Hi Roberto,
As suggested to Mathias, can you add the option -b=2 to nProbe and -v=5
to ntopng and send us the log please?
We must understand if flows exported by the collector are correctly seen
by nProbe or if the problem is in the communication between ntopng and
nProbe.
Regards,
Emanuele
On 04/11/2017 07:57 PM, Roberto Alvarado wrote:
Update to:
ntopng
Version 2.5.170411 - Pro Small Business Edition
Built on Debian GNU/Linux 8.2 (jessie)
nDPI 1.8.0-dev-764-3a8c2d0
nprobe
Welcome to nProbe v.7.5.170411 (r5727) for x86_64-unknown-linux-gnu
with native PF_RING acceleration.
Copyright 2002-17 ntop.org
Build OS: Debian GNU/Linux 8.2 (jessie)
GIT rev: dev:fef5155c607c28377760e764dafa9f54a462458a:20170411
Edition: nProbe Standard
And the problem persist, as Mathias Henze, after upgrade ntop to 2.5 version,
now no traffic is registered.
Regards
Roberto
On Apr 10, 2017, at 09:36, Roberto Alvarado <[email protected]> wrote:
Hi Emanuele,
Thanks for your reply, after upgrade my install to the devel version and remove
the data directory and the mysql tables, now ntopng don't shows traffic :(
Now in nprobe, I need to specify the flow version?
nprobe start log:
10/Apr/2017 09:22:02 [nprobe.c:3615] Valid nProbe license found
10/Apr/2017 09:22:02 [nprobe.c:5489] WARNING: The output interfaceId is set to
0: did you forget to use -Q perhaps ?
10/Apr/2017 09:22:02 [nprobe.c:5492] WARNING: The input interfaceId is set to
0: did you forget to use -u perhaps ?
10/Apr/2017 09:22:02 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 ($Revision:
5721 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
10/Apr/2017 09:22:02 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 (jessie)
10/Apr/2017 09:22:02 [nprobe.c:5612] [LICENSE] nProbe SystemId:
10/Apr/2017 09:22:02 [nprobe.c:5726] Sample rate [packet: 1][flow: 1]
10/Apr/2017 09:22:02 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for
x86_64-unknown-linux-gnu
10/Apr/2017 09:22:02 [nprobe.c:7046] WARNING: Adding %EXPORTER_IPV4_ADDRESS to
the template as nProbe is working as collector
10/Apr/2017 09:22:02 [plugin.c:1068] 0 plugin(s) enabled
10/Apr/2017 09:22:02 [nprobe.c:7575] Non IPv4/v6 traffic is discarded according
to the template
10/Apr/2017 09:22:02 [util.c:430] GeoIP: loaded AS config file
/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
10/Apr/2017 09:22:02 [util.c:441] GeoIP: loaded AS IPv6 config file
/usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
10/Apr/2017 09:22:02 [nprobe.c:8224] IPv6 traffic will NOT be
exported/accounted by this probe
10/Apr/2017 09:22:02 [nprobe.c:8225] due to configuration options (e.g. use
NetFlow v9)
10/Apr/2017 09:22:02 [nprobe.c:8226] Please use -V to set the version to other
than NetFlow V5
10/Apr/2017 09:22:02 [nprobe.c:8379] Not capturing packet from interface
(collector mode)
10/Apr/2017 09:22:02 [util.c:4127] Initializing ZMQ as server
10/Apr/2017 09:22:02 [util.c:4170] Succesfully created ZMQ endpoint
tcp://127.0.0.1:5556
10/Apr/2017 09:22:02 [util.c:3216] nProbe changed user to 'nobody'
10/Apr/2017 09:22:02 [collect.c:143] Flow collector listening on port 2055
(IPv4/v6)
10/Apr/2017 09:22:02 [nprobe.c:8605] nProbe started successfully
Ok, the same but with -V 9 for netflowv9 and ipfix:
10/Apr/2017 09:26:26 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 ($Revision:
5721 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
10/Apr/2017 09:26:26 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 (jessie)
10/Apr/2017 09:26:26 [nprobe.c:5612] [LICENSE] nProbe SystemId:
10/Apr/2017 09:26:26 [nprobe.c:5726] Sample rate [packet: 1][flow: 1]
10/Apr/2017 09:26:26 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for
x86_64-unknown-linux-gnu
10/Apr/2017 09:26:26 [nprobe.c:7118] You selected v9/IPFIX without specifying a
template (-T).
10/Apr/2017 09:26:26 [nprobe.c:7119] The default template will be used
10/Apr/2017 09:26:26 [nprobe.c:7124] Using NetFlow Packet Payload Len: 1472
10/Apr/2017 09:26:26 [nprobe.c:7046] WARNING: Adding %EXPORTER_IPV4_ADDRESS to
the template as nProbe is working as collector
10/Apr/2017 09:26:26 [plugin.c:1068] 0 plugin(s) enabled
10/Apr/2017 09:26:26 [nprobe.c:7545] Each flow is 105 bytes long
10/Apr/2017 09:26:26 [nprobe.c:7546] The # flows per packet has been set to 13
10/Apr/2017 09:26:26 [nprobe.c:7549] IP TOS is accounted
10/Apr/2017 09:26:26 [nprobe.c:7575] Non IPv4/v6 traffic is discarded according
to the template
10/Apr/2017 09:26:26 [util.c:430] GeoIP: loaded AS config file
/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
10/Apr/2017 09:26:26 [util.c:441] GeoIP: loaded AS IPv6 config file
/usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
10/Apr/2017 09:26:26 [nprobe.c:8379] Not capturing packet from interface
(collector mode)
10/Apr/2017 09:26:26 [util.c:4127] Initializing ZMQ as server
10/Apr/2017 09:26:26 [util.c:4170] Succesfully created ZMQ endpoint
tcp://127.0.0.1:5556
10/Apr/2017 09:26:26 [util.c:3216] nProbe changed user to 'nobody'
10/Apr/2017 09:26:26 [collect.c:143] Flow collector listening on port 2055
(IPv4/v6)
10/Apr/2017 09:26:26 [nprobe.c:8605] nProbe started successfully
ntopng dashboard… nothing:
https://i.dmtinc.cl/image/4uv
Version 2.5.170410 - Pro Small Business Edition
Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 bit
Startup Line ntopng --pid "/var/tmp/ntopng.pid" --daemon "" --interface "tcp://127.0.0.1:5556" --data-dir
"/data/ntopng" --http-port "3000" --max-num-hosts "300000" --local-networks "138.xxx.xx.0/xx" --dump-flows
"mysql;localhost;ntop;flows;ntop;xxxxx"
Last Log Trace 10/Apr/2017 09:27:37 [MySQLDB.cpp:622] Successfully connected
to MySQL [localhost:ntop] for interface tcp://127.0.0.1:5556
10/Apr/2017 09:27:37 [MySQLDB.cpp:582] Attempting to connect to MySQL for
interface tcp://127.0.0.1:5556...
10/Apr/2017 09:27:37 [NetworkInterface.cpp:1931] Started packet polling on
interface tcp://127.0.0.1:5556 [id: 0]...
10/Apr/2017 09:27:37 [AddressTree.cpp:171] [AddressTree] 138.xxx.xxx.0/xxx
10/Apr/2017 09:27:37 [Ntop.cpp:614] Local Networks
10/Apr/2017 09:27:37 [Ntop.cpp:612] Local Interface Addresses (System Host)
10/Apr/2017 09:27:37 [NtopPro.cpp:300] [LICENSE] Maintenance is available until
Thu Mar 22 12:28:01 2018 [346 days left]
10/Apr/2017 09:27:37 [NtopPro.cpp:279] [LICENSE] ntopng license: xxxxxx
10/Apr/2017 09:27:37 [NtopPro.cpp:268] [LICENSE] ntopng systemId: xxxxxxxxxxx
10/Apr/2017 09:27:37 [PeriodicActivities.cpp:56] Started periodic activities
loop...
10/Apr/2017 09:27:37 [Ntop.cpp:297] Built on Debian GNU/Linux 8.2 (jessie)
10/Apr/2017 09:27:37 [Ntop.cpp:292] Welcome to ntopng x86_64 v.2.5.170410 - (C)
1998-17 ntop.org
10/Apr/2017 09:27:37 [main.cpp:313] Scripts/HTML pages directory:
/usr/share/ntopng
10/Apr/2017 09:27:37 [main.cpp:311] Working directory: /data/ntopng
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table
flowsv6: changing OUT_BYTES data type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table
flowsv6: changing IN_BYTES data type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table
flowsv4: changing OUT_BYTES data type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table
flowsv4: changing IN_BYTES data type to unsigned int.
10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering table
flowsv6: changing engine from InnoDB to MyISAM.
10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering table
flowsv4: changing engine from InnoDB to MyISAM.
10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering table
flowsv6: renaming BYTES to IN_BYTES and adding OUT_BYTES
10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering table
flowsv4: renaming BYTES to IN_BYTES and adding OUT_BYTES
10/Apr/2017 09:27:34 [MySQLDB.cpp:622] Successfully connected to MySQL
[localhost:ntop] for interface tcp://127.0.0.1:5556
10/Apr/2017 09:27:34 [MySQLDB.cpp:582] Attempting to connect to MySQL for
interface tcp://127.0.0.1:5556...
10/Apr/2017 09:27:34 [HTTPserver.cpp:772] HTTP server listening on port(s) 3000
10/Apr/2017 09:27:34 [HTTPserver.cpp:769] Web server dirs
[/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
10/Apr/2017 09:27:34 [Utils.cpp:368] User changed to nobody
10/Apr/2017 09:27:34 [HTTPserver.cpp:723] Please read
https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable S
nothing on mysql:
MariaDB [ntop]> select count(*) flowsv4;
+---------+
| flowsv4 |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
MariaDB [ntop]> select count(*) flowsv6;
+---------+
| flowsv6 |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
MariaDB [ntop]>
nprobe log on stop:
10/Apr/2017 09:32:04 [nprobe.c:2867] Processed packets: 0 (max bucket search: 0)
10/Apr/2017 09:32:04 [nprobe.c:2850] Fragment queue length: 0
10/Apr/2017 09:32:04 [nprobe.c:2876] Flow export stats: [0 bytes/0 pkts][0
flows/0 pkts sent]
10/Apr/2017 09:32:04 [nprobe.c:2883] Flow collection: [collected pkts:
5277][processed flows: 75120]
10/Apr/2017 09:32:04 [nprobe.c:2886] Flow drop stats: [0 bytes/0 pkts][0
flows]
10/Apr/2017 09:32:04 [nprobe.c:2891] Total flow stats: [0 bytes/0 pkts][0
flows/0 pkts sent]
nprobe config:
-i none
-n none
--daemon-mode
-V 9 (added this option after upgrade)
--no-promisc
--zmq tcp://127.0.0.1:5556
—collector-port 2055
and i dont know what to do now
Regards
Roberto
On Apr 10, 2017, at 04:17, Emanuele Faranda <[email protected]> wrote:
Hi Roberto,
The issue is likely solved in the 2.5 version of ntopng.
Since we are migrating towards the 2.6 release, if you can afford to lose your
current ntopng collected data, I suggest you to install the 2.5 version of
ntopng which, at the current time, should be stable enough for use.
For the update to the 2.5 version, please be sure to:
- flush redis with "redis-cli flushall"
- remove the ntopng data directory "rm -rf /data/ntopng"
- update nprobe too
Regards,
Emanuele
On 04/10/2017 03:23 AM, Roberto Alvarado wrote:
Hi,
I have this problem, when I open a host detail, the first and last seen date
are from 1970:
First / Last Seen 01/01/1970 18:07:04 [47 years, 107 days, 15 hours, 10
min, 44 sec ago] 25/03/1970 03:33:32 [47 years, 25 days, 5 hours, 44 min, 16
sec ago]
Do you know how to fix this???
Debian Jessie
root@mhost:~# date
Fri Apr 7 09:22:13 -03 2017
root@mhost:~#
My config:
ntopng:
Version 2.4.170215 - Pro Small Business Edition
Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 bit
Startup Line ntopng —pid “/var/tmp/ntopng.pid" --daemon "" --interface "tcp://127.0.0.1:5556" --data-dir
"/data/ntopng" --http-port "3000" --local-networks "138.xxx.xxxx.0/22" --dump-flows
"mysql;localhost;ntop;flows;ntop;xxxxxxx"
nprobe:
-i none
-n none
--daemon-mode
--num-threads 1
--no-promisc
--zmq tcp://127.0.0.1:5556
--collector-port 2055
Thanks!
Regards
Robertp
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
