Hi Andreas,
> On 28 Jun 2019, at 10:50, Andreas Brück <andreas.bru...@its.h-brs.de> wrote: > > Hello everybody, > > i have build up a virtual test environment to get familiar with flow > monitoring. I installed ntop on a server and nprobe on a gateway (provides > access to the internet). I hoped that nprobe is collecting all the > traffic/flows and send it to the ntop server. But it does not work work me. I > don't see any flows if i check it on the ntop web gui. Both machines could > ping each other and no firewall is between them. > > I used the following configuration: > > Ntop-server (ip-address: 194.95.66.100, interface: enp0s8): > > - ntopng -i enp0s8 -i tcp://8.8.8.1:5556 > > Gateway (ip-address: 8.8.8.1, interface: enp0s8): > > - nprobe --zmq tcp://8.8.8.1:5556 -i enp0s8 -n none -T @NTOPNG@ > > I think it could just be something related to the address of the ZMQ endpoint. Check if ntopng can connect to address 8.8.8.1 port 5556 and also check if nprobe can bind to address 8.8.8.1 port 5556 on the machine where it's running. Just look at the output of both software and you'll see if there are errors. If ntopng and nprobe are communicating successfully you should see increasing counters for flows and updates, in the interface details page in the ntopng UI. Note that you can also use nprobe in the so-called --zmq-probe-mode if necessary. Have a look at https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/ <https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/> > If i check the sockets with "ss" there is a established zmq connection listed > between this to server. I also can choose the interface "tcp://8.8.8.1:5556" > in the ntop web gui. But no traffic will be reported to ntop. I generated > traffic with iperf, which comes from a third server. This traffic transited > the gateway interface enp0s8 with the ip address 8.8.8.1. > > It is possible that i missundertood the function of nprobe? Can i use only > nprobe instead of sflow to collect flows or it is necessary to combine them? > I hope anyone could help me. Thank you very much in advance. > > Regard, > > Andreas > <https://dict.leo.org/german-english/misunderstood> > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
