In the nprobe config you have posted you do not have the zmq endpoint configured. Yuri
Sent from my iPhone > Il giorno 03/giu/2015, alle ore 10:04, Matt Thompson <[email protected]> > ha scritto: > > Thanks Luca, > > I have removed all nProbe config, updated the application to the latest > version (recently released) and tried to set up again. From the GUI, I am > still unclear whether to use Eth0 or Proxy mode. Currently, with proxy mode, > I have the following config files: > > -n=3 > -m="10.20.70.0/24" > -G=/var/tmp/ntopng.pid > -i=tcp://127.0.0.1:5556 > > -n=none > -i=none > --json-labels > -t=60 > -d=60 > -a=0 > -e=1 > -B=10 > -w=128000 > -z=0 > -S=1:1 > -E=0:0 > -g=/var/run/nprobe-none.pid > -3=2055 > --vlanid-as-iface-idx=none > -V=5 > --dump-stats=/var/log/nprobe/none-0_flows_stats.txt > > > but it still isn't working i.e. dashboard only shows traffic destined for the > Eth0 interface (unicasts and broadcasts), nothing from traffic traversing the > firewall sending the Netflow traffic. > > > Regards, > > Matt > >> >> ---------- Forwarded message ---------- >> From: Luca Deri <[email protected]> >> To: [email protected] >> Cc: >> Date: Tue, 2 Jun 2015 14:07:15 +0200 >> Subject: Re: [Ntop-misc] nProbe configuration issues >> Matt >> you have >>> -n=udp://127.0.0.1:2055 >>> -3=2055 >> >> this means that (-3) you want to collect flows on port 2055 and (-n) export >> flows to localhost port 2055. nProbe detects that and disables this. >> >> If your intention is to collect flows on port 2055 and let ntopng attach to >> it, do -n=none and it should work. >> >> Regards Luca >> >> >>>> On 02 Jun 2015, at 12:50, Matt Thompson <[email protected]> wrote: >>>> >>>> Hi Yuri, >>> >>> the ntopng and nprobe config files are below, respectively: >>> >>> >>> -n=3 >>> -m="10.20.70.0/24" >>> -G=/var/tmp/ntopng.pid >>> -i=tcp://127.0.0.1:5556 >>> >>> >>> >>> -n=udp://127.0.0.1:2055 >>> -i=none >>> -t=60 >>> -d=60 >>> -a=0 >>> -e=1 >>> -B=10 >>> -w=128000 >>> -z=0 >>> -S=1:1 >>> -E=0:0 >>> -m=15 >>> -g=/var/run/nprobe-none.pid >>> -3=2055 >>> --zmq=tcp://*:5556 >>> --vlanid-as-iface-idx=none >>> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT >>> %IPV4_SRC_ADDR >>> %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP %LAST_SWITCHED >>> %FIRST_SWI >>> TCHED >>> -V=9 >>> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt >>> >>> >>> I have also tried changing the various IPs to the Eth0 address with no >>> change. >>> >>> >>> Regards, >>> >>> Matt >>> >>> >>> >>> >>>> ---------- Forwarded message ---------- >>>> From: Francalacci Yuri <[email protected]> >>>> To: "[email protected]" <[email protected]> >>>> Cc: >>>> Date: Sun, 31 May 2015 17:15:01 +0200 >>>> Subject: Re: [Ntop-misc] Ntop-misc Digest, Vol 131, Issue 13 >>>> Could you please post the nprobe and ntopng config file (in /etc/ntopng >>>> and /etc/nprobe) >>>> Yuri >>>> >>>> Sent from my iPhone >>>> >>>>> Il giorno 31/mag/2015, alle ore 16:10, Matt Thompson >>>>> <[email protected]> ha scritto: >>>>> >>>>> Hi Yuri, >>>>> >>>>> I am starting and stopping it within the GUI. It all starts up OK, but it >>>>> only reports traffic directed at the server itself (my client connecting) >>>>> and broadcast traffic on its subnet. >>>>> >>>>> >>>>> Regards, >>>>> >>>>> Matt >>>>> >>>>>> On 30 May 2015 at 11:00, <[email protected]> wrote: >>>>>> Send Ntop-misc mailing list submissions to >>>>>> [email protected] >>>>>> >>>>>> To subscribe or unsubscribe via the World Wide Web, visit >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>> or, via email, send a message with subject or body 'help' to >>>>>> [email protected] >>>>>> >>>>>> You can reach the person managing the list at >>>>>> [email protected] >>>>>> >>>>>> When replying, please edit your Subject line so it is more specific >>>>>> than "Re: Contents of Ntop-misc digest..." >>>>>> >>>>>> Today's Topics: >>>>>> >>>>>> 1. nProbe configuration (Matt Thompson) >>>>>> 2. Re: nProbe configuration (Yuri Francalacci) >>>>>> >>>>>> >>>>>> ---------- Forwarded message ---------- >>>>>> From: Matt Thompson <[email protected]> >>>>>> To: [email protected] >>>>>> Cc: >>>>>> Date: Fri, 29 May 2015 14:49:05 +0100 >>>>>> Subject: [Ntop-misc] nProbe configuration >>>>>> I'm hoping somebody can help what is probably a simple issue. >>>>>> >>>>>> I have installed the trial licence successfully but am struggling to >>>>>> configure ntop/nprobe to get useful data, despite following the >>>>>> documentation and some related YouTube videos. >>>>>> >>>>>> I have a simple setup: >>>>>> >>>>>> (Firewall 1) >>>>>> >>>>>> <> >>>>>> >>>>>> (Firewall 2) >>>>>> >>>>>> <> >>>>>> >>>>>> (Ntop/nprobe installation server) >>>>>> >>>>>> >>>>>> Firewall 1 is where I have Netflow exporting configured. The server has >>>>>> all the relevant roles installed on the one box. Firewall 2 has all >>>>>> relevant traffic allowed through it, but a packet capture on there shows >>>>>> the server is sending udp port 2055 unreachable ICMP messages back to >>>>>> firewall 1. >>>>>> >>>>>> I use the GUI to configure so should I be using the Eth0 or Proxy setup >>>>>> and what settings should I be tweaking? I can only see traffic destined >>>>>> for the server or broadcast traffic on that subnet. >>>>>> >>>>>> >>>>>> TIA >>>>>> >>>>>> Matt > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
