Luca, I have tried that but tried it again so I could paste the output here.
# nprobe -–zmq tcp://127.0.0.1:5556 -i none -n none --collector-port 9996 12/Jan/2014 11:17:48 [plugin.c:161] No plugins found in ./plugins 12/Jan/2014 11:17:48 [plugin.c:161] No plugins found in /usr/local/lib/nprobe/plugins 12/Jan/2014 11:17:48 [plugin.c:165] WARNING: Unable to find plugins directory. nProbe will work without plugins! nprobe: invalid option -- '▒' nprobe: invalid option -- '▒' nprobe: invalid option -- '▒' 12/Jan/2014 11:17:48 [nprobe.c:3805] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ? 12/Jan/2014 11:17:48 [nprobe.c:3808] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ? 12/Jan/2014 11:17:48 [nprobe.c:3868] Welcome to nprobe v.6.15.140112 ($Revision: 3810 $) for x86_64-unknown-linux-gnu 12/Jan/2014 11:17:48 [nprobe.c:5743] Welcome to nprobe v.6.15.140112 for x86_64-unknown-linux-gnu 12/Jan/2014 11:17:48 [plugin.c:872] 0 plugin(s) enabled 12/Jan/2014 11:17:48 [nprobe.c:4389] Using packet capture length 128 12/Jan/2014 11:17:48 [nprobe.c:5919] IPv6 traffic will NOT be exported/accounted by this probe 12/Jan/2014 11:17:48 [nprobe.c:5920] due to configuration options (e.g. use NetFlow v9) 12/Jan/2014 11:17:48 [nprobe.c:5965] Flows ASs will not be computed (missing GeoIP support) 12/Jan/2014 11:17:48 [nprobe.c:6048] Not capturing packet from interface (collector mode) 12/Jan/2014 11:17:48 [collect.c:156] Flow collector listening on port 9996 (IPv4/v6) ^C12/Jan/2014 11:40:55 [nprobe.c:369] Received shutdown request... 12/Jan/2014 11:40:56 [engine.c:2473] About to flush hash (threadId 0) 12/Jan/2014 11:40:56 [engine.c:2475] Completed hash walk (thread 0) 12/Jan/2014 11:40:57 [nprobe.c:2045] Processed packets: 0 (max bucket search: 1) 12/Jan/2014 11:40:57 [nprobe.c:2028] Fragment queue length: 0 12/Jan/2014 11:40:57 [nprobe.c:2054] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 12/Jan/2014 11:40:57 [nprobe.c:2061] Flow collection: [collected pkts: 2158][processed flows: 17926] 12/Jan/2014 11:40:57 [nprobe.c:2064] Flow drop stats: [0 bytes/0 pkts][0 flows] 12/Jan/2014 11:40:57 [nprobe.c:2069] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] Charles Johnston "That government is best which governs the least, because its people discipline themselves." -Thomas Jefferson On Sun, Jan 12, 2014 at 10:55 AM, <[email protected]>wrote: > Send Ntop-misc mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Ntop-misc digest..." > > Today's Topics: > > 1. zmq doesn't seem to be working (Charles Johnston) > 2. Re: zmq doesn't seem to be working (Luca Deri) > > > ---------- Forwarded message ---------- > From: Charles Johnston <[email protected]> > To: [email protected] > Cc: > Date: Sun, 12 Jan 2014 10:38:59 -0500 > Subject: [Ntop-misc] zmq doesn't seem to be working > I have nprobe and ntopng compiled and running on Debian wheezy. I have > followed all of the guides to ensure this is setup right but somewhere > between nprobe and ntopng there seems to be a break down. > > Here is the command I'm using to start nprobe and the output. > > # nprobe –zmq tcp://127.0.0.1:5556 -i none -n none --collector-port 9996 > 12/Jan/2014 04:14:41 [plugin.c:161] No plugins found in ./plugins > 12/Jan/2014 04:14:41 [plugin.c:161] No plugins found in > /usr/local/lib/nprobe/plugins > 12/Jan/2014 04:14:41 [plugin.c:165] WARNING: Unable to find plugins > directory. nProbe will work without plugins! > 12/Jan/2014 04:14:41 [nprobe.c:3805] WARNING: The output interfaceId is > set to 0: did you forget to use -Q perhaps ? > 12/Jan/2014 04:14:41 [nprobe.c:3808] WARNING: The input interfaceId is set > to 0: did you forget to use -u perhaps ? > 12/Jan/2014 04:14:41 [nprobe.c:3868] Welcome to nprobe v.6.15.140112 > ($Revision: 3810 $) for x86_64-unknown-linux-gnu > 12/Jan/2014 04:14:41 [nprobe.c:5743] Welcome to nprobe v.6.15.140112 for > x86_64-unknown-linux-gnu > 12/Jan/2014 04:14:41 [plugin.c:872] 0 plugin(s) enabled > 12/Jan/2014 04:14:41 [nprobe.c:4389] Using packet capture length 128 > 12/Jan/2014 04:14:41 [nprobe.c:5919] IPv6 traffic will NOT be > exported/accounted by this probe > 12/Jan/2014 04:14:41 [nprobe.c:5920] due to configuration options (e.g. > use NetFlow v9) > 12/Jan/2014 04:14:41 [nprobe.c:5965] Flows ASs will not be computed > (missing GeoIP support) > 12/Jan/2014 04:14:41 [nprobe.c:6048] Not capturing packet from interface > (collector mode) > 12/Jan/2014 04:14:41 [collect.c:156] Flow collector listening on port 9996 > (IPv4/v6) > > I set -b 2 on nprobe I get this output. > > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 8.8.8.8:53 [3 pkt/186 bytes][ifIdx 5->2][duration > 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] 8.8.8.8:53-> > 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 75.75.76.76:53 [3 pkt/186 bytes][ifIdx > 5->2][duration 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] > 75.75.76.76:53 -> 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 75.75.75.75:53 [3 pkt/186 bytes][ifIdx > 5->2][duration 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] > 75.75.75.75:53 -> 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:33860 -> 8.8.4.4:53 [3 pkt/186 bytes][ifIdx 5->2][duration > 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] 8.8.4.4:53-> > 76.104.78.60:33860 [3 pkt/234 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:33860 -> 8.8.8.8:53 [3 pkt/186 bytes][ifIdx 5->2][duration > 0.0 sec] > > nprobe appears to be receiving flows. but when I shot it I seem. > > 12/Jan/2014 10:12:05 [nprobe.c:369] Received shutdown request... > 12/Jan/2014 10:12:05 [engine.c:2473] About to flush hash (threadId 0) > 12/Jan/2014 10:12:05 [engine.c:2475] Completed hash walk (thread 0) > 12/Jan/2014 10:12:06 [nprobe.c:2045] Processed packets: 0 (max bucket > search: 1) > 12/Jan/2014 10:12:06 [nprobe.c:2028] Fragment queue length: 0 > 12/Jan/2014 10:12:06 [nprobe.c:2054] Flow export stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 12/Jan/2014 10:12:06 [nprobe.c:2061] Flow collection: [collected pkts: > 75457][processed flows: 629017] > 12/Jan/2014 10:12:06 [nprobe.c:2064] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 12/Jan/2014 10:12:06 [nprobe.c:2069] Total flow stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > > Here is information from ntopng > > # ntopng -i tcp://127.0.0.1:5556 -m 192.168.1.0/24 > 12/Jan/2014 10:19:42 [Ntop.cpp:468] Setting local networks to > 192.168.1.0/24 > 12/Jan/2014 10:19:42 [Ntop.cpp:575] Registered interface > [email protected]:5556 [id: 0] > 12/Jan/2014 10:19:42 [Utils.cpp:239] User changed to nobody > 12/Jan/2014 10:19:42 [main.cpp:149] PID stored in file /var/tmp/ntopng.pid > 12/Jan/2014 10:19:42 [HTTPserver.cpp:363] HTTP server listening on port > 3000 [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] > 12/Jan/2014 10:19:42 [main.cpp:183] Using RRD version 1.4.7 > 12/Jan/2014 10:19:42 [main.cpp:192] Working directory: /var/tmp/ntopng > 12/Jan/2014 10:19:42 [main.cpp:194] Scripts/HTML pages directory: > /usr/local/share/ntopng > 12/Jan/2014 10:19:42 [Ntop.cpp:164] Welcome to ntopng x86_64 v.1.1.1 > (r7171) - (C) 1998-13 ntop.org > 12/Jan/2014 10:19:42 [Redis.cpp:47] Successfully connected to Redis > 127.0.0.1:6379 > 12/Jan/2014 10:19:42 [PeriodicActivities.cpp:53] Started periodic > activities loop... > 12/Jan/2014 10:19:42 [NetworkInterface.cpp:636] Started packet polling on > interface [email protected]:5556... > 12/Jan/2014 10:19:42 [CollectorInterface.cpp:100] Collecting flows... > 12/Jan/2014 10:25:00 [main.cpp:37] Shutting down... > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [IPv4] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [IPv6] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [ARP] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [MPLS] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [Other] 0 B/0.00 Packets > 12/Jan/2014 10:25:03 [Ntop.cpp:601] Interface > [email protected]:5556[running: 0] > 12/Jan/2014 10:25:03 [main.cpp:55] Deleted PID /var/tmp/ntopng.pid [rc: 0] > 12/Jan/2014 10:25:03 [HTTPserver.cpp:374] HTTP server terminated > 12/Jan/2014 10:25:03 [AddressResolution.cpp:187] Address resolution stats > [0 resolved][0 failures] > > I have pfsense box using pfflowd to send flows and I used svn to build > everything on the system. I think my problem is somewhere is ZMQ but I'm > not 100% sure. I am at a loss and have started from scratch with this VM > about 20 times now and need some help. > > Charles Johnston > > > ---------- Forwarded message ---------- > From: Luca Deri <[email protected]> > To: [email protected] > Cc: > Date: Sun, 12 Jan 2014 16:55:49 +0100 > Subject: Re: [Ntop-misc] zmq doesn't seem to be working > Charles > you need to write —zmq (double dash) in nProbe > > Luca > On 12 Jan 2014, at 16:38, Charles Johnston <[email protected]> wrote: > > I have nprobe and ntopng compiled and running on Debian wheezy. I have > followed all of the guides to ensure this is setup right but somewhere > between nprobe and ntopng there seems to be a break down. > > Here is the command I'm using to start nprobe and the output. > > # nprobe –zmq tcp://127.0.0.1:5556 -i none -n none --collector-port 9996 > 12/Jan/2014 04:14:41 [plugin.c:161] No plugins found in ./plugins > 12/Jan/2014 04:14:41 [plugin.c:161] No plugins found in > /usr/local/lib/nprobe/plugins > 12/Jan/2014 04:14:41 [plugin.c:165] WARNING: Unable to find plugins > directory. nProbe will work without plugins! > 12/Jan/2014 04:14:41 [nprobe.c:3805] WARNING: The output interfaceId is > set to 0: did you forget to use -Q perhaps ? > 12/Jan/2014 04:14:41 [nprobe.c:3808] WARNING: The input interfaceId is set > to 0: did you forget to use -u perhaps ? > 12/Jan/2014 04:14:41 [nprobe.c:3868] Welcome to nprobe v.6.15.140112 > ($Revision: 3810 $) for x86_64-unknown-linux-gnu > 12/Jan/2014 04:14:41 [nprobe.c:5743] Welcome to nprobe v.6.15.140112 for > x86_64-unknown-linux-gnu > 12/Jan/2014 04:14:41 [plugin.c:872] 0 plugin(s) enabled > 12/Jan/2014 04:14:41 [nprobe.c:4389] Using packet capture length 128 > 12/Jan/2014 04:14:41 [nprobe.c:5919] IPv6 traffic will NOT be > exported/accounted by this probe > 12/Jan/2014 04:14:41 [nprobe.c:5920] due to configuration options (e.g. > use NetFlow v9) > 12/Jan/2014 04:14:41 [nprobe.c:5965] Flows ASs will not be computed > (missing GeoIP support) > 12/Jan/2014 04:14:41 [nprobe.c:6048] Not capturing packet from interface > (collector mode) > 12/Jan/2014 04:14:41 [collect.c:156] Flow collector listening on port 9996 > (IPv4/v6) > > I set -b 2 on nprobe I get this output. > > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 8.8.8.8:53 [3 pkt/186 bytes][ifIdx 5->2][duration > 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] 8.8.8.8:53-> > 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 75.75.76.76:53 [3 pkt/186 bytes][ifIdx > 5->2][duration 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] > 75.75.76.76:53 -> 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:7357 -> 75.75.75.75:53 [3 pkt/186 bytes][ifIdx > 5->2][duration 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] > 75.75.75.75:53 -> 76.104.78.60:7357 [3 pkt/354 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:33860 -> 8.8.4.4:53 [3 pkt/186 bytes][ifIdx 5->2][duration > 0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2370] Emitting Flow: [<-][udp] 8.8.4.4:53-> > 76.104.78.60:33860 [3 pkt/234 bytes][ifIdx 2->5][0.0 sec] > 12/Jan/2014 04:03:55 [engine.c:2348] Emitting Flow: [->][udp] > 76.104.78.60:33860 -> 8.8.8.8:53 [3 pkt/186 bytes][ifIdx 5->2][duration > 0.0 sec] > > nprobe appears to be receiving flows. but when I shot it I seem. > > 12/Jan/2014 10:12:05 [nprobe.c:369] Received shutdown request... > 12/Jan/2014 10:12:05 [engine.c:2473] About to flush hash (threadId 0) > 12/Jan/2014 10:12:05 [engine.c:2475] Completed hash walk (thread 0) > 12/Jan/2014 10:12:06 [nprobe.c:2045] Processed packets: 0 (max bucket > search: 1) > 12/Jan/2014 10:12:06 [nprobe.c:2028] Fragment queue length: 0 > 12/Jan/2014 10:12:06 [nprobe.c:2054] Flow export stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 12/Jan/2014 10:12:06 [nprobe.c:2061] Flow collection: [collected pkts: > 75457][processed flows: 629017] > 12/Jan/2014 10:12:06 [nprobe.c:2064] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 12/Jan/2014 10:12:06 [nprobe.c:2069] Total flow stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > > Here is information from ntopng > > # ntopng -i tcp://127.0.0.1:5556 -m 192.168.1.0/24 > 12/Jan/2014 10:19:42 [Ntop.cpp:468] Setting local networks to > 192.168.1.0/24 > 12/Jan/2014 10:19:42 [Ntop.cpp:575] Registered interface > [email protected]:5556 [id: 0] > 12/Jan/2014 10:19:42 [Utils.cpp:239] User changed to nobody > 12/Jan/2014 10:19:42 [main.cpp:149] PID stored in file /var/tmp/ntopng.pid > 12/Jan/2014 10:19:42 [HTTPserver.cpp:363] HTTP server listening on port > 3000 [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] > 12/Jan/2014 10:19:42 [main.cpp:183] Using RRD version 1.4.7 > 12/Jan/2014 10:19:42 [main.cpp:192] Working directory: /var/tmp/ntopng > 12/Jan/2014 10:19:42 [main.cpp:194] Scripts/HTML pages directory: > /usr/local/share/ntopng > 12/Jan/2014 10:19:42 [Ntop.cpp:164] Welcome to ntopng x86_64 v.1.1.1 > (r7171) - (C) 1998-13 ntop.org > 12/Jan/2014 10:19:42 [Redis.cpp:47] Successfully connected to Redis > 127.0.0.1:6379 > 12/Jan/2014 10:19:42 [PeriodicActivities.cpp:53] Started periodic > activities loop... > 12/Jan/2014 10:19:42 [NetworkInterface.cpp:636] Started packet polling on > interface [email protected]:5556... > 12/Jan/2014 10:19:42 [CollectorInterface.cpp:100] Collecting flows... > 12/Jan/2014 10:25:00 [main.cpp:37] Shutting down... > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [IPv4] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [IPv6] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [ARP] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [MPLS] 0 B/0.00 Packets > 12/Jan/2014 10:25:02 [ProtoStats.cpp:35] [Other] 0 B/0.00 Packets > 12/Jan/2014 10:25:03 [Ntop.cpp:601] Interface > [email protected]:5556[running: 0] > 12/Jan/2014 10:25:03 [main.cpp:55] Deleted PID /var/tmp/ntopng.pid [rc: 0] > 12/Jan/2014 10:25:03 [HTTPserver.cpp:374] HTTP server terminated > 12/Jan/2014 10:25:03 [AddressResolution.cpp:187] Address resolution stats > [0 resolved][0 failures] > > I have pfsense box using pfflowd to send flows and I used svn to build > everything on the system. I think my problem is somewhere is ZMQ but I'm > not 100% sure. I am at a loss and have started from scratch with this VM > about 20 times now and need some help. > > Charles Johnston > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
