Art for talking to ntopng you need something different nprobe -V 9 -i ens18 --collector 127.0.0.1:2055 <http://127.0.0.1:2055/> --zmq tcp://127.0.0.1:1234 <tcp://127.0.0.1:1234>
(note that if you just need to send flows to ntopng without exporting them to the collector running at http://127.0.0.1:2055 <http://127.0.0.1:2055/>, please do nprobe -i ens18 --zmq tcp://127.0.0.1:1234 <tcp://127.0.0.1:1234>) and ntopng -i tcp://127.0.0.1:1234 <tcp://127.0.0.1:1234> Regards Luca > On 5 Jan 2018, at 23:45, Art Stephens <[email protected]> wrote: > > I am so confused - this is not making sence to me. > > I started /usr/local/bin/nprobe -V 9 -i ens18 --collector 127.0.0.1:2055 > <http://127.0.0.1:2055/> > on exit it says > 05/Jan/2018 14:37:19 [nprobe.c:3061] Flow export stats: [33989323 bytes/35440 > pkts][1934 flows/155 pkts sent] > 05/Jan/2018 14:37:19 [nprobe.c:3071] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 05/Jan/2018 14:37:19 [nprobe.c:3076] Total flow stats: [33989323 bytes/35440 > pkts][1934 flows/155 pkts sent] > > but there is nothing in ntopng but what is coming from the network that the > physical interface is on. > > > > On Fri, Jan 5, 2018 at 12:42 AM, Simone Mainardi <[email protected] > <mailto:[email protected]>> wrote: > Art, > > It looks like there's a systemctl command that is trying to stop a running > nprobe instance (see pid 13045), while you are also running nprobe from the > command line (see pid 12778). Make sure all the nprobe processes are stopped > (possibly terminate them manually) and then try to re-start them from the > nBox instance. > > > Simone > >> On 5 Jan 2018, at 02:26, Art Stephens <[email protected] >> <mailto:[email protected]>> wrote: >> >> when starting nprobe from ntop applications the status light turns green >> then red >> >> when run ps aux | grep nprobe right after issuing sudo service nprobe start >> >> nobody 12778 14.1 0.3 343712 14740 ? Ssl 17:09 0:00 >> /usr/local/bin/nprobe /run/nprobe.conf >> root 13045 0.0 0.0 26168 1340 ? S 17:09 0:00 systemctl >> stop nprobe.service >> >> I can run from console which will start but I get >> sudo /usr/local/bin/nprobe /run/nprobe-ens18.conf >> 04/Jan/2018 17:19:31 [plugin.c:187] No plugins found in ./plugins >> 04/Jan/2018 17:19:31 [plugin.c:195] Loading 23 plugins [.so] from >> /usr/local/lib/nprobe/plugins >> 04/Jan/2018 17:19:31 [nprobe.c:3784] ERROR: Invalid nProbe license >> (/etc/nprobe.license) [Missing license file] >> 04/Jan/2018 17:19:31 [nprobe.c:3791] ERROR: >> ***************************************************** >> 04/Jan/2018 17:19:31 [nprobe.c:3792] ERROR: ** >> ** >> 04/Jan/2018 17:19:31 [nprobe.c:3793] ERROR: ** Switching to DEMO MODE >> (missing valid license) ** >> 04/Jan/2018 17:19:31 [nprobe.c:3794] ERROR: ** >> ** >> 04/Jan/2018 17:19:31 [nprobe.c:3795] ERROR: ** Purchase your nProbe license >> at ** >> 04/Jan/2018 17:19:31 [nprobe.c:3796] ERROR: ** https://shop.ntop.org/ >> <https://shop.ntop.org/> ** >> 04/Jan/2018 17:19:31 [nprobe.c:3797] ERROR: ** >> ** >> 04/Jan/2018 17:19:31 [nprobe.c:3798] ERROR: >> ***************************************************** >> 04/Jan/2018 17:19:31 [nprobe.c:4809] WARNING: If you want to preserve the -M >> value, please specify -w before -M >> 04/Jan/2018 17:19:31 [nprobe.c:4727] WARNING: Unable to parse sampling >> option: discarded >> 04/Jan/2018 17:19:31 [nprobe.c:5755] WARNING: The output interfaceId is set >> to 0: did you forget to use -Q perhaps ? >> 04/Jan/2018 17:19:31 [nprobe.c:5758] WARNING: The input interfaceId is set >> to 0: did you forget to use -u perhaps ? >> 04/Jan/2018 17:19:31 [nprobe.c:5859] Welcome to nProbe v.8.2.171206 >> ($Revision: 5975 $) for x86_64-pc-linux-gnu with native PF_RING acceleration >> 04/Jan/2018 17:19:31 [nprobe.c:5869] Running on Ubuntu 16.04.3 LTS >> 04/Jan/2018 17:19:31 [nprobe.c:5880] [LICENSE] nProbe SystemId: >> 9FB0563B0C001090 >> 04/Jan/2018 17:19:31 [nprobe.c:5993] Sample rate [packet: 1][flow >> collection/export: 1/1] >> 04/Jan/2018 17:19:31 [nprobe.c:8432] ERROR: >> *************************************************************** >> 04/Jan/2018 17:19:31 [nprobe.c:8433] ERROR: * NOTE: This is a DEMO version >> limited to 25000 flows export. * >> 04/Jan/2018 17:19:31 [nprobe.c:8434] ERROR: >> *************************************************************** >> 04/Jan/2018 17:19:31 [nprobe.c:8440] Welcome to nProbe v.8.2.171206 for >> x86_64-pc-linux-gnu >> 04/Jan/2018 17:19:31 [nprobe.c:7462] You selected v9/IPFIX without >> specifying a template (-T). >> 04/Jan/2018 17:19:31 [nprobe.c:7463] The default template will be used >> 04/Jan/2018 17:19:31 [nprobe.c:7468] Using NetFlow Packet Payload Len: 1472 >> 04/Jan/2018 17:19:31 [plugin.c:1155] 0 plugin(s) enabled >> 04/Jan/2018 17:19:31 [nprobe.c:7907] Each flow is 89 bytes long >> 04/Jan/2018 17:19:31 [nprobe.c:7908] The # flows per packet has been set to >> 15 >> 04/Jan/2018 17:19:31 [nprobe.c:7911] IP TOS is accounted >> 04/Jan/2018 17:19:31 [nprobe.c:7937] Non IPv4/v6 traffic is discarded >> according to the template >> 04/Jan/2018 17:19:31 [util.c:440] GeoIP: loaded AS config file >> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat >> 04/Jan/2018 17:19:31 [util.c:451] GeoIP: loaded AS IPv6 config file >> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat >> 04/Jan/2018 17:19:31 [nprobe.c:6487] Using packet capture length 128 >> 04/Jan/2018 17:19:31 [pro/pf_ring.c:356] Initializing PF_RING socket on >> device ens18.. >> 04/Jan/2018 17:19:31 [pro/pf_ring.c:398] Dumping traffic statistics on >> /proc/net/pf_ring/stats/17022-ens18.15 >> 04/Jan/2018 17:19:31 [pro/pf_ring.c:463] PF_RING enabled on ens18 >> 04/Jan/2018 17:19:31 [util.c:3591] nProbe changed user to 'nobody' >> 04/Jan/2018 17:19:31 [nprobe.c:8989] nProbe started successfully >> 04/Jan/2018 17:19:32 [nprobe.c:3024] WARNING: Unable to create file >> /var/log/nprobe/ens18-0_flows_stats.txt >> 04/Jan/2018 17:20:32 [nprobe.c:3024] WARNING: Unable to create file >> /var/log/nprobe/ens18-0_flows_stats.txt >> >> but none of the netflow v9 flows directed at the interface from my BGP >> router show up. >> >> ntop nBox 2.4 >> Linux kernel 4.4.0-87-generic x86_64 >> 2x Common KVM processor >> CPU 0 0 1 2 3 >> CPU 1 4 5 6 7 >> 1x Red Hat, Inc Virtio network device >> >> ntopng Version 3.2.171206 - Community Edition >> Built on Ubuntu 16.04.3 LTS >> >> sudo nprobe -v >> Welcome to nProbe v.8.2.171206 (r5975) for x86_64-pc-linux-gnu >> with native PF_RING acceleration. >> Copyright 2002-17 ntop.org <http://ntop.org/> >> >> sudo iptables -L >> Chain INPUT (policy ACCEPT) >> target prot opt source destination >> >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination >> >> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination >> >> Thanks >> -- >> Arthur Stephens >> Senior Network Administrator >> Ptera Inc. >> PO Box 135 >> 24001 E Mission Suite 50 >> Liberty Lake, WA 99019 >> 509-927-7837 <tel:(509)%20927-7837> >> ptera.com <http://ptera.com/> | >> facebook.com/PteraInc <http://facebook.com/PteraInc> | twitter.com/Ptera >> <http://twitter.com/Ptera> >> ----------------------------------------------------------------------------- >> >> "This message may contain confidential and/or propriety information, and is >> intended for the person/entity to whom it was originally addressed. >> Any use by others is strictly prohibited. Please note that any views or >> opinions presented in this email are solely those of the author and are not >> intended to represent those of the company." >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > > > -- > Arthur Stephens > Senior Network Administrator > Ptera Inc. > PO Box 135 > 24001 E Mission Suite 50 > Liberty Lake, WA 99019 > 509-927-7837 > ptera.com <http://ptera.com/> | > facebook.com/PteraInc <http://facebook.com/PteraInc> | twitter.com/Ptera > <http://twitter.com/Ptera> > ----------------------------------------------------------------------------- > "This message may contain confidential and/or propriety information, and is > intended for the person/entity to whom it was originally addressed. > Any use by others is strictly prohibited. Please note that any views or > opinions presented in this email are solely those of the author and are not > intended to represent those of the company." > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
