Roberto, there was an issue that has now been fixed. New packages are being rebuilt. Please, wait an hour and then update and give a feedback.
Thank you, Simone On Wed, Apr 12, 2017 at 12:49 AM, Emanuele Faranda <[email protected]> wrote: > Hi Roberto, > > As suggested to Mathias, can you add the option -b=2 to nProbe and -v=5 to > ntopng and send us the log please? > > We must understand if flows exported by the collector are correctly seen > by nProbe or if the problem is in the communication between ntopng and > nProbe. > > Regards, > Emanuele > > > > On 04/11/2017 07:57 PM, Roberto Alvarado wrote: > >> Update to: >> >> ntopng >> >> Version 2.5.170411 - Pro Small Business Edition >> Built on Debian GNU/Linux 8.2 (jessie) >> nDPI 1.8.0-dev-764-3a8c2d0 >> >> nprobe >> >> Welcome to nProbe v.7.5.170411 (r5727) for x86_64-unknown-linux-gnu >> with native PF_RING acceleration. >> Copyright 2002-17 ntop.org >> >> Build OS: Debian GNU/Linux 8.2 (jessie) >> GIT rev: dev:fef5155c607c28377760e764dafa9f54a462458a:20170411 >> Edition: nProbe Standard >> >> >> And the problem persist, as Mathias Henze, after upgrade ntop to 2.5 >> version, now no traffic is registered. >> >> Regards >> Roberto >> >> >> On Apr 10, 2017, at 09:36, Roberto Alvarado <[email protected]> wrote: >>> >>> Hi Emanuele, >>> >>> Thanks for your reply, after upgrade my install to the devel version and >>> remove the data directory and the mysql tables, now ntopng don't shows >>> traffic :( >>> >>> Now in nprobe, I need to specify the flow version? >>> >>> nprobe start log: >>> >>> 10/Apr/2017 09:22:02 [nprobe.c:3615] Valid nProbe license found >>> 10/Apr/2017 09:22:02 [nprobe.c:5489] WARNING: The output interfaceId is >>> set to 0: did you forget to use -Q perhaps ? >>> 10/Apr/2017 09:22:02 [nprobe.c:5492] WARNING: The input interfaceId is >>> set to 0: did you forget to use -u perhaps ? >>> 10/Apr/2017 09:22:02 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 >>> ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING >>> acceleration >>> 10/Apr/2017 09:22:02 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 >>> (jessie) >>> 10/Apr/2017 09:22:02 [nprobe.c:5612] [LICENSE] nProbe SystemId: >>> 10/Apr/2017 09:22:02 [nprobe.c:5726] Sample rate [packet: 1][flow: 1] >>> 10/Apr/2017 09:22:02 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for >>> x86_64-unknown-linux-gnu >>> 10/Apr/2017 09:22:02 [nprobe.c:7046] WARNING: Adding >>> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector >>> 10/Apr/2017 09:22:02 [plugin.c:1068] 0 plugin(s) enabled >>> 10/Apr/2017 09:22:02 [nprobe.c:7575] Non IPv4/v6 traffic is discarded >>> according to the template >>> 10/Apr/2017 09:22:02 [util.c:430] GeoIP: loaded AS config file >>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat >>> 10/Apr/2017 09:22:02 [util.c:441] GeoIP: loaded AS IPv6 config file >>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat >>> 10/Apr/2017 09:22:02 [nprobe.c:8224] IPv6 traffic will NOT be >>> exported/accounted by this probe >>> 10/Apr/2017 09:22:02 [nprobe.c:8225] due to configuration options (e.g. >>> use NetFlow v9) >>> 10/Apr/2017 09:22:02 [nprobe.c:8226] Please use -V to set the version to >>> other than NetFlow V5 >>> 10/Apr/2017 09:22:02 [nprobe.c:8379] Not capturing packet from interface >>> (collector mode) >>> 10/Apr/2017 09:22:02 [util.c:4127] Initializing ZMQ as server >>> 10/Apr/2017 09:22:02 [util.c:4170] Succesfully created ZMQ endpoint >>> tcp://127.0.0.1:5556 >>> 10/Apr/2017 09:22:02 [util.c:3216] nProbe changed user to 'nobody' >>> 10/Apr/2017 09:22:02 [collect.c:143] Flow collector listening on port >>> 2055 (IPv4/v6) >>> 10/Apr/2017 09:22:02 [nprobe.c:8605] nProbe started successfully >>> >>> Ok, the same but with -V 9 for netflowv9 and ipfix: >>> >>> 10/Apr/2017 09:26:26 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 >>> ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING >>> acceleration >>> 10/Apr/2017 09:26:26 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 >>> (jessie) >>> 10/Apr/2017 09:26:26 [nprobe.c:5612] [LICENSE] nProbe SystemId: >>> 10/Apr/2017 09:26:26 [nprobe.c:5726] Sample rate [packet: 1][flow: 1] >>> 10/Apr/2017 09:26:26 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for >>> x86_64-unknown-linux-gnu >>> 10/Apr/2017 09:26:26 [nprobe.c:7118] You selected v9/IPFIX without >>> specifying a template (-T). >>> 10/Apr/2017 09:26:26 [nprobe.c:7119] The default template will be used >>> 10/Apr/2017 09:26:26 [nprobe.c:7124] Using NetFlow Packet Payload Len: >>> 1472 >>> 10/Apr/2017 09:26:26 [nprobe.c:7046] WARNING: Adding >>> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector >>> 10/Apr/2017 09:26:26 [plugin.c:1068] 0 plugin(s) enabled >>> 10/Apr/2017 09:26:26 [nprobe.c:7545] Each flow is 105 bytes long >>> 10/Apr/2017 09:26:26 [nprobe.c:7546] The # flows per packet has been set >>> to 13 >>> 10/Apr/2017 09:26:26 [nprobe.c:7549] IP TOS is accounted >>> 10/Apr/2017 09:26:26 [nprobe.c:7575] Non IPv4/v6 traffic is discarded >>> according to the template >>> 10/Apr/2017 09:26:26 [util.c:430] GeoIP: loaded AS config file >>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat >>> 10/Apr/2017 09:26:26 [util.c:441] GeoIP: loaded AS IPv6 config file >>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat >>> 10/Apr/2017 09:26:26 [nprobe.c:8379] Not capturing packet from interface >>> (collector mode) >>> 10/Apr/2017 09:26:26 [util.c:4127] Initializing ZMQ as server >>> 10/Apr/2017 09:26:26 [util.c:4170] Succesfully created ZMQ endpoint >>> tcp://127.0.0.1:5556 >>> 10/Apr/2017 09:26:26 [util.c:3216] nProbe changed user to 'nobody' >>> 10/Apr/2017 09:26:26 [collect.c:143] Flow collector listening on port >>> 2055 (IPv4/v6) >>> 10/Apr/2017 09:26:26 [nprobe.c:8605] nProbe started successfully >>> >>> >>> ntopng dashboard… nothing: >>> >>> https://i.dmtinc.cl/image/4uv >>> >>> >>> Version 2.5.170410 - Pro Small Business Edition >>> Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 >>> bit >>> Startup Line ntopng --pid "/var/tmp/ntopng.pid" --daemon "" >>> --interface "tcp://127.0.0.1:5556" --data-dir "/data/ntopng" >>> --http-port "3000" --max-num-hosts "300000" --local-networks >>> "138.xxx.xx.0/xx" --dump-flows "mysql;localhost;ntop;flows;ntop;xxxxx" >>> Last Log Trace 10/Apr/2017 09:27:37 [MySQLDB.cpp:622] Successfully >>> connected to MySQL [localhost:ntop] for interface tcp://127.0.0.1:5556 >>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:582] Attempting to connect to MySQL >>> for interface tcp://127.0.0.1:5556... >>> 10/Apr/2017 09:27:37 [NetworkInterface.cpp:1931] Started packet polling >>> on interface tcp://127.0.0.1:5556 [id: 0]... >>> 10/Apr/2017 09:27:37 [AddressTree.cpp:171] [AddressTree] >>> 138.xxx.xxx.0/xxx >>> 10/Apr/2017 09:27:37 [Ntop.cpp:614] Local Networks >>> 10/Apr/2017 09:27:37 [Ntop.cpp:612] Local Interface Addresses (System >>> Host) >>> 10/Apr/2017 09:27:37 [NtopPro.cpp:300] [LICENSE] Maintenance is >>> available until Thu Mar 22 12:28:01 2018 [346 days left] >>> 10/Apr/2017 09:27:37 [NtopPro.cpp:279] [LICENSE] ntopng license: xxxxxx >>> 10/Apr/2017 09:27:37 [NtopPro.cpp:268] [LICENSE] ntopng systemId: >>> xxxxxxxxxxx >>> 10/Apr/2017 09:27:37 [PeriodicActivities.cpp:56] Started periodic >>> activities loop... >>> 10/Apr/2017 09:27:37 [Ntop.cpp:297] Built on Debian GNU/Linux 8.2 >>> (jessie) >>> 10/Apr/2017 09:27:37 [Ntop.cpp:292] Welcome to ntopng x86_64 >>> v.2.5.170410 - (C) 1998-17 ntop.org >>> 10/Apr/2017 09:27:37 [main.cpp:313] Scripts/HTML pages directory: >>> /usr/share/ntopng >>> 10/Apr/2017 09:27:37 [main.cpp:311] Working directory: /data/ntopng >>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering >>> table flowsv6: changing OUT_BYTES data type to unsigned int. >>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering >>> table flowsv6: changing IN_BYTES data type to unsigned int. >>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering >>> table flowsv4: changing OUT_BYTES data type to unsigned int. >>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering >>> table flowsv4: changing IN_BYTES data type to unsigned int. >>> 10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering >>> table flowsv6: changing engine from InnoDB to MyISAM. >>> 10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering >>> table flowsv4: changing engine from InnoDB to MyISAM. >>> 10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering >>> table flowsv6: renaming BYTES to IN_BYTES and adding OUT_BYTES >>> 10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering >>> table flowsv4: renaming BYTES to IN_BYTES and adding OUT_BYTES >>> 10/Apr/2017 09:27:34 [MySQLDB.cpp:622] Successfully connected to MySQL >>> [localhost:ntop] for interface tcp://127.0.0.1:5556 >>> 10/Apr/2017 09:27:34 [MySQLDB.cpp:582] Attempting to connect to MySQL >>> for interface tcp://127.0.0.1:5556... >>> 10/Apr/2017 09:27:34 [HTTPserver.cpp:772] HTTP server listening on >>> port(s) 3000 >>> 10/Apr/2017 09:27:34 [HTTPserver.cpp:769] Web server dirs >>> [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] >>> 10/Apr/2017 09:27:34 [Utils.cpp:368] User changed to nobody >>> 10/Apr/2017 09:27:34 [HTTPserver.cpp:723] Please read >>> https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to >>> enable S >>> >>> nothing on mysql: >>> >>> MariaDB [ntop]> select count(*) flowsv4; >>> +---------+ >>> | flowsv4 | >>> +---------+ >>> | 1 | >>> +---------+ >>> 1 row in set (0.00 sec) >>> >>> MariaDB [ntop]> select count(*) flowsv6; >>> +---------+ >>> | flowsv6 | >>> +---------+ >>> | 1 | >>> +---------+ >>> 1 row in set (0.00 sec) >>> >>> MariaDB [ntop]> >>> >>> nprobe log on stop: >>> >>> 10/Apr/2017 09:32:04 [nprobe.c:2867] Processed packets: 0 (max bucket >>> search: 0) >>> 10/Apr/2017 09:32:04 [nprobe.c:2850] Fragment queue length: 0 >>> 10/Apr/2017 09:32:04 [nprobe.c:2876] Flow export stats: [0 bytes/0 >>> pkts][0 flows/0 pkts sent] >>> 10/Apr/2017 09:32:04 [nprobe.c:2883] Flow collection: [collected pkts: >>> 5277][processed flows: 75120] >>> 10/Apr/2017 09:32:04 [nprobe.c:2886] Flow drop stats: [0 bytes/0 >>> pkts][0 flows] >>> 10/Apr/2017 09:32:04 [nprobe.c:2891] Total flow stats: [0 bytes/0 >>> pkts][0 flows/0 pkts sent] >>> >>> nprobe config: >>> >>> -i none >>> -n none >>> --daemon-mode >>> -V 9 (added this option after upgrade) >>> --no-promisc >>> --zmq tcp://127.0.0.1:5556 >>> —collector-port 2055 >>> >>> and i dont know what to do now >>> >>> Regards >>> Roberto >>> >>> >>> On Apr 10, 2017, at 04:17, Emanuele Faranda <[email protected]> wrote: >>>> >>>> Hi Roberto, >>>> >>>> The issue is likely solved in the 2.5 version of ntopng. >>>> >>>> Since we are migrating towards the 2.6 release, if you can afford to >>>> lose your current ntopng collected data, I suggest you to install the 2.5 >>>> version of ntopng which, at the current time, should be stable enough for >>>> use. >>>> >>>> For the update to the 2.5 version, please be sure to: >>>> >>>> - flush redis with "redis-cli flushall" >>>> >>>> - remove the ntopng data directory "rm -rf /data/ntopng" >>>> >>>> - update nprobe too >>>> >>>> Regards, >>>> Emanuele >>>> >>>> >>>> On 04/10/2017 03:23 AM, Roberto Alvarado wrote: >>>> >>>>> Hi, >>>>> >>>>> I have this problem, when I open a host detail, the first and last >>>>> seen date are from 1970: >>>>> >>>>> First / Last Seen 01/01/1970 18:07:04 [47 years, 107 days, 15 >>>>> hours, 10 min, 44 sec ago] 25/03/1970 03:33:32 [47 years, 25 days, 5 >>>>> hours, 44 min, 16 sec ago] >>>>> >>>>> >>>>> Do you know how to fix this??? >>>>> >>>>> Debian Jessie >>>>> >>>>> root@mhost:~# date >>>>> Fri Apr 7 09:22:13 -03 2017 >>>>> root@mhost:~# >>>>> >>>>> My config: >>>>> >>>>> ntopng: >>>>> >>>>> >>>>> Version 2.4.170215 - Pro Small Business Edition >>>>> Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - >>>>> 64 bit >>>>> Startup Line ntopng —pid “/var/tmp/ntopng.pid" --daemon "" >>>>> --interface "tcp://127.0.0.1:5556" --data-dir "/data/ntopng" >>>>> --http-port "3000" --local-networks "138.xxx.xxxx.0/22" --dump-flows >>>>> "mysql;localhost;ntop;flows;ntop;xxxxxxx" >>>>> >>>>> nprobe: >>>>> >>>>> -i none >>>>> -n none >>>>> --daemon-mode >>>>> --num-threads 1 >>>>> --no-promisc >>>>> --zmq tcp://127.0.0.1:5556 >>>>> --collector-port 2055 >>>>> >>>>> >>>>> Thanks! >>>>> >>>>> Regards >>>>> Robertp >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
