Hello Can anyone gave me an idea or a method to show if ntopng receive or not flow send by nprobe ?
Le 7 janv. 2014 à 14:40, Marc Boisis <[email protected]> a écrit : > Hello, > > I want to show in ntop my flows emitted by an openbsd router with PF packet > filter. > > Ntopng and probe are installed on SLES server. > > Nprobe is launched like this : > nprobe --zmq tcp://127.0.0.1:5556 -i none -n none --collector-port 2055 -V 9 > -b 2 > > 07/Jan/2014 14:27:43 [plugin.c:161] No plugins found in ./plugins > 07/Jan/2014 14:27:43 [plugin.c:161] No plugins found in > /usr/local/lib/nprobe/plugins > 07/Jan/2014 14:27:43 [plugin.c:165] WARNING: Unable to find plugins > directory. nProbe will work without plugins! > 07/Jan/2014 14:27:43 [nprobe.c:3624] Succesfully created ZMQ endpoint > tcp://127.0.0.1:5556 > 07/Jan/2014 14:27:43 [nprobe.c:3787] WARNING: The output interfaceId is set > to 0: did you forget to use -Q perhaps ? > 07/Jan/2014 14:27:43 [nprobe.c:3790] WARNING: The input interfaceId is set to > 0: did you forget to use -u perhaps ? > 07/Jan/2014 14:27:43 [nprobe.c:3794] WARNING: You have specified --zmq and > not specified -n. > 07/Jan/2014 14:27:43 [nprobe.c:3795] WARNING: We believe you want to use just > ZMQ and no netflow export > 07/Jan/2014 14:27:43 [nprobe.c:3796] WARNING: Setting flow export to -n none > 07/Jan/2014 14:27:43 [nprobe.c:3850] Welcome to nprobe v.6.15.140103 > ($Revision: 3788 $) for x86_64-suse-linux-gnu > 07/Jan/2014 14:27:43 [nprobe.c:3878] Tracing enabled > 07/Jan/2014 14:27:43 [plugin.c:225] 0 plugin(s) loaded [0 delete][0 packet]. > 07/Jan/2014 14:27:43 [nprobe.c:5725] Welcome to nprobe v.6.15.140103 for > x86_64-suse-linux-gnu > 07/Jan/2014 14:27:43 [nprobe.c:4963] Compiling flow templates... > 07/Jan/2014 14:27:43 [nprobe.c:4993] WARNING: You selected v9/IPFIX without > specifying a template (-T). > 07/Jan/2014 14:27:43 [nprobe.c:4994] WARNING: The default template will be > used > 07/Jan/2014 14:27:43 [nprobe.c:4999] Using NetFlow Packet Payload Len: 1472 > 07/Jan/2014 14:27:43 [plugin.c:872] 0 plugin(s) enabled > 07/Jan/2014 14:27:43 [nprobe.c:5300] Scanning flow template… > … > 07/Jan/2014 14:27:43 [nprobe.c:5340] Scanning option template... > 07/Jan/2014 14:27:43 [nprobe.c:5346] Found TOTAL_FLOWS_EXP [id 42][4 > bytes][total 4 bytes] > 07/Jan/2014 14:27:43 [nprobe.c:5346] Found TOTAL_PKTS_EXP [id 41][4 > bytes][total 8 bytes] > 07/Jan/2014 14:27:43 [nprobe.c:5374] Each flow is 85 bytes long > 07/Jan/2014 14:27:43 [nprobe.c:5375] The # packets per flow has been set to 16 > 07/Jan/2014 14:27:43 [nprobe.c:4371] Using packet capture length 128 > 07/Jan/2014 14:27:43 [nprobe.c:5905] The flows hash has 131072 buckets > 07/Jan/2014 14:27:43 [nprobe.c:5907] Flows older than 120 seconds will be > exported > 07/Jan/2014 14:27:43 [nprobe.c:5910] Flows inactive for at least 30 seconds > will be exported > 07/Jan/2014 14:27:43 [nprobe.c:5913] Expired flows will not be queued for > more than 30 seconds > 07/Jan/2014 14:27:43 [nprobe.c:5920] Exported flows with engineType 0 and > engineId 207 > 07/Jan/2014 14:27:43 [nprobe.c:5942] TCP TOS will be ignored and set to 0. > 07/Jan/2014 14:27:43 [nprobe.c:5947] Flows ASs will not be computed (missing > GeoIP support) > 07/Jan/2014 14:27:43 [nprobe.c:5960] After 1 flow packets are sent, we'll > delay at least 1 ms > 07/Jan/2014 14:27:43 [nprobe.c:5980] Flows will be emitted in NetFlow 9 format > 07/Jan/2014 14:27:43 [nprobe.c:6010] Flow input interface index is set to 0 > 07/Jan/2014 14:27:43 [nprobe.c:6016] Flow output interface index is set to 0 > 07/Jan/2014 14:27:43 [nprobe.c:6030] Not capturing packet from interface > (collector mode) > 07/Jan/2014 14:27:43 [collect.c:97] Created UDP sockets > 07/Jan/2014 14:27:43 [collect.c:156] Flow collector listening on port 2055 > (IPv4/v6) > 07/Jan/2014 14:27:43 [nprobe.c:6137] Starting 1 packet fetch thread(s) > 07/Jan/2014 14:27:43 [engine.c:2980] Starting bucket dequeue thread > > > and I show this kind of messages which seems good > > 07/Jan/2014 14:27:46 [engine.c:2350] Emitting Flow: [->][tcp] > 10.1.70.30:56189 -> 10.10.31.79:13111 [5 pkt/372 bytes][ifIdx 0->0][duration > 0.0 sec] > 07/Jan/2014 14:27:46 [util.c:3517] [ZMQ] > {"8":"10.10.31.79","12":"10.1.70.30","15":"0.0.0.0","10":0,"14":0,"2":4,"1":238,"22":1389101235,"21":1389101235,"7":13111,"11":56189,"6":0,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42":714} > 07/Jan/2014 14:27:46 [engine.c:2372] Emitting Flow: [<-][tcp] > 10.10.31.79:13111 -> 10.1.70.30:56189 [4 pkt/238 bytes][ifIdx 0->0][0.0 sec] > 07/Jan/2014 14:27:46 [util.c:3517] [ZMQ] > {"8":"10.1.70.30","12":"10.10.31.79","15":"0.0.0.0","10":0,"14":0,"2":5,"1":372,"22":1389101235,"21":1389101235,"7":56188,"11":13111,"6":0,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42":715} > 07/Jan/2014 14:27:46 [engine.c:2350] Emitting Flow: [->][tcp] > 10.1.70.30:56188 -> 10.10.31.79:13111 [5 pkt/372 bytes][ifIdx 0->0][duration > 0.0 sec] > 07/Jan/2014 14:27:46 [util.c:3517] [ZMQ] > {"8":"10.10.31.79","12":"10.1.70.30","15":"0.0.0.0","10":0,"14":0,"2":4,"1":238,"22":1389101235,"21":1389101235,"7":13111,"11":56188,"6":0,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42 > »:7 > > > The socket is listening on port 5556, so i launch ntopng like this : > > ROOT:cacti:/root > ntopng -i tcp://127.0.0.1:5556 -v > 07/Jan/2014 14:37:30 [Ntop.cpp:461] Setting local networks to > 192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8 > 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '192.168.1.0'/'24' > 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '0.0.0.0'/'32' > 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '224.0.0.0'/'8' > 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '239.0.0.0'/'8' > 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '255.255.255.255'/'32' > 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '127.0.0.0'/'8' > 07/Jan/2014 14:37:30 [Ntop.cpp:568] Registered interface > [email protected]:5556 [id: 0] > 07/Jan/2014 14:37:30 [Utils.cpp:235] User changed to nobody > 07/Jan/2014 14:37:30 [main.cpp:147] PID stored in file /var/tmp/ntopng.pid > 07/Jan/2014 14:37:30 [HTTPserver.cpp:342] HTTP server listening on port 3000 > [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] > 07/Jan/2014 14:37:30 [main.cpp:179] Using RRD version 1.4.7 > 07/Jan/2014 14:37:30 [main.cpp:188] Working directory: /var/tmp/ntopng > 07/Jan/2014 14:37:30 [main.cpp:190] Scripts/HTML pages directory: > /usr/local/share/ntopng > 07/Jan/2014 14:37:30 [Ntop.cpp:165] Welcome to ntopng x86_64 v.1.1 (r) - (C) > 1998-13 ntop.org > 07/Jan/2014 14:37:30 [Redis.cpp:54] Successfully connected to Redis 64 bit > v.2.8.3 > 07/Jan/2014 14:37:30 [PeriodicActivities.cpp:53] Started periodic activities > loop... > 07/Jan/2014 14:37:30 [CollectorInterface.cpp:100] Collecting flows... > 07/Jan/2014 14:37:30 [CollectorInterface.cpp:233] Flow collection is over. > 07/Jan/2014 14:37:30 [NetworkInterface.cpp:549] Started packet polling on > interface [email protected]:5556... > > > But after hour I always have : > No packet has been received yet on interface [email protected]:5556. > Please wait 6 seconds until this page reloads. > > > Can you help me ? > > Thanks > > > >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
