OK Great! That has made a big difference. I am now getting flows into
ntopng this way.
One strange thing I have encountered. If I start nprobe and give it the
daemonize option, it no longer works.
This command on the command line works:
/usr/local/bin/nprobe --zmq tcp://*:5556 -i none -n none -b 2 -3 2055
This doesn't:
/usr/local/bin/nprobe --zmq tcp://*:5556 -i none -n none -b 2 -3 2055 -G
When I give the -G flag, it says it is becoming a daemon. Then I start
ntopng with this command:
/usr/local/bin/ntopng -i tcp://127.0.0.1:5556 -e
Ntopng starts and the web interface loads but it always says 'no packet
has been received yet'. Does the -G imply some other change in the
functionality besides just running as a daemon?
Thanks
On 2/3/2014 12:53 PM, Luca Deri wrote:
On 03 Feb 2014, at 19:27, Jon Bayless <[email protected]
<mailto:[email protected]>> wrote:
If I change the nprobe syntax to:
nprobe --zmq "tcp://*:5556" -i eth0 -n none -b 2'
This command is good for turning packets into flows. If you want to
collect flows (let's say on port 2055) and forward them to ntopng do
nprobe --zmq "tcp://*:5556" -i none -n none -b 2 -3 2055
Cheers Luca
I start receiving a lot of command line output about New Flow and
Emmiting Flow but still don't see the actual netflow data from the
routers being processed. I can see it coming into the nprobe software
though.
On 2/1/2014 8:28 AM, Luca Deri wrote:
Jon,
the correct syntax is describe here
https://svn.ntop.org/svn/ntop/trunk/ntopng/README.ntopng
- collector
ntopng -itcp://127.0.0.1:5556
- probe (nProbe)
nprobe --zmq "tcp://*:5556" -i ~/pcap/http.pcap -n none -b 2
Luca
On 31 Jan 2014, at 18:15, Jon Bayless <[email protected]
<mailto:[email protected]>> wrote:
Hi! I've successfully installed Ntopng on a Centos 6.5 x86_64
server and the new web interface is very nice. It looks very
impressive so far. I am hoping to use the software to display and
analyze netflow data exported/sent by Cisco Catalyst 6500 series
layer 3 switches. Currently we have flows sent from those switches
going into jkflow/flowscan on other linux servers and it works
nicely but there is no interface beyond the manual RRDtool graphs
we build from the data to show basic in and out byte counts.
I understand that nprobe must be used as the netflow collector
running on the server with ntopng and I have tried to find good
documentation on what settings to use to do so. The best I have
been able to do is see a number of packets and connections from the
switches in question in the hosts display and flows. It shows it
has received roughly 1.5GB of data from each of the 2 routers I
have sending to it but the data itself doesn't seem to be processed
by nprobe or ntopng.
The command I have used to start nprobe currently is:
nprobe --zmq "tcp://127.0.0.1:5556" -i none -n none -V 5
--collector-port 2055
But I have tried a few other suggestions on other websites. What
command should I use if I just want the server to accept inbound
netflow flows from the routers I point at it and then put the flow
data into ntopng?
Thanks
Jon
_______________________________________________
Ntop-misc mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
