Hello! I have ntopng setup with nprobe on my network for monitoring net flow devices.
I'm pretty sure I've got it configured correctly because when I use the Paessler Netflow Simulator to generate some sample netflow data, nprobe picks it up as expected and I can see it visualized on ntopng. Great! However, now I'm trying to get nprobe to recognize traffic from one of my network devices. I wrote some code that outputs netflow packets and for the last couple of days I've made the output match the "good" packets that the Paessler traffic generator is creating and nprobe is consuming. However, I'm running into a problem that is really stumping me. No matter how closely I try to mirror the Paessler netflow traffic, nprobe consistently ignores my traffic - but every time I start up the simulated Paessler traffic, nprobe eagerly accepts it. (I can tell because I'm running nprobe in verbose logging mode and I can see exactly when it emits a new flow over zmq.) So, my question is this: is there a good way to get nprobe to tell me WHY it's ignoring the netflow packets that I generate? Right now, I'm sending my netflow packets to nprobe on port 2055 (just like Paessler) but I don't see anything show up in the log. It's like nprobe is just silently dropping my packets. I've verified my netflow packets are hitting the nprobe CentOS box with tcpdump. I've also verified that my netflow packets are well-formed using Wireshark. I'm quite confused why nprobe seems to be ignoring me, but picks up Paessler's simulated traffic no problem. Is there some persistent nprobe data I need to flush? (I've tried rebooting, no luck.) Maybe nprobe has somehow locked on to the simulated traffic and that's why it's ignoring me? Any tips would be greatly appreciated! Thanks, Michael
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
