check with netstat if port 5556 is in "LISTEN" and if ntopng can connect to this host/port (firewall issue?)(if you are running apps on different machine). Yuri ############################################### Yuri Francalacci - [email protected] - http://www.ntop.org "Simplicity is the ultimate sophistication" - Leonardo da Vinci ###############################################
On Dec 20, 2013, at 10:21 AM, Stefano Bianchi wrote: > Yuri, > > please also have a view to nprobe startup > > > 20/Dec/2013 10:13:55 [plugin.c:161] No plugins found in ./plugins > 20/Dec/2013 10:13:55 [plugin.c:168] Loading plugins [.so] from > /usr/local/lib/nprobe/plugins > 20/Dec/2013 10:13:55 [nprobe.c:3620] Succesfully created zmq endpoint > tcp://10.10.10.10:5556 > 20/Dec/2013 10:13:55 [nprobe.c:3835] Welcome to nprobe v.6.15.131219 > ($Revision: 3745 $) for x86_64-unknown-linux-gnu with native PF_RING > acceleration > 20/Dec/2013 10:13:55 [nprobe.c:3901] WARNING: -n parameter is missing. > 127.0.0.1:2055 will be used. > 20/Dec/2013 10:13:55 [dbPlugin.c:78] Initializing DB plugin > 20/Dec/2013 10:13:55 [dbPlugin.c:136] Attempting to connect to database as > [host: localhost][dbname: nprobe][table prefix: l][user: nprobe][pwd: xxxxxx] > 20/Dec/2013 10:13:55 [database.c:92] MySQL initialized > 20/Dec/2013 10:13:55 [database.c:112] Successfully connected to MySQL > [host:dbname:user:passwd]=[localhost@0:nprobe:nprobe:xxxxxx] > 20/Dec/2013 10:13:55 [nprobe.c:5710] Welcome to nprobe v.6.15.131219 for > x86_64-unknown-linux-gnu > 20/Dec/2013 10:13:55 [nprobe.c:4984] Using NetFlow Packet Payload Len: 1472 > 20/Dec/2013 10:13:55 [plugin.c:872] 0 plugin(s) enabled > 20/Dec/2013 10:13:55 [database.c:217] Creating database schema... > 20/Dec/2013 10:13:55 [nprobe.c:5359] Each flow is 187 bytes long > 20/Dec/2013 10:13:55 [nprobe.c:5360] The # packets per flow has been set to 6 > 20/Dec/2013 10:13:55 [util.c:310] WARNING: Unable to load AS file > /usr/local/nprobe/GeoIPASNum.dat. AS support disabled > 20/Dec/2013 10:13:55 [util.c:319] WARNING: Unable to load AS IPv6 file > /usr/local/nprobe/GeoIPASNumv6.dat. AS IPv6 support disabled > 20/Dec/2013 10:13:55 [nprobe.c:4356] Using packet capture length 1600 > 20/Dec/2013 10:13:55 [pro/pf_ring.c:325] Using PF_RING in-kernel accelerated > packet parsing > 20/Dec/2013 10:13:55 [pro/pf_ring.c:329] Dumping traffic statistics on > /proc/net/pf_ring/stats/17330-eth2.36 > 20/Dec/2013 10:13:55 [nprobe.c:5932] Flows ASs will not be computed > > ciao > > > Il 20/12/2013 10:18, Stefano Bianchi ha scritto: >> Yuri, >> >> thank for replay but i alredy have the " around the param. >> this is my startup script >> >> NOMESONDA="PROBE1" >> PIDFILE="/var/tmp/nprobe.pid" >> ZMQ_SOCKET="tcp://*:5556" >> SNIF_IFACE="eth2" >> DB_HOST="localhost" >> DB_SCHEMA="nprobe" >> DB_TABPREFIX="l" >> DB_USER="nprobe" >> DB_PASSWORD="pass" >> PROTOS="/tmp/protos.txt" >> TEMPLATEFILE="/tmp/capture_template.txt" >> FILTERINFILE="$NOMESONDA+captfilter.txt" >> FILTERFILE="/tmp/captfilter.txt" >> BINPATH="/usr/local/bin" >> >> case "$1" in >> start) >> echo "Starting nprobe" >> <snip> >> TEMPLATE=$(cat "$TEMPLATEFILE") >> FILTER=$(cat "$FILTERFILE") >> if [ ! -f /tmp/nprobe.norun ]; then >> >> $BINPATH/nprobe -i $SNIF_IFACE -Q 1 -u 1 -G --lifetime-timeout 600 >> --idle-timeout 60 --queue-timeout 60\ >> -g "$PIDFILE" --ndpi-proto-ports $PROTOS \ >> -T "$TEMPLATE" -f "$FILTER" \ >> --zmq "$ZMQ_SOCKET" >> "--mysql=$DB_HOST:$DB_SCHEMA:$DB_TABPREFIX:$DB_USER:$DB_PASSWORD" > >> /var/log/nprobe >> >> >> But even i bind the zmq socket to real ip (ZMQ_SOCKET="tcp://10.10.10:5556") >> nothing change, the zmq_pool timeout each second without fetching data ( i >> added a log of zmq_poll timeout). >> >> ciao >> >> Il 19/12/2013 17:56, Yuri Francalacci ha scritto: >>> if you do not use " " in zmq address, the shell will expand the *. >>> Try enclosing the zmq address in " ". >>> Yuri >>> On 19/dic/2013, at 16:18, Stefano Bianchi <[email protected]> >>> wrote: >>> >>>> Hi, >>>> i had just finish to set up a complete environment with a server is >>>> sniffing the traffic with nprobe (last version) and another one is trying >>>> to fetch the traffic from the originating machine. >>>> >>>> i see zmq conversation set up but i fail to receive any traffic and ntopng >>>> interface loop on "No packet has been received yet on interface >>>> [email protected]:5556. >>>> >>>> Start options: >>>> nprobe >>>> /usr/local/bin/nprobe -i eth2 -Q 1 -u 1 -G --lifetime-timeout 600 >>>> --idle-timeout 60 --queue-timeout 60 -g /var/tmp/nprobe.pid >>>> --ndpi-proto-ports /tmp/protos.txt -T %IN_SRC_MAC %OUT_DST_MAC >>>> %IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES >>>> %PROTOCOL %L4_SRC_PORT %L4_DST_PORT %FIRST_SWITCHED %LAST_SWITCHED >>>> %TCP_FLAGS %SRC_TOS %L7_PROTO %L7_PROTO_NAME %IPV4_SRC_MASK %IPV4_DST_MASK >>>> %FLOWS %FRAGMENTS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC >>>> %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC >>>> %APPL_LATENCY_USEC %NUM_PKTS_UP_TO_128_BYTES %NUM_PKTS_128_TO_256_BYTES >>>> %NUM_PKTS_256_TO_512_BYTES %NUM_PKTS_512_TO_1024_BYTES >>>> %NUM_PKTS_1024_TO_1514_BYTES %NUM_PKTS_OVER_1514_BYTES %FLOW_PROTO_PORT >>>> %LONGEST_FLOW_PKT %SHORTEST_FLOW_PKT %RETRANSMITTED_IN_PKTS >>>> %RETRANSMITTED_OUT_PKTS %OOORDER_IN_PKTS %OOORDER_OUT_PKTS %IPV4_NEXT_HOP >>>> --zmq tcp://*:5556 --mysql=localhost:nprobe:l:nprobe:pass >>>> >>>> ntopng >>>> ./ntopng -i tcp://10.10.10.10:5556 >>>> >>>> I had confirm about flow are captured by the nprobe as they are also >>>> stored in the local database, and i see the zmq session startup via >>>> tcpdump, but no no more data are exchanged after the first 5 or 6 pck. >>>> how i can find why zmq is not working ? >>>> >>>> thanks in advance >>>> >>>> Stefano >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> ############################################### >>> Yuri Francalacci - [email protected] - http://www.ntop.org >>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>> ############################################### >>> >>> >>> >>> >>> >>> >>> >>> >> > > -- > ############################### > Iskra di Stefano Bianchi > Stefano Bianchi > T+39 348 2653362 > F+39 02700438539 > [email protected] > ###############################
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
