On Apr 12, 2017, at 08:33, Simone Mainardi <[email protected]
<mailto:[email protected]>> wrote:
Roberto, there was an issue that has now been fixed.
New packages are being rebuilt. Please, wait an hour and then update
and give a feedback.
Thank you,
Simone
On Wed, Apr 12, 2017 at 12:49 AM, Emanuele Faranda <[email protected]
<mailto:[email protected]>> wrote:
Hi Roberto,
As suggested to Mathias, can you add the option -b=2 to nProbe
and -v=5 to ntopng and send us the log please?
We must understand if flows exported by the collector are
correctly seen by nProbe or if the problem is in the
communication between ntopng and nProbe.
Regards,
Emanuele
On 04/11/2017 07:57 PM, Roberto Alvarado wrote:
Update to:
ntopng
Version 2.5.170411 - Pro Small Business Edition
Built on Debian GNU/Linux 8.2 (jessie)
nDPI 1.8.0-dev-764-3a8c2d0
nprobe
Welcome to nProbe v.7.5.170411 (r5727) for
x86_64-unknown-linux-gnu
with native PF_RING acceleration.
Copyright 2002-17 ntop.org <http://ntop.org/>
Build OS: Debian GNU/Linux 8.2 (jessie)
GIT rev:
dev:fef5155c607c28377760e764dafa9f54a462458a:20170411
Edition: nProbe Standard
And the problem persist, as Mathias Henze, after upgrade ntop
to 2.5 version, now no traffic is registered.
Regards
Roberto
On Apr 10, 2017, at 09:36, Roberto Alvarado
<[email protected] <mailto:[email protected]>> wrote:
Hi Emanuele,
Thanks for your reply, after upgrade my install to the
devel version and remove the data directory and the mysql
tables, now ntopng don't shows traffic :(
Now in nprobe, I need to specify the flow version?
nprobe start log:
10/Apr/2017 09:22:02 [nprobe.c:3615] Valid nProbe license
found
10/Apr/2017 09:22:02 [nprobe.c:5489] WARNING: The output
interfaceId is set to 0: did you forget to use -Q perhaps ?
10/Apr/2017 09:22:02 [nprobe.c:5492] WARNING: The input
interfaceId is set to 0: did you forget to use -u perhaps ?
10/Apr/2017 09:22:02 [nprobe.c:5591] Welcome to nProbe
v.7.5.170410 ($Revision: 5721 $) for
x86_64-unknown-linux-gnu with native PF_RING acceleration
10/Apr/2017 09:22:02 [nprobe.c:5601] Running on Debian
GNU/Linux 8.2 (jessie)
10/Apr/2017 09:22:02 [nprobe.c:5612] [LICENSE] nProbe
SystemId:
10/Apr/2017 09:22:02 [nprobe.c:5726] Sample rate [packet:
1][flow: 1]
10/Apr/2017 09:22:02 [nprobe.c:8048] Welcome to nProbe
v.7.5.170410 for x86_64-unknown-linux-gnu
10/Apr/2017 09:22:02 [nprobe.c:7046] WARNING: Adding
%EXPORTER_IPV4_ADDRESS to the template as nProbe is
working as collector
10/Apr/2017 09:22:02 [plugin.c:1068] 0 plugin(s) enabled
10/Apr/2017 09:22:02 [nprobe.c:7575] Non IPv4/v6 traffic
is discarded according to the template
10/Apr/2017 09:22:02 [util.c:430] GeoIP: loaded AS config
file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
10/Apr/2017 09:22:02 [util.c:441] GeoIP: loaded AS IPv6
config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
10/Apr/2017 09:22:02 [nprobe.c:8224] IPv6 traffic will
NOT be exported/accounted by this probe
10/Apr/2017 09:22:02 [nprobe.c:8225] due to configuration
options (e.g. use NetFlow v9)
10/Apr/2017 09:22:02 [nprobe.c:8226] Please use -V to set
the version to other than NetFlow V5
10/Apr/2017 09:22:02 [nprobe.c:8379] Not capturing packet
from interface (collector mode)
10/Apr/2017 09:22:02 [util.c:4127] Initializing ZMQ as server
10/Apr/2017 09:22:02 [util.c:4170] Succesfully created
ZMQ endpoint tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>
10/Apr/2017 09:22:02 [util.c:3216] nProbe changed user to
'nobody'
10/Apr/2017 09:22:02 [collect.c:143] Flow collector
listening on port 2055 (IPv4/v6)
10/Apr/2017 09:22:02 [nprobe.c:8605] nProbe started
successfully
Ok, the same but with -V 9 for netflowv9 and ipfix:
10/Apr/2017 09:26:26 [nprobe.c:5591] Welcome to nProbe
v.7.5.170410 ($Revision: 5721 $) for
x86_64-unknown-linux-gnu with native PF_RING acceleration
10/Apr/2017 09:26:26 [nprobe.c:5601] Running on Debian
GNU/Linux 8.2 (jessie)
10/Apr/2017 09:26:26 [nprobe.c:5612] [LICENSE] nProbe
SystemId:
10/Apr/2017 09:26:26 [nprobe.c:5726] Sample rate [packet:
1][flow: 1]
10/Apr/2017 09:26:26 [nprobe.c:8048] Welcome to nProbe
v.7.5.170410 for x86_64-unknown-linux-gnu
10/Apr/2017 09:26:26 [nprobe.c:7118] You selected
v9/IPFIX without specifying a template (-T).
10/Apr/2017 09:26:26 [nprobe.c:7119] The default template
will be used
10/Apr/2017 09:26:26 [nprobe.c:7124] Using NetFlow Packet
Payload Len: 1472
10/Apr/2017 09:26:26 [nprobe.c:7046] WARNING: Adding
%EXPORTER_IPV4_ADDRESS to the template as nProbe is
working as collector
10/Apr/2017 09:26:26 [plugin.c:1068] 0 plugin(s) enabled
10/Apr/2017 09:26:26 [nprobe.c:7545] Each flow is 105
bytes long
10/Apr/2017 09:26:26 [nprobe.c:7546] The # flows per
packet has been set to 13
10/Apr/2017 09:26:26 [nprobe.c:7549] IP TOS is accounted
10/Apr/2017 09:26:26 [nprobe.c:7575] Non IPv4/v6 traffic
is discarded according to the template
10/Apr/2017 09:26:26 [util.c:430] GeoIP: loaded AS config
file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
10/Apr/2017 09:26:26 [util.c:441] GeoIP: loaded AS IPv6
config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
10/Apr/2017 09:26:26 [nprobe.c:8379] Not capturing packet
from interface (collector mode)
10/Apr/2017 09:26:26 [util.c:4127] Initializing ZMQ as server
10/Apr/2017 09:26:26 [util.c:4170] Succesfully created
ZMQ endpoint tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>
10/Apr/2017 09:26:26 [util.c:3216] nProbe changed user to
'nobody'
10/Apr/2017 09:26:26 [collect.c:143] Flow collector
listening on port 2055 (IPv4/v6)
10/Apr/2017 09:26:26 [nprobe.c:8605] nProbe started
successfully
ntopng dashboard… nothing:
https://i.dmtinc.cl/image/4uv
Version 2.5.170410 - Pro Small Business Edition
Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2
(jessie)] - 64 bit
Startup Line ntopng --pid "/var/tmp/ntopng.pid"
--daemon "" --interface "tcp://127.0.0.1:5556
<http://127.0.0.1:5556/>" --data-dir "/data/ntopng"
--http-port "3000" --max-num-hosts "300000"
--local-networks "138.xxx.xx.0/xx" --dump-flows
"mysql;localhost;ntop;flows;ntop;xxxxx"
Last Log Trace 10/Apr/2017 09:27:37 [MySQLDB.cpp:622]
Successfully connected to MySQL [localhost:ntop] for
interface tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>
10/Apr/2017 09:27:37 [MySQLDB.cpp:582] Attempting to
connect to MySQL for interface tcp://127.0.0.1:5556...
10/Apr/2017 09:27:37 [NetworkInterface.cpp:1931] Started
packet polling on interface tcp://127.0.0.1:5556
<http://127.0.0.1:5556/> [id: 0]...
10/Apr/2017 09:27:37 [AddressTree.cpp:171] [AddressTree]
138.xxx.xxx.0/xxx
10/Apr/2017 09:27:37 [Ntop.cpp:614] Local Networks
10/Apr/2017 09:27:37 [Ntop.cpp:612] Local Interface
Addresses (System Host)
10/Apr/2017 09:27:37 [NtopPro.cpp:300] [LICENSE]
Maintenance is available until Thu Mar 22 12:28:01 2018
[346 days left]
10/Apr/2017 09:27:37 [NtopPro.cpp:279] [LICENSE] ntopng
license: xxxxxx
10/Apr/2017 09:27:37 [NtopPro.cpp:268] [LICENSE] ntopng
systemId: xxxxxxxxxxx
10/Apr/2017 09:27:37 [PeriodicActivities.cpp:56] Started
periodic activities loop...
10/Apr/2017 09:27:37 [Ntop.cpp:297] Built on Debian
GNU/Linux 8.2 (jessie)
10/Apr/2017 09:27:37 [Ntop.cpp:292] Welcome to ntopng
x86_64 v.2.5.170410 - (C) 1998-17 ntop.org <http://ntop.org/>
10/Apr/2017 09:27:37 [main.cpp:313] Scripts/HTML pages
directory: /usr/share/ntopng
10/Apr/2017 09:27:37 [main.cpp:311] Working directory:
/data/ntopng
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema
update. Altering table flowsv6: changing OUT_BYTES data
type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema
update. Altering table flowsv6: changing IN_BYTES data
type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema
update. Altering table flowsv4: changing OUT_BYTES data
type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema
update. Altering table flowsv4: changing IN_BYTES data
type to unsigned int.
10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema
update. Altering table flowsv6: changing engine from
InnoDB to MyISAM.
10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema
update. Altering table flowsv4: changing engine from
InnoDB to MyISAM.
10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema
update. Altering table flowsv6: renaming BYTES to
IN_BYTES and adding OUT_BYTES
10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema
update. Altering table flowsv4: renaming BYTES to
IN_BYTES and adding OUT_BYTES
10/Apr/2017 09:27:34 [MySQLDB.cpp:622] Successfully
connected to MySQL [localhost:ntop] for interface
tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>
10/Apr/2017 09:27:34 [MySQLDB.cpp:582] Attempting to
connect to MySQL for interface tcp://127.0.0.1:5556...
10/Apr/2017 09:27:34 [HTTPserver.cpp:772] HTTP server
listening on port(s) 3000
10/Apr/2017 09:27:34 [HTTPserver.cpp:769] Web server dirs
[/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
10/Apr/2017 09:27:34 [Utils.cpp:368] User changed to nobody
10/Apr/2017 09:27:34 [HTTPserver.cpp:723] Please read
https://github.com/ntop/ntopng/blob/dev/doc/README.SSL
<https://github.com/ntop/ntopng/blob/dev/doc/README.SSL>
if you want to enable S
nothing on mysql:
MariaDB [ntop]> select count(*) flowsv4;
+---------+
| flowsv4 |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
MariaDB [ntop]> select count(*) flowsv6;
+---------+
| flowsv6 |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
MariaDB [ntop]>
nprobe log on stop:
10/Apr/2017 09:32:04 [nprobe.c:2867] Processed packets: 0
(max bucket search: 0)
10/Apr/2017 09:32:04 [nprobe.c:2850] Fragment queue length: 0
10/Apr/2017 09:32:04 [nprobe.c:2876] Flow export stats:
[0 bytes/0 pkts][0 flows/0 pkts sent]
10/Apr/2017 09:32:04 [nprobe.c:2883] Flow collection:
[collected pkts: 5277][processed flows: 75120]
10/Apr/2017 09:32:04 [nprobe.c:2886] Flow drop stats:
[0 bytes/0 pkts][0 flows]
10/Apr/2017 09:32:04 [nprobe.c:2891] Total flow stats:
[0 bytes/0 pkts][0 flows/0 pkts sent]
nprobe config:
-i none
-n none
--daemon-mode
-V 9 (added this option after upgrade)
--no-promisc
--zmq tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>
—collector-port 2055
and i dont know what to do now
Regards
Roberto
On Apr 10, 2017, at 04:17, Emanuele Faranda
<[email protected] <mailto:[email protected]>> wrote:
Hi Roberto,
The issue is likely solved in the 2.5 version of ntopng.
Since we are migrating towards the 2.6 release, if
you can afford to lose your current ntopng collected
data, I suggest you to install the 2.5 version of
ntopng which, at the current time, should be stable
enough for use.
For the update to the 2.5 version, please be sure to:
- flush redis with "redis-cli flushall"
- remove the ntopng data directory "rm -rf /data/ntopng"
- update nprobe too
Regards,
Emanuele
On 04/10/2017 03:23 AM, Roberto Alvarado wrote:
Hi,
I have this problem, when I open a host detail,
the first and last seen date are from 1970:
First / Last Seen 01/01/1970 18:07:04 [47
years, 107 days, 15 hours, 10 min, 44 sec ago]
25/03/1970 03:33:32 [47 years, 25 days, 5 hours,
44 min, 16 sec ago]
Do you know how to fix this???
Debian Jessie
root@mhost:~# date
Fri Apr 7 09:22:13 -03 2017
root@mhost:~#
My config:
ntopng:
Version 2.4.170215 - Pro Small Business Edition
Platform Debian 8.2 [x86_64][Debian
GNU/Linux 8.2 (jessie)] - 64 bit
Startup Line ntopng —pid “/var/tmp/ntopng.pid"
--daemon "" --interface "tcp://127.0.0.1:5556
<http://127.0.0.1:5556/>" --data-dir
"/data/ntopng" --http-port "3000"
--local-networks "138.xxx.xxxx.0/22" --dump-flows
"mysql;localhost;ntop;flows;ntop;xxxxxxx"
nprobe:
-i none
-n none
--daemon-mode
--num-threads 1
--no-promisc
--zmq tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>
--collector-port 2055
Thanks!
Regards
Robertp
_______________________________________________
Ntop mailing list
[email protected]
<mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________
Ntop mailing list
[email protected]
<mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________
Ntop mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________
Ntop mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________
Ntop mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________
Ntop mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
