Hi, So I'm not sure. Are my configs wrong or missing something, or am I limited by the non-pro version?
Or did I do everything right, but maybe I'm not getting the right or
sufficient data from my routers?
Thanks,
Frank
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Frank Mogaddedi
Sent: Monday, July 13, 2015 16:30
To: [email protected]
Subject: Re: [Ntop-misc] nprobe, ntopng, multiple switches/ports, sflow
Luca,
thank you for trying to help me, but I think I really don't know what I'm
doing - I don't seem to be able to get this to work.
Here's my ntopng.conf:
-G=/var/tmp/ntopng.pid
-i=tcp://127.0.0.1:5556
Here's my nprobe.conf
--zmq=tcp://127.0.0.1:5556
-i=none
-n=none
--collector-port=6343
-b=2
-g=/var/run/nprobe-none.pid
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP
%IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT
%TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV4_DST_MASK
%EXPORTER_IPV4_ADDRESS"
I've also tried to just have a shorter "-T" option:
-T="%EXPORTER_IPV4_ADDRESS"
Both nprobe and ntopng run on the same CentOS 6 x64 machine. The routers
(Extreme Networks X480) send their sflow data to that machine (they could do
netflow or IPFIX as well). And I'm currently using the free/non-pro version
of ntopng and nProbe as I'm trying to evaluate my options.
Thank you for your help!
Frank
________________________________
From: [email protected]
[[email protected]] on behalf of Luca Deri
[[email protected]]
Sent: Sunday, July 12, 2015 5:07 PM
To: [email protected]
Subject: Re: [Ntop-misc] nprobe, ntopng, multiple switches/ports, sflow
Frank,
you need to add
[130] %EXPORTER_IPV4_ADDRESS %exporterIPv4Address Exporter IPv4
Address
[131] %EXPORTER_IPV6_ADDRESS %exporterIPv6Address Exporter IPv6
Address
In the template (-T) of nProbe
Luca
On 10 Jul 2015, at 16:15, Frank Mogaddedi
<[email protected]<mailto:[email protected]>> wrote:
Hello,
I'm sorry if I missed something obvious, but I have searched and didn't find
a solution. I have multiple switches/routers that can send sflow information
to ntopng (on Centos)
>From what I understand, I have to run nprobe on the Linux server. Ntopng
runs on the same box.
Yes, I can see flows in ntopng's web-ui, but all I see is that it's on the
"tcp://127.0.0.1:5556<UrlBlockedError.aspx>" interface. I really need a way
to preserve the original information from the sending switch/router.
Either switch-IP & port or switch-IP and VLAN or something. I don't care as
much *where* all my traffic goes to or comes from, what I care much more
about is what path the traffic takes.
I have seen references that something like that might be possible, that
nprobe might be able to spoof the switch IP or something, but I haven't seen
one configuration example :(
If someone could help me out, that'd be great!
Thanks!
Frank
_______________________________________________
Ntop-misc mailing list
[email protected]<mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
