Hi, I'm trying to perform HTTP Logging on mirrored GTP traffic, but only a minimal amount of entries are exported. I'm using the HTTP plugin successfully on the same machine with non-GTP traffic.
I've done some analysis and I can't figure out why so few, or no, log entries are exported, when there clearly is more HTTP traffic there. I've done traces to confirm this. A 4MB tcpdump trace shows almost 6000 packets on port 80, to and from various ip addresses. The output from nprobe with -b show only 23 'Emitting Flow' lines, where destination is port 80 or 8080, like this one: 25/Feb/2011 15:46:04 [engine.c:1332] Emitting Flow: [->][tcp] 10.120.3.224:58172 -> xx.129.226.20:80 [7 pkt/1062 bytes][ifIdx 0->0][1.3 sec] [TunnelId 1298026309] But in this period NO entry was written in the http_igb1_timestamp.txt file. This is how I started the process: /usr/local/bin/nprobe -n none -i igb1 --tunnel --http-dump-dir /data/HTTP -b 2 nProbe version: nprobe_6.1.6_013011_proplugins OS: FreeBSD 8.1 (i386) What can be the issue here? I've had this running for a few hours and occasionally some URLs are exported. Regards, Dánial _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
