I had no luck getting this working either- with nprobe and ntop on the same system, or on different hosts. I saw no traffic between the probe and ntop in either direction.
I also had significant issues with ntopng monitoring an interface directly- even with <1Gb on an intel 10Gb interface with DNA. Ntopng would report dropping packets, which would increase along with CPU utilization over the course of 24-48 hours. I ended up deploying nprobes with DNA exporting their flows to ntop5- which results in no packets dropped and CPU utilization of the probes and ntop5 host of <5%. I may redeploy ntopng on a host that can monitor traffic directly, I'd like to help run down the issues I was seeing. I would really like to get ntopng working with flows exported by nprobe as well- hopefully we are both just missing something. --D On Fri, Jul 19, 2013 at 9:34 AM, Martin Brault <[email protected]> wrote: > Hello, > > I am familiar with ntop and have been successfully using it for Cisco flow > exports. I want to have a look at ntopng, however I have not been able to > get it to show any flow information. I know the nprobe, started with > "nprobe -zmq "tcp://*:5556" --collector-port 4444", works, since; > > > > 19/Jul/2013 12:30:08 [collect.c:156] Flow collector listening on port 4444 > (IPv4/v6) > 19/Jul/2013 12:30:12 [export.c:297] ERROR: ******************************* > *********************************************** > 19/Jul/2013 12:30:12 [export.c:298] ERROR: * NOTE: You have reached the > max demo 25000 flows export: no more exports * > 19/Jul/2013 12:30:12 [export.c:300] ERROR: * NOTE: no additional flows > will be exported by this nProbe instance * > 19/Jul/2013 12:30:12 [export.c:301] ERROR: ******************************* > *********************************************** > 19/Jul/2013 12:33:35 [nprobe.c:377] Received shutdown request... > 19/Jul/2013 12:33:36 [engine.c:2459] About to flush hash (threadId 0) > 19/Jul/2013 12:33:36 [engine.c:2461] Completed hash walk (thread 0) > 19/Jul/2013 12:33:37 [nprobe.c:2006] Processed packets: 0 (max bucket > search: 3) > 19/Jul/2013 12:33:37 [nprobe.c:1989] Fragment queue length: 0 > 19/Jul/2013 12:33:37 [nprobe.c:2015] Flow export stats: [307858895 > bytes/500576 pkts][25001 flows/953 pkts sent] > 19/Jul/2013 12:33:37 [nprobe.c:2022] Flow collection: [collected pkts: > 4712][processed flows: 134284] > 19/Jul/2013 12:33:37 [nprobe.c:2025] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 19/Jul/2013 12:33:37 [nprobe.c:2030] Total flow stats: [307858895 > bytes/500576 pkts][25001 flows/953 pkts sent] > > > so clearly nprobe is getting the flow information. > > However, starting ntopng as indicated on the webpage: > > ntopng -i "tcp://127.0.0.1:5556" -v > > I never see any info whatsoever in the :3000 webpage. I have redis > running. > > What am I missing? > > Thanks in advance, > > M. > > ______________________________**_________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/**mailman/listinfo/ntop<http://listgateway.unipi.it/mailman/listinfo/ntop> > -- Darren Bolding [email protected] http://www.linkedin.com/in/darrenbolding
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
