Hi Yuri, Using --zmq' results in nprobe: unrecognized option '--zmq' error message
Regards, Ramzi [root@ntopng ~]# nprobe --zmq "tcp://127.0.0.1:5556" -i p3p1 29/Sep/2014 07:09:47 [plugin.c:161] No plugins found in ./plugins 29/Sep/2014 07:09:47 [plugin.c:161] No plugins found in /usr/local/lib/nprobe/plugins 29/Sep/2014 07:09:47 [plugin.c:165] WARNING: Unable to find plugins directory. nProbe will work without plugins! nprobe: unrecognized option '--zmq' 29/Sep/2014 07:09:47 [nprobe.c:4165] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ? 29/Sep/2014 07:09:47 [nprobe.c:4168] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ? 29/Sep/2014 07:09:47 [nprobe.c:4223] Welcome to nprobe v.6.16.140925 ($Revision: 1234 $) for x86_64-unknown-linux-gnu 29/Sep/2014 07:09:47 [nprobe.c:4294] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used. 29/Sep/2014 07:09:47 [nprobe.c:6134] Welcome to nprobe v.6.16.140925 for x86_64-unknown-linux-gnu 29/Sep/2014 07:09:47 [plugin.c:930] 0 plugin(s) enabled 29/Sep/2014 07:09:47 [util.c:308] GeoIP: loaded AS config file /usr/local/nprobe/GeoIPASNum.dat 29/Sep/2014 07:09:47 [util.c:317] GeoIP: loaded AS IPv6 config file /usr/local/nprobe/GeoIPASNumv6.dat 29/Sep/2014 07:09:47 [nprobe.c:4750] Using packet capture length 128 29/Sep/2014 07:09:47 [nprobe.c:6302] IPv6 traffic will NOT be exported/accounted by this probe 29/Sep/2014 07:09:47 [nprobe.c:6303] due to configuration options (e.g. use NetFlow v9) 29/Sep/2014 07:09:47 [nprobe.c:6433] Capturing packets from interface p3p1 [snaplen: 128 bytes] 29/Sep/2014 07:09:47 [util.c:2763] nProbe changed user to 'nobody' 29/Sep/2014 07:09:47 [nprobe.c:6631] nProbe started successfully From: [email protected] [mailto:[email protected]] On Behalf Of Yuri Francalacci Sent: Monday, September 29, 2014 12:00 PM To: [email protected] Subject: Re: [Ntop-misc] ntopng architecture Ramzi, the nprobe param for zmq is -zmq (with a double dash). I do not know if the one you have typed below is with just one dash due to a typo or it has been modified by the spell-check. Anyway, please check whenever you run nprobe with the zmq active, if you have an active socket in these two ways: - check if nprobe log contains something like "29/Sep/2014 10:58:32 [util.c:3615] Succesfully created ZMQ endpoint tcp://*:5556" - check using netstat command like (netstat -na |grep 5556) if you have a listening port. Regards, Yuri ############################################### Yuri Francalacci - [email protected]<mailto:[email protected]> - http://www.ntop.org "Simplicity is the ultimate sophistication" - Leonardo da Vinci ############################################### On 29 Sep 2014, at 09:04, Ramzi Abdallah <[email protected]<mailto:[email protected]>> wrote: Thank you Yuri for your quick response. I have actually tried to follow the example in this document but for some reason ntop is failing to retrieve the data from nprobe. Below is my server network configuration: Ethernet interface p3p1 is connected to a mirrored switch port and p2p1 is the interface we use to connect to ntopng web interface. >From the logs bellow we can actually see that nprobe is receiving data but >ntopng is failing to pull it. any thoughts on that? [root@ntopng ~]# ifconfig p2p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.169 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::213:72ff:fe76:a64a prefixlen 64 scopeid 0x20<link> p3p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::210:4bff:fe64:bf50 prefixlen 64 scopeid 0x20<link> ether 00:10:4b:64:bf:50 txqueuelen 1000 (Ethernet) [root@ntopng ~]# ntopng -i tcp://127.0.0.1:5556 26/Sep/2014 04:39:21 [Ntop.cpp:621] Setting local networks to 192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8 26/Sep/2014 04:39:21 [Redis.cpp:74] Successfully connected to Redis 127.0.0.1:6379 26/Sep/2014 04:39:21 [Ntop.cpp:745] Registered interface tcp://127.0.0.1:5556[id: 0] 26/Sep/2014 04:39:21 [Utils.cpp:251] User changed to nobody 26/Sep/2014 04:39:21 [main.cpp:184] PID stored in file /var/tmp/ntopng.pid 26/Sep/2014 04:39:21 [HTTPserver.cpp:354] HTTPS Disabled: missing SSL certificate /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem 26/Sep/2014 04:39:21 [HTTPserver.cpp:355] Please readhttps://svn.ntop.org/svn/ntop/trunk/ntopng/README.SSL if you want to enable SSL. 26/Sep/2014 04:39:21 [HTTPserver.cpp:396] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 26/Sep/2014 04:39:21 [HTTPserver.cpp:399] HTTP server listening on port 3000 26/Sep/2014 04:39:21 [main.cpp:232] Working directory: /var/tmp/ntopng 26/Sep/2014 04:39:21 [main.cpp:234] Scripts/HTML pages directory: /usr/share/ntopng 26/Sep/2014 04:39:21 [Ntop.cpp:208] Welcome to ntopng x86_64 v.1.2.2 (r1.2.2) - (C) 1998-14 ntop.org<http://ntop.org/> 26/Sep/2014 04:39:21 [PeriodicActivities.cpp:53] Started periodic activities loop... 26/Sep/2014 04:39:21 [RuntimePrefs.cpp:32] Dump alerts into syslog 26/Sep/2014 04:39:21 [NetworkInterface.cpp:800] Started packet polling on interface tcp://127.0.0.1:5556 [id: 3]... 26/Sep/2014 04:39:22 [CollectorInterface.cpp:92] Collecting flows ontcp://127.0.0.1:5556 -- 26/Sep/2014 04:42:13 [main.cpp:37] Shutting down... 26/Sep/2014 04:42:15 [ProtoStats.cpp:35] [IPv4] 0 B/0.00 Packets 26/Sep/2014 04:42:15 [ProtoStats.cpp:35] [IPv6] 0 B/0.00 Packets 26/Sep/2014 04:42:15 [ProtoStats.cpp:35] [ARP] 0 B/0.00 Packets 26/Sep/2014 04:42:15 [ProtoStats.cpp:35] [MPLS] 0 B/0.00 Packets 26/Sep/2014 04:42:15 [ProtoStats.cpp:35] [Other] 0 B/0.00 Packets 26/Sep/2014 04:42:15 [Ntop.cpp:771] Interface tcp://127.0.0.1:5556 [running: 0] 26/Sep/2014 04:42:15 [main.cpp:55] Deleted PID /var/tmp/ntopng.pid [rc: -1] 26/Sep/2014 04:42:16 [HTTPserver.cpp:412] HTTP server terminated 26/Sep/2014 04:42:16 [AddressResolution.cpp:217] Address resolution stats [0 resolved][0 failures] [root@ntopng nprobe]# nprobe -zmq "tcp://127.0.0.1:5556" -i p3p1 26/Sep/2014 04:40:17 [plugin.c:161] No plugins found in ./plugins 26/Sep/2014 04:40:17 [plugin.c:161] No plugins found in /usr/local/lib/nprobe/plugins 26/Sep/2014 04:40:17 [plugin.c:165] WARNING: Unable to find plugins directory. nProbe will work without plugins! 26/Sep/2014 04:40:17 [nprobe.c:4165] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ? 26/Sep/2014 04:40:17 [nprobe.c:4168] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ? 26/Sep/2014 04:40:17 [nprobe.c:4223] Welcome to nprobe v.6.16.140925 ($Revision: 1234 $) for x86_64-unknown-linux-gnu 26/Sep/2014 04:40:17 [nprobe.c:4294] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used. 26/Sep/2014 04:40:17 [nprobe.c:6134] Welcome to nprobe v.6.16.140925 for x86_64-unknown-linux-gnu 26/Sep/2014 04:40:17 [plugin.c:930] 0 plugin(s) enabled 26/Sep/2014 04:40:17 [util.c:308] GeoIP: loaded AS config file GeoIPASNum.dat 26/Sep/2014 04:40:17 [util.c:317] GeoIP: loaded AS IPv6 config file GeoIPASNumv6.dat 26/Sep/2014 04:40:17 [nprobe.c:4750] Using packet capture length 128 26/Sep/2014 04:40:17 [nprobe.c:6302] IPv6 traffic will NOT be exported/accounted by this probe 26/Sep/2014 04:40:17 [nprobe.c:6303] due to configuration options (e.g. use NetFlow v9) 26/Sep/2014 04:40:17 [nprobe.c:6433] Capturing packets from interface p3p1 [snaplen: 128 bytes] 26/Sep/2014 04:40:17 [util.c:2763] nProbe changed user to 'nobody' 26/Sep/2014 04:40:17 [nprobe.c:6631] nProbe started successfully 26/Sep/2014 04:40:49 [export.c:377] WARNING: Unable to export non-IPv4 flows using NetFlow v5. Dropped. -- 26/Sep/2014 04:41:16 [nprobe.c:390] Received shutdown request... 26/Sep/2014 04:41:16 [engine.c:2458] About to flush hash (threadId 0) 26/Sep/2014 04:41:16 [engine.c:2460] Completed hash walk (thread 0) 26/Sep/2014 04:41:17 [nprobe.c:2269] Processed packets: 64145 (max bucket search: 2) 26/Sep/2014 04:41:17 [nprobe.c:2252] Fragment queue length: 0 26/Sep/2014 04:41:17 [nprobe.c:2278] Flow export stats: [36552137 bytes/56928 pkts][2432 flows/82 pkts sent] 26/Sep/2014 04:41:17 [nprobe.c:2288] Flow drop stats: [0 bytes/0 pkts][0 flows] 26/Sep/2014 04:41:17 [nprobe.c:2293] Total flow stats: [36552137 bytes/56928 pkts][2432 flows/82 pkts sent] Regards, Ramzi _______________________________________________ Ntop-misc mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
