Hello, I am new to Ntopng and Nprobe.
I have some very basic questions about starting Ntopng. I have Nprobe starting using a config file, but I am having difficulty getting Ntopng to do the same. I have replaced our IP addresses with letters, but in my actual implementation, they are numbers. Contents of my /etc/ntopng.conf file: -i="tcp://127.0.0.1:5556" -m="xxx.yyy.0.0/16,XXX.YYY.0.0/16,vvv.zzz.0.0/16,10.0.0.0/8" -G=/var/run/ntopng.pid -v -e There are no blank lines at the top or bottom of the file, and no blank spaces at the ends of the lines. attempting to start ntopng: # ntopng /etc/ntopng.conf 17/Mar/2014 12:39:38 [Prefs.cpp:472] Logging into /var/tmp/ntopng/ntopng.log 17/Mar/2014 12:39:38 [Ntop.cpp:466] Setting local networks to xxx.yyy.0.0/16,XXX.YYY.0.0/16,vvv.zzz.0.0/16,10.0.0.0/8 17/Mar/2014 12:39:38 [AddressResolution.cpp:131] Rule 'xxx.yyy.0.0'/'16' 17/Mar/2014 12:39:38 [AddressResolution.cpp:131] Rule 'XXX.YYY.0.0'/'16' 17/Mar/2014 12:39:38 [AddressResolution.cpp:131] Rule 'vvv.zzz.0.0'/'16' 17/Mar/2014 12:39:38 [AddressResolution.cpp:131] Rule '10.0.0.0'/'8' 17/Mar/2014 12:39:38 [Ntop.cpp:440] Parent process is exiting (this is normal) [root@rs-netflow log]# terminate called after throwing an instance of 'char const*' I get the same result if I leave out the -G line. Looking at the log, we can see which options it had trouble with. 'Nobody' can't write to /var/run (apparently?) but more importantly, Ntopng couldn't connect (subscribe?) to the ZMQ interface: # tail /var/tmp/ntopng/ntopng.log 17/Mar/2014 12:39:38 [Ntop.cpp:466] Setting local networks to xxx.yyy.0.0/16,XXX.YYY.0.0/16,vvv.zzz.0.0/16,10.0.0.0/8 17/Mar/2014 12:39:38 [AddressResolution.cpp:131] Rule 'xxx.yyy.0.0'/'16' 17/Mar/2014 12:39:38 [AddressResolution.cpp:131] Rule 'XXX.YYY.0.0'/'16' 17/Mar/2014 12:39:38 [AddressResolution.cpp:131] Rule 'vvv.zzz.0.0'/'16' 17/Mar/2014 12:39:38 [AddressResolution.cpp:131] Rule '10.0.0.0'/'8' 17/Mar/2014 12:39:38 [Ntop.cpp:440] Parent process is exiting (this is normal) 17/Mar/2014 12:39:38 [CollectorInterface.cpp:70] ERROR: Unable to connect to the specified ZMQ endpoint However, I can start ntopng from the command line: ntopng -v -G /var/run/ntopng.pid -e -i "tcp://127.0.0.1:5556" -m "xxx.yyy.0.0/16,XXX.YYY.0.0/16,vvv.zzz.0.0/16,10.0.0.0/8" (all on one line) and it's up and running; I can connect to the web interface and I can see the ntopng process with PS. So, what am I doing wrong with my specification of the ZMQ interface in the config file? It must be somethign simple. I tried escaping the quotes with backslashes (not necessary for the Nprobe config file) and that didn't help. And, less importantly, where should I put the pid file so that 'nobody' can read/write it? /var/tmp? My other issue is that if I start ntopng from the command line, it mysteriously dies overnight. Nprobe is still running, and the system hasn't been rebooted. Where might I find log information indicating what happened to ntopng? Or is this a licensing issue? Thanks, -- Jana Dunn, CISSP Senior Security Analyst Nevada System of Higher Education [email protected]
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
