Charles you need to write —zmq (double dash) in nProbe Luca On 12 Jan 2014, at 16:38, Charles Johnston <[email protected]> wrote:
> I have nprobe and ntopng compiled and running on Debian wheezy. I have > followed all of the guides to ensure this is setup right but somewhere > between nprobe and ntopng there seems to be a break down. > > Here is the command I'm using to start nprobe and the output. > > # nprobe –zmq tcp://127.0.0.1:5556 -i none -n none --collector-port 9996 > 12/Jan/2014 04:14:41 [plugin.c:161] No plugins found in ./plugins > 12/Jan/2014 04:14:41 [plugin.c:161] No plugins found in > /usr/local/lib/nprobe/plugins > 12/Jan/2014 04:14:41 [plugin.c:165] WARNING: Unable to find plugins > directory. nProbe will work without plugins! > 12/Jan/2014 04:14:41 [nprobe.c:3805] WARNING: The output interfaceId is set > to 0: did you forget to use -Q perhaps ? > 12/Jan/2014 04:14:41 [nprobe.c:3808] WARNING: The input interfaceId is set to > 0: did you forget to use -u perhaps ? > 12/Jan/2014 04:14:41 [nprobe.c:3868] Welcome to nprobe v.6.15.140112 > ($Revision: 3810 $) for x86_64-unknown-linux-gnu > 12/Jan/2014 04:14:41 [nprobe.c:5743] Welcome to nprobe v.6.15.140112 for > x86_64-unknown-linux-gnu > 12/Jan/2014 04:14:41 [plugin.c:872] 0 plugin(s) enabled > 12/Jan/2014 04:14:41 [nprobe.c:4389] Using packet capture length 128 > 12/Jan/2014 04:14:41 [nprobe.c:5919] IPv6 traffic will NOT be > exported/accounted by this probe > 12/Jan/2014 04:14:41 [nprobe.c:5920] due to configuration options (e.g. use > NetFlow v9) > 12/Jan/2014 04:14:41 [nprobe.c:5965] Flows ASs will not be computed (missing > GeoIP support) > 12/Jan/2014 04:14:41 [nprobe.c:6048] Not capturing packet from interface > (collector mode) > 12/Jan/2014 04:14:41 [collect.c:156] Flow collector listening on port 9996 > (IPv4/v6) > > I set -b 2 on nprobe I get this output. > > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 8.8.8.8:53 [3 pkt/186 bytes][ifIdx 5->2][duration 0.0 > sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] 8.8.8.8:53 -> > 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 75.75.76.76:53 [3 pkt/186 bytes][ifIdx 5->2][duration > 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] 75.75.76.76:53 > -> 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 75.75.75.75:53 [3 pkt/186 bytes][ifIdx 5->2][duration > 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] 75.75.75.75:53 > -> 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:33860 -> 8.8.4.4:53 [3 pkt/186 bytes][ifIdx 5->2][duration 0.0 > sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] 8.8.4.4:53 -> > 76.104.78.60:33860 [3 pkt/234 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:33860 -> 8.8.8.8:53 [3 pkt/186 bytes][ifIdx 5->2][duration 0.0 > sec] > > nprobe appears to be receiving flows. but when I shot it I seem. > > 12/Jan/2014 10:12:05 [nprobe.c:369] Received shutdown request... > 12/Jan/2014 10:12:05 [engine.c:2473] About to flush hash (threadId 0) > 12/Jan/2014 10:12:05 [engine.c:2475] Completed hash walk (thread 0) > 12/Jan/2014 10:12:06 [nprobe.c:2045] Processed packets: 0 (max bucket search: > 1) > 12/Jan/2014 10:12:06 [nprobe.c:2028] Fragment queue length: 0 > 12/Jan/2014 10:12:06 [nprobe.c:2054] Flow export stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 12/Jan/2014 10:12:06 [nprobe.c:2061] Flow collection: [collected pkts: > 75457][processed flows: 629017] > 12/Jan/2014 10:12:06 [nprobe.c:2064] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 12/Jan/2014 10:12:06 [nprobe.c:2069] Total flow stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > > Here is information from ntopng > > # ntopng -i tcp://127.0.0.1:5556 -m 192.168.1.0/24 > 12/Jan/2014 10:19:42 [Ntop.cpp:468] Setting local networks to 192.168.1.0/24 > 12/Jan/2014 10:19:42 [Ntop.cpp:575] Registered interface > [email protected]:5556 [id: 0] > 12/Jan/2014 10:19:42 [Utils.cpp:239] User changed to nobody > 12/Jan/2014 10:19:42 [main.cpp:149] PID stored in file /var/tmp/ntopng.pid > 12/Jan/2014 10:19:42 [HTTPserver.cpp:363] HTTP server listening on port 3000 > [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] > 12/Jan/2014 10:19:42 [main.cpp:183] Using RRD version 1.4.7 > 12/Jan/2014 10:19:42 [main.cpp:192] Working directory: /var/tmp/ntopng > 12/Jan/2014 10:19:42 [main.cpp:194] Scripts/HTML pages directory: > /usr/local/share/ntopng > 12/Jan/2014 10:19:42 [Ntop.cpp:164] Welcome to ntopng x86_64 v.1.1.1 (r7171) > - (C) 1998-13 ntop.org > 12/Jan/2014 10:19:42 [Redis.cpp:47] Successfully connected to Redis > 127.0.0.1:6379 > 12/Jan/2014 10:19:42 [PeriodicActivities.cpp:53] Started periodic activities > loop... > 12/Jan/2014 10:19:42 [NetworkInterface.cpp:636] Started packet polling on > interface [email protected]:5556... > 12/Jan/2014 10:19:42 [CollectorInterface.cpp:100] Collecting flows... > 12/Jan/2014 10:25:00 [main.cpp:37] Shutting down... > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [IPv4] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [IPv6] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [ARP] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [MPLS] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [Other] 0 B/0.00 Packets > 12/Jan/2014 10:25:03 [Ntop.cpp:601] Interface [email protected]:5556 > [running: 0] > 12/Jan/2014 10:25:03 [main.cpp:55] Deleted PID /var/tmp/ntopng.pid [rc: 0] > 12/Jan/2014 10:25:03 [HTTPserver.cpp:374] HTTP server terminated > 12/Jan/2014 10:25:03 [AddressResolution.cpp:187] Address resolution stats [0 > resolved][0 failures] > > I have pfsense box using pfflowd to send flows and I used svn to build > everything on the system. I think my problem is somewhere is ZMQ but I'm not > 100% sure. I am at a loss and have started from scratch with this VM about 20 > times now and need some help. > > Charles Johnston > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
