Robert, thanks for reporting. Could you please file github issues? It is easier for us to track the progress.
Thank you, simone On Tue, Mar 8, 2016 at 5:07 PM, Finze, Robert <[email protected] > wrote: > Hi Simone, > > Thanks for helping! > > There are still problems concerning the historical data. > I don't know what else I could try. > > In the ntopng.log it says it successfully connected to the DB: > > "[MySQLDB.cpp:273] Succesfully connected to MySQL [ip-mysql-server:root] > for interface tcp://127.0.0.1:5556" > > In the DB itself I can see entries coming in. > > However in the interface historical page on the bottom I see a red bar > and "No Results Found". Same applies if I check a host's historical page. > > > For completeness here my system specs (collector): > > Ubuntu 14.04.3 LTS > nProbe Pro v.7.2.160308 (r4471) for x86_64-unknown-linux-gnu > > ntopng --version > v.2.2.160308 [Professional Edition] > GIT rev: 2.2-stable:06306079a9f31f95143756e855b99ac968415763:20160308 > Pro rev: r524 > > ntopng and nprobe installed via apt-get. > > > ------------- > > For the other question I will write a separate mail, since I feel it > doesn't belong here any more. > > > Cheers > Robert > > On 08.03.2016 13:19, Simone Mainardi wrote: > > Hi Robert, see below > > > > On Tue, Mar 8, 2016 at 9:43 AM, Finze, Robert < > [email protected] > >> wrote: > > > >> Hi Simone, > >> > >> thanks for testing the configuration. > >> Yesterday I've started over with a fresh DB. > >> ntopng does have all privileges. It does create two tables "ntopngv4_2" > >> and "ntopngv6_2". > >> When I manually search for a IP, I can see corresponding entries (after > >> doing ip to integer conversion). > >> > >> Yet, using the search field in the ntop web-ui it says: > >> > >> "Host 10.0.2.4 cannot be found. > >> Perhaps this host has been previously purged from memory or it has never > >> been observed by this instance." > >> > >> This morning I've restarted (and updated) ntopng. An assumption is that > >> the search only show hosts which were visible since it's running. I will > >> try to confirm this. > >> > > > > right, only active hosts are shown. If you are looking for hosts that > > appeared in the past, > > then you should browse the interface historical page and look for the > > 'talkers' tab (feature available in the pro. version) > > > > > >> > >> ------------------- > >> > >> For redundancy reasons I want 2 probes which will be capturing the same > >> traffic. If one probe dies, the other will continue sending flows to the > >> collector. So I don't need to know which from which probe the flows are > >> coming (rather from which interface on each probe). > >> > >> Also for redundancy reasons it would be nice if the probes could "cache" > >> flows in case the collector dies. > >> My initial idea was that probes, collector and ntop use the same DB to > >> store (historical) flows. But you already said that the format differs. > >> > > > > you can deploy an ntopng for each nprobe, and let each ntopng write to > the > > *same* MySQL database. This time format will be 100% compatible. > > Each ntopng will write its own instance name in a mysql column. > > > > For redundancy and HA you may think to a master-slave DB configuration, > > cloud, use mysql fabric, etc. > > > > simone > > > > > >> (Maybe this discussion should be on a separate thread.) > >> > >> > >> Cheers > >> Robert > >> > >> On 04.03.2016 17:15, Simone Mainardi wrote: > >>> Hi Robert, > >>> > >>> I've just tested your configuration on our lab and everything work as > >>> expected, including MySQL flow export and retrieval. > >>> On Server B, could you please try and see if the MySQL (identified by > the > >>> specified password) has privileges to create database ntopng? > >>> > >>> ------ > >>> > >>> The idea to add more probes (e.g., `Servers of type A`) it totally > >> sound. > >>> For the collector you have two choices: > >>> - use only one collector for all the probes (in this case all the > traffic > >>> is aggregated together as if it were coming from a single interface) > >>> - run a separate collector for each probe (in this case you can keep > the > >>> traffic of each probe separated from the others) > >>> > >>> Simone > >>> > >>> On Wed, Mar 2, 2016 at 1:57 PM, Finze, Robert < > >> [email protected] > >>>> wrote: > >>> > >>>> Hi Simone, > >>>> > >>>> thanks for your answer. Here's my configuration: > >>>> > >>>> Server A (Probe): > >>>> nprobe -i eth1 -V 9 -n 10.0.0.1:2055 -G > >>>> > >>>> Server B (Collector): > >>>> nprobe --zmq tcp://*:5556 -V 9 -i none --collector-port 2055 -n none > -G > >>>> > >>>> ntopng -i tcp://127.0.0.1:5556 -d /storage/ntopng -q -e -F > >>>> "mysql;localhost;flowdb;ntopdb;dbuser,dbuserpw" > >>>> > >>>> > >>>> The idea is to add more Servers of type A. I'm not quite sure however > if > >>>> this is the way it is supposed to work. For instance do I need a > >>>> separate 'nprobe' process on Server B? > >>>> > >>>> > >>>> Cheers > >>>> > >>>> Robert > >>>> > >>>> On 02.03.2016 09:47, Simone Mainardi wrote: > >>>>> Robert, > >>>>> > >>>>> Presently, ntopng is not able to read MySQL flows that have been > dumped > >>>> by > >>>>> nProbe. Hence, the latest solution proposed is not doable now. > >>>>> > >>>>> Could you please post nprobe and ntopng configurations so we can try > >> and > >>>>> reproduce your issue. If I understand correctly: you can see dumped > >> flows > >>>>> in the database, but ntopng is not able to fetch them for data > >>>> exploration. > >>>>> > >>>>> thanks, > >>>>> > >>>>> Simone > >>>>> > >>>>> On Wed, Mar 2, 2016 at 9:28 AM, Finze, Robert < > >>>> [email protected] > >>>>>> wrote: > >>>>> > >>>>>> Hello List, > >>>>>> > >>>>>> I'm a new (and happy) ntop/nrobe user currently setting up a testbed > >> and > >>>>>> can't get ntop to display historical data. > >>>>>> > >>>>>> The setup is that one nprobe server creates netflows and sends it to > >>>>>> another server where also a nprobe process is collecting the flows > and > >>>>>> providing a zmq endpoint for ntop. ntop also writes them into a > mysql > >>>>>> database (checked manually). > >>>>>> > >>>>>> Yet when I click through the interface and try to display historical > >>>>>> data it says "no results found". > >>>>>> (for example in the host view or when searching for hosts which have > >>>>>> been online yesterday). > >>>>>> > >>>>>> I've used the "-F" flag to save data to mysql. Is there another flag > >>>>>> that I need to tell ntop to read from the database? > >>>>>> > >>>>>> (Ideally I would let multiple nrpobes write to that DB and ntop only > >>>>>> read from it). > >>>>>> > >>>>>> > >>>>>> Cheers > >>>>>> > >>>>>> Robert > >>>>>> > >>>>>> P.S.: > >>>>>> I've read the articles > >>>>>> (http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng/ > ) > >>>>>> about this. > >>>>>> _______________________________________________ > >>>>>> Ntop mailing list > >>>>>> [email protected] > >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> Ntop mailing list > >>>>> [email protected] > >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop > >>>>> > >>>> > >>>> _______________________________________________ > >>>> Ntop mailing list > >>>> [email protected] > >>>> http://listgateway.unipi.it/mailman/listinfo/ntop > >>>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> Ntop mailing list > >>> [email protected] > >>> http://listgateway.unipi.it/mailman/listinfo/ntop > >>> > >> > >> _______________________________________________ > >> Ntop mailing list > >> [email protected] > >> http://listgateway.unipi.it/mailman/listinfo/ntop > >> > > > > > > > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
