I'm using version 5 of ntop only. Here's my config: ntopng -e -I tcp://127.0.0.1:5556
nprobe --zmq "tcp://127.0.0.1:5556" -u 1 -Q 1 -i none -n none --collector-port 2055 -b 2 --debug --interpret-flow-packets --syslog nprobe -t 900 -d 900 -l 900 -V 5 --dump-pkts /var/nprobe.pcap --dump-bad-packets /var/nprobe_bad.pcap I'm running nprobe version v.7.1.150506 (r46666) Strangely the dump-pkts and dump-bad-packets files never get anything in them, even when I send 'good' traffic from the simulator. Michael On May 12, 2015 12:08 AM, "Yuri Francalacci" <[email protected]> wrote: > what is the configuration you are using? Are you using netflow v9/ipfix? > if so, this issue might be caused by the template. But this could be just > an idea. > Yuri > ############################################### > Yuri Francalacci - [email protected] - http://www.ntop.org > "Simplicity is the ultimate sophistication" - Leonardo da Vinci > ############################################### > > On 12 May 2015, at 01:17, Michael Jeung <[email protected]> wrote: > > Hello! > > I have ntopng setup with nprobe on my network for monitoring net flow > devices. > > I'm pretty sure I've got it configured correctly because when I use the > Paessler Netflow Simulator to generate some sample netflow data, nprobe > picks it up as expected and I can see it visualized on ntopng. Great! > > However, now I'm trying to get nprobe to recognize traffic from one of my > network devices. I wrote some code that outputs netflow packets and for > the last couple of days I've made the output match the "good" packets that > the Paessler traffic generator is creating and nprobe is consuming. > > However, I'm running into a problem that is really stumping me. No matter > how closely I try to mirror the Paessler netflow traffic, nprobe > consistently ignores my traffic - but every time I start up the simulated > Paessler traffic, nprobe eagerly accepts it. (I can tell because I'm > running nprobe in verbose logging mode and I can see exactly when it emits > a new flow over zmq.) > > So, my question is this: is there a good way to get nprobe to tell me WHY > it's ignoring the netflow packets that I generate? > > Right now, I'm sending my netflow packets to nprobe on port 2055 (just > like Paessler) but I don't see anything show up in the log. It's like > nprobe is just silently dropping my packets. > > I've verified my netflow packets are hitting the nprobe CentOS box with > tcpdump. I've also verified that my netflow packets are well-formed using > Wireshark. I'm quite confused why nprobe seems to be ignoring me, but > picks up Paessler's simulated traffic no problem. > > Is there some persistent nprobe data I need to flush? (I've tried > rebooting, no luck.) Maybe nprobe has somehow locked on to the simulated > traffic and that's why it's ignoring me? > > Any tips would be greatly appreciated! Thanks, > > Michael > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
