Hi All, I'm new to using ntopng/nprobe so forgive me if this is a noob issue.
I've configured ntopng (pro license) and nprobe on a raspberry pi 4 to receive netflow traffic from the DD-WRT based router (using sflow). The DD-WRT host points sflow traffic to the nprobe on the rpi on port 2205, and nprobe should collect the flows and forward via zmq to ntopng on the same rpi. However, when I configure the zmq settings for nprobe, it crashes on startup with a SEGV and no error message. I haven't purchased a license for nprobe yet as I want to prove function first. Here are my configs, and the nprobe output to daemon.log: Thanks for the help nprobe.conf ---------------- -i=none -n=none -3=2055 -b=1 --zmq="tcp://127.0.0.1:5556" --zmq-probe-mode -T="@NTOPNG@" ntopng.conf ---------------- -G=/var/run/ntopng.pid -i=tcp://127.0.0.1:5556c -m=192.168.1.0/24 daemon.log [nprobe] ---------------- Jul 3 14:59:51 ntop systemd[1]: nprobe.service: Service RestartSec=5s expired, scheduling restart. Jul 3 14:59:51 ntop systemd[1]: nprobe.service: Scheduled restart job, restart counter is at 73. Jul 3 14:59:51 ntop systemd[1]: Stopped nprobe extensible NetFlow v5/v9/IPFIX probe/collector for IPv4/v6. Jul 3 14:59:51 ntop systemd[1]: Starting nprobe extensible NetFlow v5/v9/IPFIX probe/collector for IPv4/v6... Jul 3 14:59:51 ntop systemd[1]: Started nprobe extensible NetFlow v5/v9/IPFIX probe/collector for IPv4/v6. Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:5054] Reading configuration file /run/nprobe.conf Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [plugin.c:177] No plugins found in ./plugins Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [plugin.c:185] Loading 23 plugins [.so] from /usr/local/lib/nprobe/plugins Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4620] ERROR: Invalid license (/etc/nprobe.license) [Missing license file] Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4627] ERROR: ***************************************************** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4628] ERROR: ** ** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4629] ERROR: ** Switching to DEMO MODE (missing valid license) ** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4630] ERROR: ** ** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4632] ERROR: ** Purchase your license at ** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4633] ERROR: ** https://shop.ntop.org/ ** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4634] ERROR: ** ** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4636] ERROR: ***************************************************** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6677] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ? Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6680] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ? Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6771] Flow cache is disabled in flow collection mode Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6774] Welcome to nProbe v.9.1.200629 ($Revision: 6903 $) for armv7l-unknown-linux-gnueabihf Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6785] Running on Raspbian GNU/Linux 10 (buster) Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6796] [LICENSE] nProbe SystemId: 4491C28A5E6BA0A5 Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6867] Sample rate [packet: 1][flow collection/export: 1/1] Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9734] ERROR: *************************************************************** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9735] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. * Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9736] ERROR: *************************************************************** Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9743] Welcome to nProbe v.9.1.200629 for armv7l-unknown-linux-gnueabihf Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:8557] WARNING: Adding %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:8675] Using NetFlow Packet Payload Len: 1472 Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:8595] @NTOPNG@ expanded to " %IN_SRC_MAC %OUT_DST_MAC %INPUT_SNMP %OUTPUT_SNMP %SRC_VLAN %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %L7_PROTO %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %CLIENT_TCP_FLAGS %SERVER_TCP_FLAGS %EXPORTER_IPV4_ADDRESS" Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:8710] Flow export type: bidirectional flows Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [plugin.c:1171] 0 plugin(s) enabled Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9177] Each flow is 104 bytes long Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9178] The # flows per packet has been set to 13 Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9181] IP TOS is ignored Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:10026] Flows ASs will not be computed (no GeoDB files loaded) Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:10131] Not capturing packet from interface (collector mode) Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [util.c:5117] Initializing ZMQ as client Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [util.c:5190] Exporting flows towards ZMQ endpoint tcp://127.0.0.1:5556 Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [util.c:4114] Enlarged socket buffer [echo 8388608 > /proc/sys/net/core/rmem_max] Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [util.c:4155] nProbe changed user to 'nprobe' Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [collect.c:192] Flow collector listening on port 2055 (IPv4/v6) Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [export.c:540] Using TLV as serialization format Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:10394] nProbe started successfully Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3612] --------------------------------- Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3631] L7 Proto Diff Total Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3645] #011Unknown/0 12.14 KB 12.14 KB Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3664] Flows exports (including drops) [1 flows][avg: 1.0 flows/sec][latest 1 sec avg: 1.0 flows/sec] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3672] Flow drops [export queue full: 0] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3675] Packet drops [too many flow buckets: 0] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3678] Flow Buckets [active: 1][allocated: 1][toBeExported: 0] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3682] Export Queue [current: 0][max: 512000][fill level: 0.0%] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3712] ZMQ Export [1 exporters][1 flows][total avg: 9.97 Kb/sec][236.0 bytes/flow][latest 1 sec avg: 9.97 Kb/sec] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3774] Collector Threads: [1 pkts@0] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3428] Processed packets: 0 (max bucket search: 0) Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3411] Fragment queue length: 0 Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3439] UDP collection stats: [collected pkts: 1][UDP socket drops: 0] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3446] Flow collection stats: [processed: 2][dropped (holes in collected flow sequence): 0] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3452] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3458] Flow export drop stats: [0 bytes/0 pkts][0 flows] Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3463] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] Jul 3 14:59:54 ntop systemd[1]: nprobe.service: Main process exited, code=killed, status=11/SEGV Jul 3 14:59:54 ntop systemd[1]: nprobe.service: Failed with result 'signal'. daemon.log [ntopng] ------------------------------ Jul 3 14:44:04 ntop systemd[1]: Starting ntopng high-speed web-based traffic monitoring and analysis tool... Jul 3 14:44:04 ntop systemd[1]: Started ntopng high-speed web-based traffic monitoring and analysis tool. Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [Ntop.cpp:2254] Setting local networks to 192.168.1.0/24 Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [NtopPro.cpp:299] [LICENSE] Reading license from /etc/ntopng.license Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [NtopPro.cpp:429] [LICENSE] /etc/ntopng.license: found valid Professional Embedded license Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05 [Ntop.cpp:2359] Registered interface tcp://127.0.0.1:5556c [id: 8] Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05 [main.cpp:316] PID stored in file /var/run/ntopng.pid Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05 [Geolocation.cpp:150] Running without geolocation support. Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05 [Geolocation.cpp:151] To enable geolocation follow the instructions at Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05 [Geolocation.cpp:152] https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [HTTPserver.cpp:1498] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [HTTPserver.cpp:1501] HTTP server listening on 3000 Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [Utils.cpp:761] User changed to ntopng Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [main.cpp:386] Working directory: /var/lib/ntopng Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [main.cpp:388] Scripts/HTML pages directory: /usr/share/ntopng Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [Ntop.cpp:455] Welcome to ntopng armv7l v.4.1.200629 - (C) 1998-20 ntop.org Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [Ntop.cpp:465] Built on Raspbian GNU/Linux 10 (buster) Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [NtopPro.cpp:699] [LICENSE] System Id:#[removed] Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [NtopPro.cpp:700] [LICENSE] Edition:#011Professional Embedded Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [NtopPro.cpp:701] [LICENSE] License Type:#011Permanent License [license removed for email] Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [NtopPro.cpp:725] [LICENSE] Maintenance:#011Until Thu Jul 1 12:34:46 2021 [362 days left] Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [PeriodicActivities.cpp:105] Started periodic activities loop... Jul 3 14:44:12 ntop ntopng[21947]: 03/Jul/2020 14:44:12 [PeriodicActivities.cpp:165] Each periodic activity script will use 2 threads Jul 3 14:44:12 ntop ntopng[21947]: 03/Jul/2020 14:44:12 [NetworkInterface.cpp:2358] Started packet polling on interface tcp://127.0.0.1:5556c [id: 8]... Jul 3 14:44:12 ntop ntopng[21947]: 03/Jul/2020 14:44:12 [ZMQCollectorInterface.cpp:255] Collecting flows on tcp://127.0.0.1:5556c Tim Nichols
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
