Hi Arianna,
No, I didnt use Biflow. We plan to support Biflow in future. I use 2
templates. Issue is seen with both the templates. Both templates are
mutually exclusive.
Template 1
flowStartSeconds
flowEndSeconds
IP_SRC_ADDR
IP_DST_ADDR
PROTOCOL
L4_SRC_PORT
L4_DST_PORT
PACKETS_TOTAL
BYTES_TOTAL
Template 2
flowStartSeconds
flowStartSecond + PEN
flowEndSeconds
flowEndSeconds + PEN
IP_SRC_ADDR
IP_DST_ADDR
L4_SRC_PORT
L4_DST_PORT
PROTOCOL
biflowDirection
PACKETS_TOTAL
PACKETS_TOTAL + PEN
BYTES_TOTAL
BYTES_TOTAL + PEN
nprobe logs shows flow duration to be 0 all the time,
01/Apr/2015 13:36:15 [util.c:3750] [ZMQ]
{"8":"10.4.251.11","12":"10.18.17.196","15":"0.0.0.0","10":0,"14":0,"2":1,"1":30,"22":1427922294,"21":1427920574,"7":2048,"11":36278,"6":0,"4":1,"5":0,"16":0,"17":0,"9":0,"13":0,"42":3799}
01/Apr/2015 13:36:15 [engine.c:2434] Emitting Flow: [->][icmp]
10.4.251.11:2048 -> 10.18.17.196:36278 [1 pkt/30 bytes][ifIdx 0->0][*0.0
sec][*ECHO REPLY][init Unknown]
Thanks
Rahul
On Wed, Apr 1, 2015 at 1:01 PM, Arianna Avanzini <[email protected]> wrote:
> On 01/04/2015 20:21, Rahul Jain wrote:
>
>> Hi Arianna/all,
>>
>>
> Hi Rahul,
>
> I download the latest ntopng (v.1.99.150401). I can see active flows now.
>> But
>> still no top talkers and the active flow duration is reported incorrectly.
>> Flow duration under active flows tab is 136 years 70 days 6h. I verified
>> the
>> export under Wireshark, and it decodes the duration correctly.
>>
>> Also, I see, few errors under ntopng,
>> 01/Apr/2015 11:09:15 [Geolocation.cpp:59] WARNING: Unable to read GeoIP
>> database
>> /home/auto/ntop_sw/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
>> Error Opening file /home/auto/ntop_sw/ntopng/
>> httpdocs/geoip/GeoLiteCity.dat
>> 01/Apr/2015 11:09:15 [Geolocation.cpp:59] WARNING: Unable to read GeoIP
>> database
>> /home/auto/ntop_sw/ntopng/httpdocs/geoip/GeoLiteCity.dat
>> Error Opening file /home/auto/ntop_sw/ntopng/
>> httpdocs/geoip/GeoLiteCityv6.dat
>> 01/Apr/2015 11:09:47 [Lua.cpp:4515] WARNING: Script failure
>> [/home/auto/ntop_sw/ntopng/scripts/lua/iface_flows_
>> sankey.lua][...e/auto/ntop_sw/ntopng/scripts/lua/iface_
>> flows_sankey.lua:115:
>> attempt to compare number with nil]
>>
>>
> Thanks for trying the latest version. Have you used Biflow also for these
> tests as you mentioned in the other e-mail?
>
> Could you please post your configuration?
>
> Thank you,
> Arianna
>
>
>
>> Thanks
>> Rahul
>>
>> On Wed, Apr 1, 2015 at 1:39 AM, Arianna Avanzini <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> On 01/04/2015 04:32, Rahul Jain wrote:
>>
>> Hi,
>>
>>
>> Hi Rahul,
>>
>> I am evaluating nprobe + ntopng as IPFIX collector. I have a
>> router
>> exporting
>> IPFIX flows and I don't see any active flows, or top talkers on
>> the
>> ntopng GUI.
>>
>> I am running nprobe and ntopng on my Ubuntu server and my
>> configuration is,
>> nprobe --zmq "tcp://*:5556" -i none -n none -b 2 -3 2055
>> ntopng -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556>
>>
>> <http://127.0.0.1:5556/> -d /var/tmp
>>
>> I am using nprobe v.7.0.141208 and ntopng v.1.2.2
>>
>> Issues,
>> a) No active flows seen. Some times active flows is seen but the
>> duration of the
>> flow is reported incorrectly, ~46 yrs.
>> b) No top talker
>> c) Host first seen is reported incorrectly. First seen at @2106 yr
>>
>>
>> These bugs look like some that were recently fixed. Could you please
>> try the
>> latest SVN or nightly and report back to tell us if they stil occur?
>>
>> Thank you,
>> Arianna
>>
>>
>> Template exported:
>> flowStartSeconds
>> flowEndSeconds
>> IP_SRC_ADDR
>> IP_DST_ADDR
>> PROTOCOL
>> L4_SRC_PORT
>> L4_DST_PORT
>> PACKETS_TOTAL
>> BYTES_TOTAL
>>
>> Please let me know, if I am missing any configuration or its a
>> bug/known
>> issue.
>>
>> Thanks
>> Rahul
>>
>>
>> _________________________________________________
>> Ntop-misc mailing list
>> [email protected] <mailto:Ntop-misc@listgateway.
>> unipi.it>
>> http://listgateway.unipi.it/__mailman/listinfo/ntop-misc
>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>
>>
>>
>> --
>> /*
>> * Arianna Avanzini
>> * [email protected] <mailto:[email protected]>
>> * http://ava.webhop.me
>> */
>> _________________________________________________
>> Ntop-misc mailing list
>> [email protected] <mailto:[email protected]
>> >
>> http://listgateway.unipi.it/__mailman/listinfo/ntop-misc
>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>
>>
>>
>
> --
> /*
> * Arianna Avanzini
> * [email protected]
> * http://ava.webhop.me
> */
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
