Update to: ntopng
Version 2.5.170411 - Pro Small Business Edition Built on Debian GNU/Linux 8.2 (jessie) nDPI 1.8.0-dev-764-3a8c2d0 nprobe Welcome to nProbe v.7.5.170411 (r5727) for x86_64-unknown-linux-gnu with native PF_RING acceleration. Copyright 2002-17 ntop.org Build OS: Debian GNU/Linux 8.2 (jessie) GIT rev: dev:fef5155c607c28377760e764dafa9f54a462458a:20170411 Edition: nProbe Standard And the problem persist, as Mathias Henze, after upgrade ntop to 2.5 version, now no traffic is registered. Regards Roberto > On Apr 10, 2017, at 09:36, Roberto Alvarado <[email protected]> wrote: > > Hi Emanuele, > > Thanks for your reply, after upgrade my install to the devel version and > remove the data directory and the mysql tables, now ntopng don't shows > traffic :( > > Now in nprobe, I need to specify the flow version? > > nprobe start log: > > 10/Apr/2017 09:22:02 [nprobe.c:3615] Valid nProbe license found > 10/Apr/2017 09:22:02 [nprobe.c:5489] WARNING: The output interfaceId is set > to 0: did you forget to use -Q perhaps ? > 10/Apr/2017 09:22:02 [nprobe.c:5492] WARNING: The input interfaceId is set to > 0: did you forget to use -u perhaps ? > 10/Apr/2017 09:22:02 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 > ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING > acceleration > 10/Apr/2017 09:22:02 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 (jessie) > 10/Apr/2017 09:22:02 [nprobe.c:5612] [LICENSE] nProbe SystemId: > 10/Apr/2017 09:22:02 [nprobe.c:5726] Sample rate [packet: 1][flow: 1] > 10/Apr/2017 09:22:02 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for > x86_64-unknown-linux-gnu > 10/Apr/2017 09:22:02 [nprobe.c:7046] WARNING: Adding %EXPORTER_IPV4_ADDRESS > to the template as nProbe is working as collector > 10/Apr/2017 09:22:02 [plugin.c:1068] 0 plugin(s) enabled > 10/Apr/2017 09:22:02 [nprobe.c:7575] Non IPv4/v6 traffic is discarded > according to the template > 10/Apr/2017 09:22:02 [util.c:430] GeoIP: loaded AS config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat > 10/Apr/2017 09:22:02 [util.c:441] GeoIP: loaded AS IPv6 config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat > 10/Apr/2017 09:22:02 [nprobe.c:8224] IPv6 traffic will NOT be > exported/accounted by this probe > 10/Apr/2017 09:22:02 [nprobe.c:8225] due to configuration options (e.g. use > NetFlow v9) > 10/Apr/2017 09:22:02 [nprobe.c:8226] Please use -V to set the version to > other than NetFlow V5 > 10/Apr/2017 09:22:02 [nprobe.c:8379] Not capturing packet from interface > (collector mode) > 10/Apr/2017 09:22:02 [util.c:4127] Initializing ZMQ as server > 10/Apr/2017 09:22:02 [util.c:4170] Succesfully created ZMQ endpoint > tcp://127.0.0.1:5556 > 10/Apr/2017 09:22:02 [util.c:3216] nProbe changed user to 'nobody' > 10/Apr/2017 09:22:02 [collect.c:143] Flow collector listening on port 2055 > (IPv4/v6) > 10/Apr/2017 09:22:02 [nprobe.c:8605] nProbe started successfully > > Ok, the same but with -V 9 for netflowv9 and ipfix: > > 10/Apr/2017 09:26:26 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 > ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING > acceleration > 10/Apr/2017 09:26:26 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 (jessie) > 10/Apr/2017 09:26:26 [nprobe.c:5612] [LICENSE] nProbe SystemId: > 10/Apr/2017 09:26:26 [nprobe.c:5726] Sample rate [packet: 1][flow: 1] > 10/Apr/2017 09:26:26 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for > x86_64-unknown-linux-gnu > 10/Apr/2017 09:26:26 [nprobe.c:7118] You selected v9/IPFIX without specifying > a template (-T). > 10/Apr/2017 09:26:26 [nprobe.c:7119] The default template will be used > 10/Apr/2017 09:26:26 [nprobe.c:7124] Using NetFlow Packet Payload Len: 1472 > 10/Apr/2017 09:26:26 [nprobe.c:7046] WARNING: Adding %EXPORTER_IPV4_ADDRESS > to the template as nProbe is working as collector > 10/Apr/2017 09:26:26 [plugin.c:1068] 0 plugin(s) enabled > 10/Apr/2017 09:26:26 [nprobe.c:7545] Each flow is 105 bytes long > 10/Apr/2017 09:26:26 [nprobe.c:7546] The # flows per packet has been set to 13 > 10/Apr/2017 09:26:26 [nprobe.c:7549] IP TOS is accounted > 10/Apr/2017 09:26:26 [nprobe.c:7575] Non IPv4/v6 traffic is discarded > according to the template > 10/Apr/2017 09:26:26 [util.c:430] GeoIP: loaded AS config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat > 10/Apr/2017 09:26:26 [util.c:441] GeoIP: loaded AS IPv6 config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat > 10/Apr/2017 09:26:26 [nprobe.c:8379] Not capturing packet from interface > (collector mode) > 10/Apr/2017 09:26:26 [util.c:4127] Initializing ZMQ as server > 10/Apr/2017 09:26:26 [util.c:4170] Succesfully created ZMQ endpoint > tcp://127.0.0.1:5556 > 10/Apr/2017 09:26:26 [util.c:3216] nProbe changed user to 'nobody' > 10/Apr/2017 09:26:26 [collect.c:143] Flow collector listening on port 2055 > (IPv4/v6) > 10/Apr/2017 09:26:26 [nprobe.c:8605] nProbe started successfully > > > ntopng dashboard… nothing: > > https://i.dmtinc.cl/image/4uv > > > Version 2.5.170410 - Pro Small Business Edition > Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 bit > Startup Line ntopng --pid "/var/tmp/ntopng.pid" --daemon "" --interface > "tcp://127.0.0.1:5556" --data-dir "/data/ntopng" --http-port "3000" > --max-num-hosts "300000" --local-networks "138.xxx.xx.0/xx" --dump-flows > "mysql;localhost;ntop;flows;ntop;xxxxx" > Last Log Trace 10/Apr/2017 09:27:37 [MySQLDB.cpp:622] Successfully > connected to MySQL [localhost:ntop] for interface tcp://127.0.0.1:5556 > 10/Apr/2017 09:27:37 [MySQLDB.cpp:582] Attempting to connect to MySQL for > interface tcp://127.0.0.1:5556... > 10/Apr/2017 09:27:37 [NetworkInterface.cpp:1931] Started packet polling on > interface tcp://127.0.0.1:5556 [id: 0]... > 10/Apr/2017 09:27:37 [AddressTree.cpp:171] [AddressTree] 138.xxx.xxx.0/xxx > 10/Apr/2017 09:27:37 [Ntop.cpp:614] Local Networks > 10/Apr/2017 09:27:37 [Ntop.cpp:612] Local Interface Addresses (System Host) > 10/Apr/2017 09:27:37 [NtopPro.cpp:300] [LICENSE] Maintenance is available > until Thu Mar 22 12:28:01 2018 [346 days left] > 10/Apr/2017 09:27:37 [NtopPro.cpp:279] [LICENSE] ntopng license: xxxxxx > 10/Apr/2017 09:27:37 [NtopPro.cpp:268] [LICENSE] ntopng systemId: xxxxxxxxxxx > 10/Apr/2017 09:27:37 [PeriodicActivities.cpp:56] Started periodic activities > loop... > 10/Apr/2017 09:27:37 [Ntop.cpp:297] Built on Debian GNU/Linux 8.2 (jessie) > 10/Apr/2017 09:27:37 [Ntop.cpp:292] Welcome to ntopng x86_64 v.2.5.170410 - > (C) 1998-17 ntop.org > 10/Apr/2017 09:27:37 [main.cpp:313] Scripts/HTML pages directory: > /usr/share/ntopng > 10/Apr/2017 09:27:37 [main.cpp:311] Working directory: /data/ntopng > 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table > flowsv6: changing OUT_BYTES data type to unsigned int. > 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table > flowsv6: changing IN_BYTES data type to unsigned int. > 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table > flowsv4: changing OUT_BYTES data type to unsigned int. > 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table > flowsv4: changing IN_BYTES data type to unsigned int. > 10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering table > flowsv6: changing engine from InnoDB to MyISAM. > 10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering table > flowsv4: changing engine from InnoDB to MyISAM. > 10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering table > flowsv6: renaming BYTES to IN_BYTES and adding OUT_BYTES > 10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering table > flowsv4: renaming BYTES to IN_BYTES and adding OUT_BYTES > 10/Apr/2017 09:27:34 [MySQLDB.cpp:622] Successfully connected to MySQL > [localhost:ntop] for interface tcp://127.0.0.1:5556 > 10/Apr/2017 09:27:34 [MySQLDB.cpp:582] Attempting to connect to MySQL for > interface tcp://127.0.0.1:5556... > 10/Apr/2017 09:27:34 [HTTPserver.cpp:772] HTTP server listening on port(s) > 3000 > 10/Apr/2017 09:27:34 [HTTPserver.cpp:769] Web server dirs > [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] > 10/Apr/2017 09:27:34 [Utils.cpp:368] User changed to nobody > 10/Apr/2017 09:27:34 [HTTPserver.cpp:723] Please read > https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable S > > nothing on mysql: > > MariaDB [ntop]> select count(*) flowsv4; > +---------+ > | flowsv4 | > +---------+ > | 1 | > +---------+ > 1 row in set (0.00 sec) > > MariaDB [ntop]> select count(*) flowsv6; > +---------+ > | flowsv6 | > +---------+ > | 1 | > +---------+ > 1 row in set (0.00 sec) > > MariaDB [ntop]> > > nprobe log on stop: > > 10/Apr/2017 09:32:04 [nprobe.c:2867] Processed packets: 0 (max bucket search: > 0) > 10/Apr/2017 09:32:04 [nprobe.c:2850] Fragment queue length: 0 > 10/Apr/2017 09:32:04 [nprobe.c:2876] Flow export stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 10/Apr/2017 09:32:04 [nprobe.c:2883] Flow collection: [collected pkts: > 5277][processed flows: 75120] > 10/Apr/2017 09:32:04 [nprobe.c:2886] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 10/Apr/2017 09:32:04 [nprobe.c:2891] Total flow stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > > nprobe config: > > -i none > -n none > --daemon-mode > -V 9 (added this option after upgrade) > --no-promisc > --zmq tcp://127.0.0.1:5556 > —collector-port 2055 > > and i dont know what to do now > > Regards > Roberto > > >> On Apr 10, 2017, at 04:17, Emanuele Faranda <[email protected]> wrote: >> >> Hi Roberto, >> >> The issue is likely solved in the 2.5 version of ntopng. >> >> Since we are migrating towards the 2.6 release, if you can afford to lose >> your current ntopng collected data, I suggest you to install the 2.5 version >> of ntopng which, at the current time, should be stable enough for use. >> >> For the update to the 2.5 version, please be sure to: >> >> - flush redis with "redis-cli flushall" >> >> - remove the ntopng data directory "rm -rf /data/ntopng" >> >> - update nprobe too >> >> Regards, >> Emanuele >> >> >> On 04/10/2017 03:23 AM, Roberto Alvarado wrote: >>> Hi, >>> >>> I have this problem, when I open a host detail, the first and last seen >>> date are from 1970: >>> >>> First / Last Seen 01/01/1970 18:07:04 [47 years, 107 days, 15 hours, 10 >>> min, 44 sec ago] 25/03/1970 03:33:32 [47 years, 25 days, 5 hours, 44 min, >>> 16 sec ago] >>> >>> >>> Do you know how to fix this??? >>> >>> Debian Jessie >>> >>> root@mhost:~# date >>> Fri Apr 7 09:22:13 -03 2017 >>> root@mhost:~# >>> >>> My config: >>> >>> ntopng: >>> >>> >>> Version 2.4.170215 - Pro Small Business Edition >>> Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 bit >>> Startup Line ntopng —pid “/var/tmp/ntopng.pid" --daemon "" >>> --interface "tcp://127.0.0.1:5556" --data-dir "/data/ntopng" --http-port >>> "3000" --local-networks "138.xxx.xxxx.0/22" --dump-flows >>> "mysql;localhost;ntop;flows;ntop;xxxxxxx" >>> >>> nprobe: >>> >>> -i none >>> -n none >>> --daemon-mode >>> --num-threads 1 >>> --no-promisc >>> --zmq tcp://127.0.0.1:5556 >>> --collector-port 2055 >>> >>> >>> Thanks! >>> >>> Regards >>> Robertp >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
