> > > Thanks all, > I am now receiving useful Netflow data in the dashboard.
Cheers, Matt > ---------- Forwarded message ---------- > From: Francalacci Yuri <[email protected]> > To: "[email protected]" <[email protected]> > Cc: > Date: Wed, 3 Jun 2015 15:43:49 +0100 > Subject: Re: [Ntop-misc] Ntop-misc Digest, Vol 132, Issue 2 > In the nprobe config you have posted you do not have the zmq endpoint > configured. > Yuri > > Sent from my iPhone > > Il giorno 03/giu/2015, alle ore 10:04, Matt Thompson < > [email protected]> ha scritto: > > Thanks Luca, > > I have removed all nProbe config, updated the application to the latest > version (recently released) and tried to set up again. From the GUI, I am > still unclear whether to use Eth0 or Proxy mode. Currently, with proxy > mode, I have the following config files: > > -n=3 > -m="10.20.70.0/24" > -G=/var/tmp/ntopng.pid > -i=tcp://127.0.0.1:5556 > > -n=none > -i=none > --json-labels > -t=60 > -d=60 > -a=0 > -e=1 > -B=10 > -w=128000 > -z=0 > -S=1:1 > -E=0:0 > -g=/var/run/nprobe-none.pid > -3=2055 > --vlanid-as-iface-idx=none > -V=5 > --dump-stats=/var/log/nprobe/none-0_flows_stats.txt > > > but it still isn't working i.e. dashboard only shows traffic destined for > the Eth0 interface (unicasts and broadcasts), nothing from traffic > traversing the firewall sending the Netflow traffic. > > > Regards, > > Matt > > >> >> ---------- Forwarded message ---------- >> From: Luca Deri <[email protected]> >> To: [email protected] >> Cc: >> Date: Tue, 2 Jun 2015 14:07:15 +0200 >> Subject: Re: [Ntop-misc] nProbe configuration issues >> Matt >> you have >> >> -n=udp://127.0.0.1:2055 >> >> -3=2055 >> >> >> this means that (-3) you want to collect flows on port 2055 and (-n) >> export flows to localhost port 2055. nProbe detects that and disables this. >> >> If your intention is to collect flows on port 2055 and let ntopng attach >> to it, do -n=none and it should work. >> >> Regards Luca >> >> >> On 02 Jun 2015, at 12:50, Matt Thompson <[email protected]> wrote: >> >> Hi Yuri, >>> >> >> the ntopng and nprobe config files are below, respectively: >> >> >> -n=3 >> -m="10.20.70.0/24" >> -G=/var/tmp/ntopng.pid >> -i=tcp://127.0.0.1:5556 >> >> >> >> -n=udp://127.0.0.1:2055 >> -i=none >> -t=60 >> -d=60 >> -a=0 >> -e=1 >> -B=10 >> -w=128000 >> -z=0 >> -S=1:1 >> -E=0:0 >> -m=15 >> -g=/var/run/nprobe-none.pid >> -3=2055 >> --zmq=tcp://*:5556 >> --vlanid-as-iface-idx=none >> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT >> %IPV4_SRC_ADDR >> %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP %LAST_SWITCHED >> %FIRST_SWI >> TCHED >> -V=9 >> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt >> >> >> I have also tried changing the various IPs to the Eth0 address with no >> change. >> >> >> Regards, >> >> Matt >> >> >> >> >> ---------- Forwarded message ---------- >>> From: Francalacci Yuri <[email protected]> >>> To: "[email protected]" <[email protected]> >>> Cc: >>> Date: Sun, 31 May 2015 17:15:01 +0200 >>> Subject: Re: [Ntop-misc] Ntop-misc Digest, Vol 131, Issue 13 >>> Could you please post the nprobe and ntopng config file (in /etc/ntopng >>> and /etc/nprobe) >>> Yuri >>> >>> Sent from my iPhone >>> >>> Il giorno 31/mag/2015, alle ore 16:10, Matt Thompson < >>> [email protected]> ha scritto: >>> >>> Hi Yuri, >>> >>> I am starting and stopping it within the GUI. It all starts up OK, but >>> it only reports traffic directed at the server itself (my client >>> connecting) and broadcast traffic on its subnet. >>> >>> >>> Regards, >>> >>> Matt >>> >>> On 30 May 2015 at 11:00, <[email protected]> wrote: >>> >>>> Send Ntop-misc mailing list submissions to >>>> [email protected] >>>> >>>> To subscribe or unsubscribe via the World Wide Web, visit >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> or, via email, send a message with subject or body 'help' to >>>> [email protected] >>>> >>>> You can reach the person managing the list at >>>> [email protected] >>>> >>>> When replying, please edit your Subject line so it is more specific >>>> than "Re: Contents of Ntop-misc digest..." >>>> >>>> Today's Topics: >>>> >>>> 1. nProbe configuration (Matt Thompson) >>>> 2. Re: nProbe configuration (Yuri Francalacci) >>>> >>>> >>>> ---------- Forwarded message ---------- >>>> From: Matt Thompson <[email protected]> >>>> To: [email protected] >>>> Cc: >>>> Date: Fri, 29 May 2015 14:49:05 +0100 >>>> Subject: [Ntop-misc] nProbe configuration >>>> I'm hoping somebody can help what is probably a simple issue. >>>> >>>> I have installed the trial licence successfully but am struggling to >>>> configure ntop/nprobe to get useful data, despite following the >>>> documentation and some related YouTube videos. >>>> >>>> I have a simple setup: >>>> >>>> (Firewall 1) >>>> >>>> <> >>>> >>>> (Firewall 2) >>>> >>>> <> >>>> >>>> (Ntop/nprobe installation server) >>>> >>>> >>>> Firewall 1 is where I have Netflow exporting configured. The server has >>>> all the relevant roles installed on the one box. Firewall 2 has all >>>> relevant traffic allowed through it, but a packet capture on there shows >>>> the server is sending udp port 2055 unreachable ICMP messages back to >>>> firewall 1. >>>> >>>> I use the GUI to configure so should I be using the Eth0 or Proxy setup >>>> and what settings should I be tweaking? I can only see traffic destined for >>>> the server or broadcast traffic on that subnet. >>>> >>>> >>>> TIA >>>> >>>> Matt >>>> >>> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
