Hi Peter, We fixed this issue and i improved the http page of nprobe Splunk app, now it completely support all HTTP templates exported by nprobe.
You can update the nprobe Splunk app as follow: - Download the new package (http://apps.splunk.com/app/1721/) - Update the app using the CLI /opt/splunk/bin/splunk install app /opt/nprobe-application-and-network-monitor_12.tar -update true Splunk username: xxxx Password: **** App '/opt/nprobe-application-and-network-monitor_12.tar' installed You need to restart the Splunk Server (splunkd) for your changes to take effect. Please try to update both nprobe and nprobe Splunk app and let me know. Best regards, Filippo On 19 Mar 2014, at 14:52, ??peter?? <[email protected]> wrote: > > Hi, > > When I run the command which got from the ntop's blog: > > nprobe -T ??%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL > %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %HTTP_SITE %HTTP_RET_CODE > %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID %L7_PROTO_NAME > %ICMP_TYPE?? ?Ctcp ??127.0.0.1:3333?? -b 2 -i eth0 ?Cjson-labels > > it works ok. But after adding another parameter "%HTTP_METHOD", the command > likes the following: > > nprobe -T ??%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL > %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %HTTP_METHOD %HTTP_SITE > %HTTP_RET_CODE %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID > %L7_PROTO_NAME %ICMP_TYPE?? ?Ctcp ??127.0.0.1:3333?? -b 2 -i eth0 > ?Cjson-labels > > it will stop with a reason of Segmentation fault within about 30 seconds. > > So what's wrong and what should I do? > > Thanks. > > --------------------- > peter.chew > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
