Re: [Ntop] ntopng as flow collector through nProbe operation issue

Fri, 30 Aug 2013 06:11:13 -0700 

Hi Remah,
sorry for the delay.
Recently we have made some fixed to the integration ZMQ/ntopng/nProbe. What you experience here is probably a bug we have already fixed as the command line you are using looks good to me. 


I encourage you to reinstall both nProbe and ntopng using the latest 
version, and if the problem is still there I will try to reproduce it


Regards Luca

On 08/28/2013 03:25 AM, Katat, Remah (NSN - EG/Cairo) wrote:

Hi all,

Im running nprobe/ntopng on ubuntu server as im trying to configure 
ntopng as flow collector through zeroMQ connection.
Seems im not receiving any ipv4 flows (as well for some reason I 
cannot login to http web interface, but this could be due to separate 
issue?)
Im attaching here sample of my practice log, maybe someone with  
similar experience can support on this.

Cheers & Thanks,
Remah
/ntopng console:/

@ubuntuDB:/usr/local/share/ntopng/scripts/lua/modules$ ntopng -w 3000 
-d /var/tmp/remah_nprobe -G /var/run/ntopng.pid -i "tcp://localhost:5556"
28/Aug/2013 07:53:32 [Redis.cpp:54] Succesfully connected to Redis 64 
bit v.2.2.12
28/Aug/2013 07:53:32 [Ntop.cpp:419] Setting local networks to 
192.168.1.0/24
28/Aug/2013 07:53:32 [Ntop.cpp:419] Setting local networks to 
192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32
28/Aug/2013 07:53:32 [Prefs.cpp:525] WARNING: Config file 
/var/tmp/remah_nprobe/ntopng-users.conf not found (it will be created)
28/Aug/2013 07:53:32 [Ntop.cpp:468] Registered interface 
collector@localhost:5556 [id: 0]
28/Aug/2013 07:53:32 [Utils.cpp:194] Privileges are not dropped as 
we're not superuser
28/Aug/2013 07:53:32 [main.cpp:163] ERROR: Unable to store PID in file 
/var/run/ntopng.pid

Error Opening file /usr/local/share/ntopng/httpdocs/geoip/GeoIPASNum.dat

28/Aug/2013 07:53:32 [Geolocation.cpp:59] WARNING: Unable to read 
GeoIP database /usr/local/share/ntopng/httpdocs/geoip/GeoIPASNum.dat

Error Opening file /usr/local/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat

28/Aug/2013 07:53:32 [Geolocation.cpp:59] WARNING: Unable to read 
GeoIP database /usr/local/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat

Error Opening file /usr/local/share/ntopng/httpdocs/geoip/GeoLiteCity.dat

28/Aug/2013 07:53:32 [Geolocation.cpp:59] WARNING: Unable to read 
GeoIP database /usr/local/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
Error Opening file 
/usr/local/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat
28/Aug/2013 07:53:32 [Geolocation.cpp:59] WARNING: Unable to read 
GeoIP database /usr/local/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat
28/Aug/2013 07:53:32 [HTTPserver.cpp:308] HTTP server listening on 
port 3000 
[/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts]

28/Aug/2013 07:53:32 [main.cpp:193] Using RRD version 1.4.7

28/Aug/2013 07:53:32 [main.cpp:202] Working directory: 
/var/tmp/remah_nprobe
28/Aug/2013 07:53:32 [main.cpp:204] Scripts/HTML pages directory: 
/usr/local/share/ntopng
28/Aug/2013 07:53:32 [Ntop.cpp:146] Welcome to ntopng x86_64 v.1.0.1 
($Revision: 6697 $) - (C) 1998-13 ntop.org
28/Aug/2013 07:53:32 [PeriodicActivities.cpp:51] Started periodic 
activities loop...
28/Aug/2013 07:53:32 [NetworkInterface.cpp:506] Started packet polling 
on interface collector@localhost:5556...
28/Aug/2013 07:53:32 [Lua.cpp:1165] Starting ZMQ collector on 
collector@localhost:5556
28/Aug/2013 07:53:32 [Lua.cpp:1165] ZMQ Collector connected to 
tcp://localhost:5556

^C28/Aug/2013 07:54:16 [main.cpp:37] Shutting down...
28/Aug/2013 07:54:18 [Ntop.cpp:492] Interface collector@localhost:5556
28/Aug/2013 07:54:18 [ProtoStats.cpp:35] [IPv4]  0 B/0.00 Packets
28/Aug/2013 07:54:18 [ProtoStats.cpp:35] [IPv6]  0 B/0.00 Packets
28/Aug/2013 07:54:18 [ProtoStats.cpp:35] [ARP]   0 B/0.00 Packets
28/Aug/2013 07:54:18 [ProtoStats.cpp:35] [MPLS]  0 B/0.00 Packets
28/Aug/2013 07:54:18 [ProtoStats.cpp:35] [Other] 6.75 KB/29.00 Packets

28/Aug/2013 07:54:19 [Lua.cpp:1361] WARNING: Script failure 
[/usr/local/share/ntopng/scripts/callbacks/nprobe-collector.lua][(null)]
28/Aug/2013 07:54:19 [main.cpp:55] Deleted PID /var/run/ntopng.pid 
[rc: -1]
28/Aug/2013 07:54:19 [NetworkInterface.cpp:135] Interface 
collector@localhost:5556 shutdown

28/Aug/2013 07:54:19 [HTTPserver.cpp:319] HTTP server terminated

28/Aug/2013 07:54:19 [AddressResolution.cpp:185] Address resolution 
stats [2 resolved][1 failures]

remah-katat@ubuntuDB:/usr/local/share/ntopng/scripts/lua/modules$
/nprobe console:/

@ubuntuDB:/var/tmp/remah_nprobe$ sudo nprobe -n 127.0.0.1:2055 -i eth0 
-g /var/run/nprobe-none.pid --zmq "tcp://*:5556" -b 1 
--http-dump-dir/var/tmp/remah_nprobe

28/Aug/2013 07:53:39 [nprobe.c:5486] Valid nProbe license found
28/Aug/2013 07:53:39 [plugin.c:157] No plugins found in ./plugins

28/Aug/2013 07:53:39 [plugin.c:164] Loading plugins [.so] from 
/usr/local/lib/nprobe/plugins
28/Aug/2013 07:53:39 [nprobe.c:3471] Succesfully created zmq endpoint 
tcp://*:5556
28/Aug/2013 07:53:39 [nprobe.c:3630] WARNING: The output interfaceId 
is set to 0: did you forget to use -Q perhaps ?
28/Aug/2013 07:53:39 [nprobe.c:3633] WARNING: The input interfaceId is 
set to 0: did you forget to use -u perhaps ?
28/Aug/2013 07:53:39 [nprobe.c:3685] Welcome to nprobe v.6.14.130827 
($Revision: 3605 $) for x86_64-unknown-linux-gnu with native PF_RING 
acceleration

28/Aug/2013 07:53:39 [nprobe.c:3713] Tracing enabled

28/Aug/2013 07:53:39 [httpPlugin.c:413] HTTP log files will be saved 
in /var/tmp/remah_nprobe
28/Aug/2013 07:53:39 [httpPlugin.c:462] HTTP log files will be dumped 
each 60 seconds or each 10000 lines

28/Aug/2013 07:53:39 [httpPlugin.c:469] Initialized HTTP plugin

28/Aug/2013 07:53:39 [plugin.c:221] 16 plugin(s) loaded [16 delete][15 
packet].
28/Aug/2013 07:53:39 [nprobe.c:5522] Welcome to nprobe v.6.14.130827 
for x86_64-unknown-linux-gnu
28/Aug/2013 07:53:39 [util.c:305] GeoIP: loaded AS config file 
/usr/local/nprobe/GeoIPASNum.dat
28/Aug/2013 07:53:39 [util.c:314] GeoIP: loaded AS IPv6 config file 
/usr/local/nprobe/GeoIPASNumv6.dat

28/Aug/2013 07:53:39 [nprobe.c:4202] Using packet capture length 1600

28/Aug/2013 07:53:39 [pro/pf_ring.c:313] Successfully open PF_RING 
v.5.6.0 on device eth0 [snaplen=1600]
28/Aug/2013 07:53:39 [pro/pf_ring.c:322] Using PF_RING in-kernel 
accelerated packet parsing
28/Aug/2013 07:53:39 [pro/pf_ring.c:326] Dumping traffic statistics on 
/proc/net/pf_ring/stats/506-eth0.130

28/Aug/2013 07:53:39 [nprobe.c:5702] The flows hash has 131072 buckets

28/Aug/2013 07:53:39 [nprobe.c:5704] Flows older than 120 seconds will 
be exported
28/Aug/2013 07:53:39 [nprobe.c:5707] Flows inactive for at least 30 
seconds will be exported
28/Aug/2013 07:53:39 [nprobe.c:5710] Expired flows will not be queued 
for more than 30 seconds
28/Aug/2013 07:53:39 [nprobe.c:5717] Exported flows with engineType 0 
and engineId 115

28/Aug/2013 07:53:39 [nprobe.c:5739] TCP TOS will be ignored and set to 0.

28/Aug/2013 07:53:39 [nprobe.c:5757] After 1 flow packets are sent, 
we'll delay at least 1 ms
28/Aug/2013 07:53:39 [nprobe.c:5777] Flows will be emitted in NetFlow 
5 format
28/Aug/2013 07:53:39 [nprobe.c:5798] Flow input interface index is set 
to 0
28/Aug/2013 07:53:39 [nprobe.c:5804] Flow output interface index is 
set to 0
28/Aug/2013 07:53:39 [nprobe.c:5820] Capturing packets from interface 
eth0 [snaplen: 1600 bytes]

28/Aug/2013 07:53:39 [util.c:2639] nProbe changed user to 'nobody'
28/Aug/2013 07:53:39 [plugin.c:711] Enabling plugin HTTP Protocol
28/Aug/2013 07:53:39 [nprobe.c:5925] Starting 1 packet fetch thread(s)
28/Aug/2013 07:53:39 [engine.c:2964] Starting bucket dequeue thread

28/Aug/2013 07:53:39 [pro/pf_ring.c:163] [PF_RING] Reading packets in 
1 copy mode

28/Aug/2013 07:54:10 [nprobe.c:2141] ---------------------------------

28/Aug/2013 07:54:10 [nprobe.c:2142] Average traffic: [24.00 
pps][35.54 Kb/sec]
28/Aug/2013 07:54:10 [nprobe.c:2149] Current traffic: [24.00 
pps][34.96 Kb/sec]
28/Aug/2013 07:54:10 [nprobe.c:2155] Current flow export rate: [0.1 
flows/sec]
28/Aug/2013 07:54:10 [nprobe.c:2158] Flow drops: [export queue too 
long=0][too many flows=0]

28/Aug/2013 07:54:10 [nprobe.c:2162] Export Queue: 0/512000 [0.0 %]

28/Aug/2013 07:54:10 [nprobe.c:2167] Flow Buckets: 
[active=46][allocated=46][toBeExported=0]
28/Aug/2013 07:54:10 [cache.c:801] Redis Cache [0 total/0.0 get/sec][0 
total/0.0 set/sec]
28/Aug/2013 07:54:10 [nprobe.c:2009] Processed packets: 768 (max 
bucket search: 0)

28/Aug/2013 07:54:10 [nprobe.c:1992] Fragment queue length: 0

28/Aug/2013 07:54:10 [nprobe.c:2018] Flow export stats: [5918 bytes/16 
pkts][3 flows/0 pkts sent]
28/Aug/2013 07:54:10 [nprobe.c:2028] Flow drop stats: [0 bytes/0 
pkts][0 flows]
28/Aug/2013 07:54:10 [nprobe.c:2033] Total flow stats:  [5918 bytes/16 
pkts][3 flows/0 pkts sent]
28/Aug/2013 07:54:10 [pro/pf_ring.c:86] PF_RING stats (Average): 768/0 
[0.0 %] pkts rcvd/dropped
28/Aug/2013 07:54:10 [pro/pf_ring.c:97] PF_RING stats (Current): 739/0 
[0.0 %] pkts rcvd/dropped
28/Aug/2013 07:54:11 [export.c:427] [ZMQ] 
{8:"10.82.161.172",12:"224.0.0.252",15:"0.0.0.0",10:0,14:0,2:2,1:110,22:1377672820,21:1377672820,7:56401,11:5355,6:0,4:17,5:0,16:0,17:0,9:0,13:0}
28/Aug/2013 07:54:12 [export.c:427] [ZMQ] 
{8:"10.82.161.170",12:"224.0.0.252",15:"0.0.0.0",10:0,14:0,2:2,1:110,22:1377672821,21:1377672821,7:56424,11:5355,6:0,4:17,5:0,16:0,17:0,9:0,13:0}
28/Aug/2013 07:54:13 [export.c:427] [ZMQ] 
{8:"10.156.227.3",12:"10.82.161.140",15:"0.0.0.0",10:0,14:0,2:1,1:72,22:1377672822,21:1377672822,7:22,11:55226,6:24,4:6,5:0,16:0,17:0,9:0,13:0}
28/Aug/2013 07:54:13 [export.c:365] WARNING: Unable to export non-IPv4 
flows using NetFlow v5. Dropped.

28/Aug/2013 07:54:22 [nprobe.c:3868] Pending buckets have been exported...

28/Aug/2013 07:54:22 [engine.c:3040] Export thread terminated 
[exportQueue=0]

28/Aug/2013 07:54:22 [nprobe.c:3936] Flushing queued flows...
28/Aug/2013 07:54:22 [nprobe.c:3939] Freeing memory...
28/Aug/2013 07:54:22 [plugin.c:250] Terminating plugins.
28/Aug/2013 07:54:22 [plugin.c:255] Terminating HTTP Protocol
28/Aug/2013 07:54:22 [httpPlugin.c:2134] Terminating http plugin...

28/Aug/2013 07:54:22 [httpPlugin.c:1467] Closed dump and renamed 
/var/tmp/remah_nprobe/2013/08/28/07/http_eth0_1377672861_0_506.txt.tmp 
-> /var/tmp/remah_nprobe/2013/08/28/07/http_eth0_1377672861_0_506.txt
28/Aug/2013 07:54:22 [cache.c:801] Redis Cache [0 total/0.0 get/sec][0 
total/0.0 set/sec]

28/Aug/2013 07:54:22 [nprobe.c:4029] Still allocated 0 hash buckets

28/Aug/2013 07:54:22 [nprobe.c:2009] Processed packets: 982 (max 
bucket search: 1)

28/Aug/2013 07:54:22 [nprobe.c:1992] Fragment queue length: 0

28/Aug/2013 07:54:22 [nprobe.c:2018] Flow export stats: [120195 
bytes/903 pkts][64 flows/3 pkts sent]
28/Aug/2013 07:54:22 [nprobe.c:2028] Flow drop stats:   [0 bytes/0 
pkts][0 flows]
28/Aug/2013 07:54:22 [nprobe.c:2033] Total flow stats:  [120195 
bytes/903 pkts][64 flows/3 pkts sent]

28/Aug/2013 07:54:22 [nprobe.c:4038] Cleaning globals
28/Aug/2013 07:54:22 [nprobe.c:4059] nProbe terminated.
-------------------------------------------------------------------------


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop



_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop






















					Reply via email to