Hi Filippo,
Where should I download the newest version of nprobe?
------------------ Original ------------------
From: "ntop-request";<[email protected]>;
Date: Sun, Mar 23, 2014 07:00 PM
To: "ntop"<[email protected]>;
Subject: Ntop Digest, Vol 118, Issue 11
Send Ntop mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://listgateway.unipi.it/mailman/listinfo/ntop
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Ntop digest..."
Today's Topics:
1. Re: nprobe for splunk app Segmentation fault (Filippo Fontanelli)
2. Re: nprobe for splunk app Segmentation fault (Filippo Fontanelli)
----------------------------------------------------------------------
Message: 1
Date: Sat, 22 Mar 2014 14:38:12 +0100
From: Filippo Fontanelli <[email protected]>
To: [email protected]
Cc: Ntop <[email protected]>
Subject: Re: [Ntop] nprobe for splunk app Segmentation fault
Message-ID: <[email protected]>
Content-Type: text/plain; charset="gb18030"
Hi Peter,
We fixed this issue and i improved the http page of nprobe Splunk app, now it
completely support all HTTP templates exported by nprobe.
You can update the nprobe Splunk app as follow:
- Download the new package (http://apps.splunk.com/app/1721/)
- Update the app using the CLI
/opt/splunk/bin/splunk install app
/opt/nprobe-application-and-network-monitor_12.tar -update true
Splunk username: xxxx
Password: ****
App '/opt/nprobe-application-and-network-monitor_12.tar' installed
You need to restart the Splunk Server (splunkd) for your changes to take effect.
Please try to update both nprobe and nprobe Splunk app and let me know.
Best regards,
Filippo
On 19 Mar 2014, at 14:52, ?peter? <[email protected]> wrote:
>
> Hi,
>
> When I run the command which got from the ntop's blog:
>
> nprobe -T ?%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL
> %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %HTTP_SITE %HTTP_RET_CODE
> %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID %L7_PROTO_NAME
> %ICMP_TYPE? ?tcp ?127.0.0.1:3333? -b 2 -i eth0 ?json-labels
>
> it works ok. But after adding another parameter "%HTTP_METHOD", the command
> likes the following:
>
> nprobe -T ?%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL
> %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %HTTP_METHOD %HTTP_SITE
> %HTTP_RET_CODE %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID
> %L7_PROTO_NAME %ICMP_TYPE? ?tcp ?127.0.0.1:3333? -b 2 -i eth0 ?json-labels
>
> it will stop with a reason of Segmentation fault within about 30 seconds.
>
> So what's wrong and what should I do?
>
> Thanks.
>
> ---------------------
> peter.chew
>
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listgateway.unipi.it/mailman/private/ntop/attachments/20140322/0d3ca463/attachment-0002.htm>
------------------------------
Message: 2
Date: Sat, 22 Mar 2014 14:38:12 +0100
From: Filippo Fontanelli <[email protected]>
To: [email protected]
Cc: Ntop <[email protected]>
Subject: Re: [Ntop] nprobe for splunk app Segmentation fault
Message-ID: <[email protected]>
Content-Type: text/plain; charset="gb18030"
Hi Peter,
We fixed this issue and i improved the http page of nprobe Splunk app, now it
completely support all HTTP templates exported by nprobe.
You can update the nprobe Splunk app as follow:
- Download the new package (http://apps.splunk.com/app/1721/)
- Update the app using the CLI
/opt/splunk/bin/splunk install app
/opt/nprobe-application-and-network-monitor_12.tar -update true
Splunk username: xxxx
Password: ****
App '/opt/nprobe-application-and-network-monitor_12.tar' installed
You need to restart the Splunk Server (splunkd) for your changes to take effect.
Please try to update both nprobe and nprobe Splunk app and let me know.
Best regards,
Filippo
On 19 Mar 2014, at 14:52, ?peter? <[email protected]> wrote:
>
> Hi,
>
> When I run the command which got from the ntop's blog:
>
> nprobe -T ?%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL
> %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %HTTP_SITE %HTTP_RET_CODE
> %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID %L7_PROTO_NAME
> %ICMP_TYPE? ?tcp ?127.0.0.1:3333? -b 2 -i eth0 ?json-labels
>
> it works ok. But after adding another parameter "%HTTP_METHOD", the command
> likes the following:
>
> nprobe -T ?%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL
> %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %HTTP_METHOD %HTTP_SITE
> %HTTP_RET_CODE %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID
> %L7_PROTO_NAME %ICMP_TYPE? ?tcp ?127.0.0.1:3333? -b 2 -i eth0 ?json-labels
>
> it will stop with a reason of Segmentation fault within about 30 seconds.
>
> So what's wrong and what should I do?
>
> Thanks.
>
> ---------------------
> peter.chew
>
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listgateway.unipi.it/mailman/private/ntop/attachments/20140322/0d3ca463/attachment-0003.htm>
------------------------------
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
End of Ntop Digest, Vol 118, Issue 11
*************************************
._______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
