Re: [Ntop] empty web interface

[wayne . veilleux]

Steve, thanks for sending the way you start probe and ntopng because it solved 
my problem :)

Marc, here is what I did:

On the Ubuntu 12.04 server where run nprobe:

sudo nprobe -i eth1 --zmq tcp://192.168.1.33:5556 -b 1

And, on the Ubuntu 12.04 server where run ntopng:

sudo ntopng -l -s -i nprobe-collector.lua@tcp://192.168.1.33:5556  -d/var/tmp 
-w 3000 -n 0 -m 192.168.1.0/24 -v

Please note the IP address on both size is the IP address of the nprobe server. 
I hope that will help you.

Regards

/Wayne

Le 2014-01-09 à 04:38, Marc Boisis <marc.boi...@univ-lr.fr> a écrit :

> Hi,
> 
> I’ve launched probe and ntopng like you but it change nothing: web interface 
> is still empty.
> 
> In the npbrobe output, I can see this :
> 
> 09/Jan/2014 09:37:01 [nprobe.c:2174] Average traffic: [0.00 pps][0 b/sec]
> 09/Jan/2014 09:37:01 [nprobe.c:2181] Current traffic: [0.00 pps][0 b/sec]
> 09/Jan/2014 09:37:01 [nprobe.c:2187] Current flow export rate: [62.3 
> flows/sec]
> 09/Jan/2014 09:37:01 [nprobe.c:2190] Flow drops: [export queue too 
> long=0][too many flows=0]
> 09/Jan/2014 09:37:01 [nprobe.c:2194] Export Queue: 0/512000 [0.0 %]
> 09/Jan/2014 09:37:01 [nprobe.c:2199] Flow Buckets: 
> [active=334][allocated=334][toBeExported=0]
> 09/Jan/2014 09:37:01 [nprobe.c:2217] Collector Threads: [1155 pkts@0] 
> 09/Jan/2014 09:37:01 [nprobe.c:2041] Processed packets: 0 (max bucket search: 
> 1)
> 09/Jan/2014 09:37:01 [nprobe.c:2024] Fragment queue length: 0
> 09/Jan/2014 09:37:01 [nprobe.c:2050] Flow export stats: [0 bytes/0 pkts][0 
> flows/0 pkts sent]
> 09/Jan/2014 09:37:01 [nprobe.c:2057] Flow collection: [collected pkts: 
> 1155][processed flows: 34650]
> 09/Jan/2014 09:37:01 [nprobe.c:2060] Flow drop stats:   [0 bytes/0 pkts][0 
> flows]
> 
> Are that stats saying flows are exported to ZMQ  socket ??? How can I see if 
> flows are really emitted trough zmq socket ?
> 
> 
> Marc Boisis-Delavaud
> Direction du Système d'Information
> Université de La Rochelle
> marc.boi...@univ-lr.fr | 05 46 45 82 14
> 
> Le 8 janv. 2014 à 22:05, Steve Clark <scl...@netwolves.com> a écrit :
> 
>> Hi,
>> 
>> This worked for us:
>> sudo ./ntopng -l -s -i nprobe-collector.lua@tcp://192.168.198.127:5556 
>> -d/var/tmp -w 3000 -n 0 -m 172.16.0.0/12,10.0.0.0/8,192.168.0.0/16
>> sudo nprobe -i eth1 --zmq tcp://192.168.198.127:5556
>> 
>> On 01/08/2014 04:02 PM, wayne.veill...@videotron.ca wrote:
>>> I would also like to here any help on that because I’ve also sent an email 
>>> a few weeks ago regarding exactly the same problem between probe and ntopng.
>>> 
>>> Regards
>>> 
>>> /Wayne
>>> 
>>> Le 2014-01-08 à 15:59, Marc Boisis <marc.boi...@univ-lr.fr> a écrit :
>>> 
>>>> Hello
>>>> Can anyone gave me an idea or a method to show if ntopng receive or not 
>>>> flow send by nprobe ?
>>>> 
>>>> Le 7 janv. 2014 à 14:40, Marc Boisis <marc.boi...@univ-lr.fr> a écrit :
>>>> 
>>>>> Hello,
>>>>> 
>>>>> I want to show in ntop my flows emitted by an openbsd router with PF 
>>>>> packet filter.
>>>>> 
>>>>> Ntopng and probe are installed on SLES server.
>>>>> 
>>>>> Nprobe is launched like this :
>>>>> nprobe --zmq tcp://127.0.0.1:5556 -i none -n none --collector-port 2055 
>>>>> -V 9 -b 2
>>>>> 
>>>>> 07/Jan/2014 14:27:43 [plugin.c:161] No plugins found in ./plugins
>>>>> 07/Jan/2014 14:27:43 [plugin.c:161] No plugins found in 
>>>>> /usr/local/lib/nprobe/plugins
>>>>> 07/Jan/2014 14:27:43 [plugin.c:165] WARNING: Unable to find plugins 
>>>>> directory. nProbe will work without plugins!
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:3624] Succesfully created ZMQ endpoint 
>>>>> tcp://127.0.0.1:5556
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:3787] WARNING: The output interfaceId is 
>>>>> set to 0: did you forget to use -Q perhaps ?
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:3790] WARNING: The input interfaceId is 
>>>>> set to 0: did you forget to use -u perhaps ?
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:3794] WARNING: You have specified --zmq 
>>>>> and not specified -n.
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:3795] WARNING: We believe you want to use 
>>>>> just ZMQ and no netflow export
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:3796] WARNING: Setting flow export to -n 
>>>>> none
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:3850] Welcome to nprobe v.6.15.140103 
>>>>> ($Revision: 3788 $) for x86_64-suse-linux-gnu 
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:3878] Tracing enabled
>>>>> 07/Jan/2014 14:27:43 [plugin.c:225] 0 plugin(s) loaded [0 delete][0 
>>>>> packet].
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5725] Welcome to nprobe v.6.15.140103 for 
>>>>> x86_64-suse-linux-gnu
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:4963] Compiling flow templates...
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:4993] WARNING: You selected v9/IPFIX 
>>>>> without specifying a template (-T).
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:4994] WARNING: The default template will 
>>>>> be used
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:4999] Using NetFlow Packet Payload Len: 
>>>>> 1472
>>>>> 07/Jan/2014 14:27:43 [plugin.c:872] 0 plugin(s) enabled
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5300] Scanning flow template…
>>>>> …
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5340] Scanning option template...
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5346] Found      TOTAL_FLOWS_EXP [id 42][4 
>>>>> bytes][total 4 bytes]
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5346] Found       TOTAL_PKTS_EXP [id 41][4 
>>>>> bytes][total 8 bytes]
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5374] Each flow is 85 bytes long
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5375] The # packets per flow has been set 
>>>>> to 16
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:4371] Using packet capture length 128
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5905] The flows hash has 131072 buckets
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5907] Flows older than 120 seconds will be 
>>>>> exported
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5910] Flows inactive for at least 30 
>>>>> seconds will be exported
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5913] Expired flows will not be queued for 
>>>>> more than 30 seconds
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5920] Exported flows with engineType 0 and 
>>>>> engineId 207
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5942] TCP TOS will be ignored and set to 0.
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5947] Flows ASs will not be computed 
>>>>> (missing GeoIP support)
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5960] After 1 flow packets are sent, we'll 
>>>>> delay at least 1 ms
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:5980] Flows will be emitted in NetFlow 9 
>>>>> format
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:6010] Flow input interface index is set to >>>>> 0
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:6016] Flow output interface index is set 
>>>>> to 0
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:6030] Not capturing packet from interface 
>>>>> (collector mode)
>>>>> 07/Jan/2014 14:27:43 [collect.c:97] Created UDP sockets
>>>>> 07/Jan/2014 14:27:43 [collect.c:156] Flow collector listening on port 
>>>>> 2055 (IPv4/v6)
>>>>> 07/Jan/2014 14:27:43 [nprobe.c:6137] Starting 1 packet fetch thread(s)
>>>>> 07/Jan/2014 14:27:43 [engine.c:2980] Starting bucket dequeue thread
>>>>> 
>>>>> 
>>>>> and I show this kind of messages which seems good
>>>>> 
>>>>> 07/Jan/2014 14:27:46 [engine.c:2350] Emitting Flow: [->][tcp] 
>>>>> 10.1.70.30:56189 -> 10.10.31.79:13111 [5 pkt/372 bytes][ifIdx 
>>>>> 0->0][duration 0.0 sec]
>>>>> 07/Jan/2014 14:27:46 [util.c:3517] [ZMQ] 
>>>>> {"8":"10.10.31.79","12":"10.1.70.30","15":"0.0.0.0","10":0,"14":0,"2":4,"1":238,"22":1389101235,"21":1389101235,"7":13111,"11":56189,"6":0,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42":714}
>>>>> 07/Jan/2014 14:27:46 [engine.c:2372] Emitting Flow: [<-][tcp] 
>>>>> 10.10.31.79:13111 -> 10.1.70.30:56189 [4 pkt/238 bytes][ifIdx 0->0][0.0 
>>>>> sec]
>>>>> 07/Jan/2014 14:27:46 [util.c:3517] [ZMQ] 
>>>>> {"8":"10.1.70.30","12":"10.10.31.79","15":"0.0.0.0","10":0,"14":0,"2":5,"1":372,"22":1389101235,"21":1389101235,"7":56188,"11":13111,"6":0,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42":715}
>>>>> 07/Jan/2014 14:27:46 [engine.c:2350] Emitting Flow: [->][tcp] 
>>>>> 10.1.70.30:56188 -> 10.10.31.79:13111 [5 pkt/372 bytes][ifIdx 
>>>>> 0->0][duration 0.0 sec]
>>>>> 07/Jan/2014 14:27:46 [util.c:3517] [ZMQ] 
>>>>> {"8":"10.10.31.79","12":"10.1.70.30","15":"0.0.0.0","10":0,"14":0,"2":4,"1":238,"22":1389101235,"21":1389101235,"7":13111,"11":56188,"6":0,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42
>>>>>  »:7
>>>>> 
>>>>> 
>>>>> The socket is listening on port 5556, so i launch ntopng like this : 
>>>>> 
>>>>> ROOT:cacti:/root > ntopng -i tcp://127.0.0.1:5556 -v
>>>>> 07/Jan/2014 14:37:30 [Ntop.cpp:461] Setting local networks to 
>>>>> 192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8
>>>>> 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '192.168.1.0'/'24'
>>>>> 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '0.0.0.0'/'32'
>>>>> 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '224.0.0.0'/'8'
>>>>> 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '239.0.0.0'/'8'
>>>>> 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule 
>>>>> '255.255.255.255'/'32'
>>>>> 07/Jan/2014 14:37:30 [AddressResolution.cpp:129] Rule '127.0.0.0'/'8'
>>>>> 07/Jan/2014 14:37:30 [Ntop.cpp:568] Registered interface 
>>>>> collector@127.0.0.1:5556 [id: 0]
>>>>> 07/Jan/2014 14:37:30 [Utils.cpp:235] User changed to nobody
>>>>> 07/Jan/2014 14:37:30 [main.cpp:147] PID stored in file /var/tmp/ntopng.pid
>>>>> 07/Jan/2014 14:37:30 [HTTPserver.cpp:342] HTTP server listening on port 
>>>>> 3000 [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts]
>>>>> 07/Jan/2014 14:37:30 [main.cpp:179] Using RRD version 1.4.7
>>>>> 07/Jan/2014 14:37:30 [main.cpp:188] Working directory: /var/tmp/ntopng
>>>>> 07/Jan/2014 14:37:30 [main.cpp:190] Scripts/HTML pages directory: 
>>>>> /usr/local/share/ntopng
>>>>> 07/Jan/2014 14:37:30 [Ntop.cpp:165] Welcome to ntopng x86_64 v.1.1 (r) - 
>>>>> (C) 1998-13 ntop.org
>>>>> 07/Jan/2014 14:37:30 [Redis.cpp:54] Successfully connected to Redis 64 
>>>>> bit v.2.8.3
>>>>> 07/Jan/2014 14:37:30 [PeriodicActivities.cpp:53] Started periodic 
>>>>> activities loop...
>>>>> 07/Jan/2014 14:37:30 [CollectorInterface.cpp:100] Collecting flows...
>>>>> 07/Jan/2014 14:37:30 [CollectorInterface.cpp:233] Flow collection is over.
>>>>> 07/Jan/2014 14:37:30 [NetworkInterface.cpp:549] Started packet polling on 
>>>>> interface collector@127.0.0.1:5556...
>>>>> 
>>>>> 
>>>>> But after hour I always have :
>>>>> No packet has been received yet on interface collector@127.0.0.1:5556.
>>>>> Please wait 6 seconds until this page reloads.
>>>>> 
>>>>> 
>>>>> Can you help me ?
>>>>> 
>>>>> Thanks
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>> 
>> 
>> -- 
>> Stephen Clark
>> NetWolves
>> Director of Technology
>> Phone: 813-579-3200
>> Fax: 813-882-0209
>> Email: steve.cl...@netwolves.com
>> http://www.netwolves.com
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> 
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop


_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop