On 03 Feb 2014, at 19:27, Jon Bayless <[email protected]> wrote:
> If I change the nprobe syntax to: > > nprobe --zmq "tcp://*:5556" -i eth0 -n none -b 2’ This command is good for turning packets into flows. If you want to collect flows (let’s say on port 2055) and forward them to ntopng do nprobe --zmq "tcp://*:5556" -i none -n none -b 2 -3 2055 Cheers Luca > > I start receiving a lot of command line output about New Flow and Emmiting > Flow but still don't see the actual netflow data from the routers being > processed. I can see it coming into the nprobe software though. > > On 2/1/2014 8:28 AM, Luca Deri wrote: >> Jon, >> the correct syntax is describe here >> https://svn.ntop.org/svn/ntop/trunk/ntopng/README.ntopng >> >> - collector >> ntopng -i tcp://127.0.0.1:5556 >> >> - probe (nProbe) >> nprobe --zmq "tcp://*:5556" -i ~/pcap/http.pcap -n none -b 2 >> Luca >> >> On 31 Jan 2014, at 18:15, Jon Bayless <[email protected]> wrote: >> >>> Hi! I've successfully installed Ntopng on a Centos 6.5 x86_64 server and >>> the new web interface is very nice. It looks very impressive so far. I am >>> hoping to use the software to display and analyze netflow data >>> exported/sent by Cisco Catalyst 6500 series layer 3 switches. Currently we >>> have flows sent from those switches going into jkflow/flowscan on other >>> linux servers and it works nicely but there is no interface beyond the >>> manual RRDtool graphs we build from the data to show basic in and out byte >>> counts. >>> >>> I understand that nprobe must be used as the netflow collector running on >>> the server with ntopng and I have tried to find good documentation on what >>> settings to use to do so. The best I have been able to do is see a number >>> of packets and connections from the switches in question in the hosts >>> display and flows. It shows it has received roughly 1.5GB of data from each >>> of the 2 routers I have sending to it but the data itself doesn't seem to >>> be processed by nprobe or ntopng. >>> >>> The command I have used to start nprobe currently is: >>> >>> nprobe --zmq "tcp://127.0.0.1:5556" -i none -n none -V 5 --collector-port >>> 2055 >>> >>> But I have tried a few other suggestions on other websites. What command >>> should I use if I just want the server to accept inbound netflow flows from >>> the routers I point at it and then put the flow data into ntopng? >>> >>> Thanks >>> >>> Jon >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
