons it would be nice if the probes could "cache" > flows in case the collector dies. > My initial idea was that probes, collector and ntop use the same DB to > store (historical) flows. But you already said that the format differs. > you can deploy an ntopng for each nprobe, and let each ntopng write to the *same* MySQL database. This time format will be 100% compatible. Each ntopng will write its own instance name in a mysql column. For redundancy and HA you may think to a master-slave DB configuration, cloud, use mysql fabric, etc. simone > (Maybe this discussion should be on a separate thread.) > > > Cheers > Robert > > On 04.03.2016 17:15, Simone Mainardi wrote: > > Hi Robert, > > > > I've just tested your configuration on our lab and everything work as > > expected, including MySQL flow export and retrieval. > > On Server B, could you please try and see if the MySQL (identified by the > > specified password) has privileges to create database ntopng? > > > > ------ > > > > The idea to add more probes (e.g., `Servers of type A`) it totally > sound. > > For the collector you have two choices: > > - use only one collector for all the probes (in this case all the traffic > > is aggregated together as if it were coming from a single interface) > > - run a separate collector for each probe (in this case you can keep the > > traffic of each probe separated from the others) > > > > Simone > > > > On Wed, Mar 2, 2016 at 1:57 PM, Finze, Robert < > [email protected] > >> wrote: > > > >> Hi Simone, > >> > >> thanks for your answer. Here's my configuration: > >> > >> Server A (Probe): > >> nprobe -i eth1 -V 9 -n 10.0.0.1:2055 -G > >> > >> Server B (Collector): > >> nprobe --zmq tcp://*:5556 -V 9 -i none --collector-port 2055 -n none -G > >> > >> ntopng -i tcp://127.0.0.1:5556 -d /storage/ntopng -q -e -F > >> "mysql;localhost;flowdb;ntopdb;dbuser,dbuserpw" > >> > >> > >> The idea is to add more Servers of type A. I'm not quite sure however if > >> this is the way it is supposed to work. For instance do I need a > >> separate 'nprobe' process on Server B? > >> > >> > >> Cheers > >> > >> Robert > >> > >> On 02.03.2016 09:47, Simone Mainardi wrote: > >>> Robert, > >>> > >>> Presently, ntopng is not able to read MySQL flows that have been dumped > >> by > >>> nProbe. Hence, the latest solution proposed is not doable now. > >>> > >>> Could you please post nprobe and ntopng configurations so we can try > and > >>> reproduce your issue. If I understand correctly: you can see dumped > flows > >>> in the database, but ntopng is not able to fetch them for data > >> exploration. > >>> > >>> thanks, > >>> > >>> Simone > >>> > >>> On Wed, Mar 2, 2016 at 9:28 AM, Finze, Robert < > >> [email protected] > >>>> wrote: > >>> > >>>> Hello List, > >>>> > >>>> I'm a new (and happy) ntop/nrobe user currently setting up a testbed > and > >>>> can't get ntop to display historical data. > >>>> > >>>> The setup is that one nprobe server creates netflows and sends it to > >>>> another server where also a nprobe process is collecting the flows and > >>>> providing a zmq endpoint for ntop. ntop also writes them into a mysql > >>>> database (checked manually). > >>>> > >>>> Yet when I click through the interface and try to display historical > >>>> data it says "no results found". > >>>> (for example in the host view or when searching for hosts which have > >>>> been online yesterday). > >>>> > >>>> I've used the "-F" flag to save data to mysql. Is there another flag > >>>> that I need to tell ntop to read from the database? > >>>> > >>>> (Ideally I would let multiple nrpobes write to that DB and ntop only > >>>> read from it). > >>>> > >>>> > >>>> Cheers > >>>> > >>>> Robert > >>>> > >>>> P.S.: > >>>> I've read the articles > >>>> (http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng/) > >>>> about this. > >>>> _______________________________________________ > >>>> Ntop mailing list > >>>> [email protected] > >>>> http://listgateway.unipi.it/mailman/listinfo/ntop > >>>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> Ntop mailing list > >>> [email protected] > >>> http://listgateway.unipi.it/mailman/listinfo/ntop > >>> > >> > >> _______________________________________________ > >> Ntop mailing list > >> [email protected] > >> http://listgateway.unipi.it/mailman/listinfo/ntop > >> > > > > > > > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
