Darren are you trying to use nProbe as collector for flows and probe for ntopng? How do you see flow drops ion ntopng? I would like to reproduce your problem and fix it
Regards Luca On Jul 19, 2013, at 8:05 PM, Darren Bolding <[email protected]> wrote: > I had no luck getting this working either- with nprobe and ntop on the same > system, or on different hosts. I saw no traffic between the probe and ntop > in either direction. > > I also had significant issues with ntopng monitoring an interface directly- > even with <1Gb on an intel 10Gb interface with DNA. Ntopng would report > dropping packets, which would increase along with CPU utilization over the > course of 24-48 hours. I ended up deploying nprobes with DNA exporting their > flows to ntop5- which results in no packets dropped and CPU utilization of > the probes and ntop5 host of <5%. > > I may redeploy ntopng on a host that can monitor traffic directly, I'd like > to help run down the issues I was seeing. I would really like to get ntopng > working with flows exported by nprobe as well- hopefully we are both just > missing something. > > --D > > > On Fri, Jul 19, 2013 at 9:34 AM, Martin Brault <[email protected]> wrote: > Hello, > > I am familiar with ntop and have been successfully using it for Cisco flow > exports. I want to have a look at ntopng, however I have not been able to > get it to show any flow information. I know the nprobe, started with "nprobe > -zmq "tcp://*:5556" --collector-port 4444", works, since; > > > > 19/Jul/2013 12:30:08 [collect.c:156] Flow collector listening on port 4444 > (IPv4/v6) > 19/Jul/2013 12:30:12 [export.c:297] ERROR: > ************************************************************************** > 19/Jul/2013 12:30:12 [export.c:298] ERROR: * NOTE: You have reached the max > demo 25000 flows export: no more exports * > 19/Jul/2013 12:30:12 [export.c:300] ERROR: * NOTE: no additional flows will > be exported by this nProbe instance * > 19/Jul/2013 12:30:12 [export.c:301] ERROR: > ************************************************************************** > 19/Jul/2013 12:33:35 [nprobe.c:377] Received shutdown request... > 19/Jul/2013 12:33:36 [engine.c:2459] About to flush hash (threadId 0) > 19/Jul/2013 12:33:36 [engine.c:2461] Completed hash walk (thread 0) > 19/Jul/2013 12:33:37 [nprobe.c:2006] Processed packets: 0 (max bucket search: > 3) > 19/Jul/2013 12:33:37 [nprobe.c:1989] Fragment queue length: 0 > 19/Jul/2013 12:33:37 [nprobe.c:2015] Flow export stats: [307858895 > bytes/500576 pkts][25001 flows/953 pkts sent] > 19/Jul/2013 12:33:37 [nprobe.c:2022] Flow collection: [collected pkts: > 4712][processed flows: 134284] > 19/Jul/2013 12:33:37 [nprobe.c:2025] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 19/Jul/2013 12:33:37 [nprobe.c:2030] Total flow stats: [307858895 > bytes/500576 pkts][25001 flows/953 pkts sent] > > > so clearly nprobe is getting the flow information. > > However, starting ntopng as indicated on the webpage: > > ntopng -i "tcp://127.0.0.1:5556" -v > > I never see any info whatsoever in the :3000 webpage. I have redis running. > > What am I missing? > > Thanks in advance, > > M. > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > -- > Darren Bolding > [email protected] > http://www.linkedin.com/in/darrenbolding > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
