Hi Simone, Thanks for helping!
There are still problems concerning the historical data. I don't know what else I could try. In the ntopng.log it says it successfully connected to the DB: "[MySQLDB.cpp:273] Succesfully connected to MySQL [ip-mysql-server:root] for interface tcp://127.0.0.1:5556" In the DB itself I can see entries coming in. However in the interface historical page on the bottom I see a red bar and "No Results Found". Same applies if I check a host's historical page. For completeness here my system specs (collector): Ubuntu 14.04.3 LTS nProbe Pro v.7.2.160308 (r4471) for x86_64-unknown-linux-gnu ntopng --version v.2.2.160308 [Professional Edition] GIT rev: 2.2-stable:06306079a9f31f95143756e855b99ac968415763:20160308 Pro rev: r524 ntopng and nprobe installed via apt-get. ------------- For the other question I will write a separate mail, since I feel it doesn't belong here any more. Cheers Robert On 08.03.2016 13:19, Simone Mainardi wrote: > Hi Robert, see below > > On Tue, Mar 8, 2016 at 9:43 AM, Finze, Robert <[email protected] >> wrote: > >> Hi Simone, >> >> thanks for testing the configuration. >> Yesterday I've started over with a fresh DB. >> ntopng does have all privileges. It does create two tables "ntopngv4_2" >> and "ntopngv6_2". >> When I manually search for a IP, I can see corresponding entries (after >> doing ip to integer conversion). >> >> Yet, using the search field in the ntop web-ui it says: >> >> "Host 10.0.2.4 cannot be found. >> Perhaps this host has been previously purged from memory or it has never >> been observed by this instance." >> >> This morning I've restarted (and updated) ntopng. An assumption is that >> the search only show hosts which were visible since it's running. I will >> try to confirm this. >> > > right, only active hosts are shown. If you are looking for hosts that > appeared in the past, > then you should browse the interface historical page and look for the > 'talkers' tab (feature available in the pro. version) > > >> >> ------------------- >> >> For redundancy reasons I want 2 probes which will be capturing the same >> traffic. If one probe dies, the other will continue sending flows to the >> collector. So I don't need to know which from which probe the flows are >> coming (rather from which interface on each probe). >> >> Also for redundancy reasons it would be nice if the probes could "cache" >> flows in case the collector dies. >> My initial idea was that probes, collector and ntop use the same DB to >> store (historical) flows. But you already said that the format differs. >> > > you can deploy an ntopng for each nprobe, and let each ntopng write to the > *same* MySQL database. This time format will be 100% compatible. > Each ntopng will write its own instance name in a mysql column. > > For redundancy and HA you may think to a master-slave DB configuration, > cloud, use mysql fabric, etc. > > simone > > >> (Maybe this discussion should be on a separate thread.) >> >> >> Cheers >> Robert >> >> On 04.03.2016 17:15, Simone Mainardi wrote: >>> Hi Robert, >>> >>> I've just tested your configuration on our lab and everything work as >>> expected, including MySQL flow export and retrieval. >>> On Server B, could you please try and see if the MySQL (identified by the >>> specified password) has privileges to create database ntopng? >>> >>> ------ >>> >>> The idea to add more probes (e.g., `Servers of type A`) it totally >> sound. >>> For the collector you have two choices: >>> - use only one collector for all the probes (in this case all the traffic >>> is aggregated together as if it were coming from a single interface) >>> - run a separate collector for each probe (in this case you can keep the >>> traffic of each probe separated from the others) >>> >>> Simone >>> >>> On Wed, Mar 2, 2016 at 1:57 PM, Finze, Robert < >> [email protected] >>>> wrote: >>> >>>> Hi Simone, >>>> >>>> thanks for your answer. Here's my configuration: >>>> >>>> Server A (Probe): >>>> nprobe -i eth1 -V 9 -n 10.0.0.1:2055 -G >>>> >>>> Server B (Collector): >>>> nprobe --zmq tcp://*:5556 -V 9 -i none --collector-port 2055 -n none -G >>>> >>>> ntopng -i tcp://127.0.0.1:5556 -d /storage/ntopng -q -e -F >>>> "mysql;localhost;flowdb;ntopdb;dbuser,dbuserpw" >>>> >>>> >>>> The idea is to add more Servers of type A. I'm not quite sure however if >>>> this is the way it is supposed to work. For instance do I need a >>>> separate 'nprobe' process on Server B? >>>> >>>> >>>> Cheers >>>> >>>> Robert >>>> >>>> On 02.03.2016 09:47, Simone Mainardi wrote: >>>>> Robert, >>>>> >>>>> Presently, ntopng is not able to read MySQL flows that have been dumped >>>> by >>>>> nProbe. Hence, the latest solution proposed is not doable now. >>>>> >>>>> Could you please post nprobe and ntopng configurations so we can try >> and >>>>> reproduce your issue. If I understand correctly: you can see dumped >> flows >>>>> in the database, but ntopng is not able to fetch them for data >>>> exploration. >>>>> >>>>> thanks, >>>>> >>>>> Simone >>>>> >>>>> On Wed, Mar 2, 2016 at 9:28 AM, Finze, Robert < >>>> [email protected] >>>>>> wrote: >>>>> >>>>>> Hello List, >>>>>> >>>>>> I'm a new (and happy) ntop/nrobe user currently setting up a testbed >> and >>>>>> can't get ntop to display historical data. >>>>>> >>>>>> The setup is that one nprobe server creates netflows and sends it to >>>>>> another server where also a nprobe process is collecting the flows and >>>>>> providing a zmq endpoint for ntop. ntop also writes them into a mysql >>>>>> database (checked manually). >>>>>> >>>>>> Yet when I click through the interface and try to display historical >>>>>> data it says "no results found". >>>>>> (for example in the host view or when searching for hosts which have >>>>>> been online yesterday). >>>>>> >>>>>> I've used the "-F" flag to save data to mysql. Is there another flag >>>>>> that I need to tell ntop to read from the database? >>>>>> >>>>>> (Ideally I would let multiple nrpobes write to that DB and ntop only >>>>>> read from it). >>>>>> >>>>>> >>>>>> Cheers >>>>>> >>>>>> Robert >>>>>> >>>>>> P.S.: >>>>>> I've read the articles >>>>>> (http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng/) >>>>>> about this. >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
