Thanks Luca, I have removed all nProbe config, updated the application to the latest version (recently released) and tried to set up again. From the GUI, I am still unclear whether to use Eth0 or Proxy mode. Currently, with proxy mode, I have the following config files:
-n=3 -m="10.20.70.0/24" -G=/var/tmp/ntopng.pid -i=tcp://127.0.0.1:5556 -n=none -i=none --json-labels -t=60 -d=60 -a=0 -e=1 -B=10 -w=128000 -z=0 -S=1:1 -E=0:0 -g=/var/run/nprobe-none.pid -3=2055 --vlanid-as-iface-idx=none -V=5 --dump-stats=/var/log/nprobe/none-0_flows_stats.txt but it still isn't working i.e. dashboard only shows traffic destined for the Eth0 interface (unicasts and broadcasts), nothing from traffic traversing the firewall sending the Netflow traffic. Regards, Matt > > ---------- Forwarded message ---------- > From: Luca Deri <[email protected]> > To: [email protected] > Cc: > Date: Tue, 2 Jun 2015 14:07:15 +0200 > Subject: Re: [Ntop-misc] nProbe configuration issues > Matt > you have > > -n=udp://127.0.0.1:2055 > > -3=2055 > > > this means that (-3) you want to collect flows on port 2055 and (-n) > export flows to localhost port 2055. nProbe detects that and disables this. > > If your intention is to collect flows on port 2055 and let ntopng attach > to it, do -n=none and it should work. > > Regards Luca > > > On 02 Jun 2015, at 12:50, Matt Thompson <[email protected]> wrote: > > Hi Yuri, >> > > the ntopng and nprobe config files are below, respectively: > > > -n=3 > -m="10.20.70.0/24" > -G=/var/tmp/ntopng.pid > -i=tcp://127.0.0.1:5556 > > > > -n=udp://127.0.0.1:2055 > -i=none > -t=60 > -d=60 > -a=0 > -e=1 > -B=10 > -w=128000 > -z=0 > -S=1:1 > -E=0:0 > -m=15 > -g=/var/run/nprobe-none.pid > -3=2055 > --zmq=tcp://*:5556 > --vlanid-as-iface-idx=none > -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT > %IPV4_SRC_ADDR > %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP %LAST_SWITCHED > %FIRST_SWI > TCHED > -V=9 > --dump-stats=/var/log/nprobe/none-0_flows_stats.txt > > > I have also tried changing the various IPs to the Eth0 address with no > change. > > > Regards, > > Matt > > > > > ---------- Forwarded message ---------- >> From: Francalacci Yuri <[email protected]> >> To: "[email protected]" <[email protected]> >> Cc: >> Date: Sun, 31 May 2015 17:15:01 +0200 >> Subject: Re: [Ntop-misc] Ntop-misc Digest, Vol 131, Issue 13 >> Could you please post the nprobe and ntopng config file (in /etc/ntopng >> and /etc/nprobe) >> Yuri >> >> Sent from my iPhone >> >> Il giorno 31/mag/2015, alle ore 16:10, Matt Thompson < >> [email protected]> ha scritto: >> >> Hi Yuri, >> >> I am starting and stopping it within the GUI. It all starts up OK, but it >> only reports traffic directed at the server itself (my client connecting) >> and broadcast traffic on its subnet. >> >> >> Regards, >> >> Matt >> >> On 30 May 2015 at 11:00, <[email protected]> wrote: >> >>> Send Ntop-misc mailing list submissions to >>> [email protected] >>> >>> To subscribe or unsubscribe via the World Wide Web, visit >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> or, via email, send a message with subject or body 'help' to >>> [email protected] >>> >>> You can reach the person managing the list at >>> [email protected] >>> >>> When replying, please edit your Subject line so it is more specific >>> than "Re: Contents of Ntop-misc digest..." >>> >>> Today's Topics: >>> >>> 1. nProbe configuration (Matt Thompson) >>> 2. Re: nProbe configuration (Yuri Francalacci) >>> >>> >>> ---------- Forwarded message ---------- >>> From: Matt Thompson <[email protected]> >>> To: [email protected] >>> Cc: >>> Date: Fri, 29 May 2015 14:49:05 +0100 >>> Subject: [Ntop-misc] nProbe configuration >>> I'm hoping somebody can help what is probably a simple issue. >>> >>> I have installed the trial licence successfully but am struggling to >>> configure ntop/nprobe to get useful data, despite following the >>> documentation and some related YouTube videos. >>> >>> I have a simple setup: >>> >>> (Firewall 1) >>> >>> <> >>> >>> (Firewall 2) >>> >>> <> >>> >>> (Ntop/nprobe installation server) >>> >>> >>> Firewall 1 is where I have Netflow exporting configured. The server has >>> all the relevant roles installed on the one box. Firewall 2 has all >>> relevant traffic allowed through it, but a packet capture on there shows >>> the server is sending udp port 2055 unreachable ICMP messages back to >>> firewall 1. >>> >>> I use the GUI to configure so should I be using the Eth0 or Proxy setup >>> and what settings should I be tweaking? I can only see traffic destined for >>> the server or broadcast traffic on that subnet. >>> >>> >>> TIA >>> >>> Matt >>> >>
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
