Hi, Yes, I might have been unclear, sorry.
Exporting flows to nTop works fine. If i run nProbe with the -i eth0 flag I can see statistics in nTop and the flows are exported through the zeromq socket. It's the NetFlow part that I can't get to work (--collector-port 2055). I'm sending NetFlow data to port 2055 on the nProbe/nTop host. The port is open i the CentOS-firewall. But nProbe doesn't seem to be collecting. I'm concerned about these errors: 18/Sep/2015 17:41:17 [collect.c:51] ERROR: Bad configuration: flows will be sent to the collection port 18/Sep/2015 17:41:17 [collect.c:52] ERROR: causing a waterfall effect: flow collection will be disabled /Oscar On Fri, September 18, 2015 11:12 am, Yuri Francalacci wrote: > Oscar, > in this scenario ntopng will connect to port 5556 of nprobe (note that > nProbe acts as server instead of client in this case). > So, you will not see any packet exported on port 2055 for sure, but if > ntopng is configured in the right way, you will see traffic from ntopng to > nprobe on port 5556. > Yuri > ############################################### > Yuri Francalacci - [email protected] - http://www.ntop.org > "Simplicity is the ultimate sophistication" - Leonardo da Vinci > ############################################### > >> On 18 Sep 2015, at 11:56, Oscar Carlstedt <[email protected]> wrote: >> >> Hi, >> >> I'm having trouble configuring nProbe as a NetFlow-collector and then >> relaying to nTop. I'm using this command: >> >> [root@localhost ~]# nprobe --zmq "tcp://*:5556" --collector-port 2055 >> >> And getting these results: >> >> 18/Sep/2015 17:41:17 [nprobe.c:3130] Valid nProbe license found >> 18/Sep/2015 17:41:17 [nprobe.c:4488] WARNING: The output interfaceId is >> set to 0: did you forget to use -Q perhaps ? >> 18/Sep/2015 17:41:17 [nprobe.c:4491] WARNING: The input interfaceId is >> set >> to 0: did you forget to use -u perhaps ? >> 18/Sep/2015 17:41:17 [nprobe.c:4552] Welcome to nProbe v.7.2.150914 >> ($Revision: 4468 $) for x86_64-unknown-linux-gnu with native PF_RING >> acceleration >> 18/Sep/2015 17:41:17 [nprobe.c:4562] Running on CentOS Linux release >> 7.1.1503 (Core) >> 18/Sep/2015 17:41:17 [nprobe.c:4573] [LICENSE] nProbe SystemId: >> 688C59C68206217E >> 18/Sep/2015 17:41:17 [nprobe.c:4584] [LICENSE] nProbe License: >> D7D37ED89D454B911767CA48AE0BF91014740557803F3D11BE >> 18/Sep/2015 17:41:17 [nprobe.c:4587] [LICENSE] nProbe Edition: Standard >> [without PF_RING Acceleration] >> 18/Sep/2015 17:41:17 [nprobe.c:4614] [LICENSE] Maintenance is available >> until Fri Sep 16 21:56:20 2016 [364 days left] >> 18/Sep/2015 17:41:17 [nprobe.c:4658] WARNING: -n parameter is missing. >> 127.0.0.1:2055 will be used. >> 18/Sep/2015 17:41:17 [nprobe.c:6526] Welcome to nprobe v.7.2.150914 for >> x86_64-unknown-linux-gnu >> 18/Sep/2015 17:41:17 [plugin.c:1000] 0 plugin(s) enabled >> 18/Sep/2015 17:41:17 [nprobe.c:6203] Non IPv4/v6 traffic is discarded >> according to the template >> 18/Sep/2015 17:41:17 [util.c:287] GeoIP: loaded AS config file >> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat >> 18/Sep/2015 17:41:17 [util.c:296] GeoIP: loaded AS IPv6 config file >> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat >> 18/Sep/2015 17:41:17 [nprobe.c:6698] IPv6 traffic will NOT be >> exported/accounted by this probe >> 18/Sep/2015 17:41:17 [nprobe.c:6699] due to configuration options (e.g. >> use NetFlow v9) >> 18/Sep/2015 17:41:17 [util.c:3840] Succesfully created ZMQ endpoint >> tcp://*:5556 >> 18/Sep/2015 17:41:17 [util.c:2892] WARNING: Don't dropping privileges >> (required by NetFilter) >> 18/Sep/2015 17:41:17 [collect.c:51] ERROR: Bad configuration: flows will >> be sent to the collection port >> 18/Sep/2015 17:41:17 [collect.c:52] ERROR: causing a waterfall effect: >> flow collection will be disabled >> 18/Sep/2015 17:41:17 [nprobe.c:7035] nProbe started successfully >> >> I can see packets coming in: >> >> [root@localhost ~]# tcpdump -i ens160 udp dst port 2055 >> tcpdump: verbose output suppressed, use -v or -vv for full protocol >> decode >> listening on ens160, link-type EN10MB (Ethernet), capture size 65535 >> bytes >> 17:37:07.828907 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >> length 72 >> 17:37:07.937884 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >> length 72 >> 17:37:08.046399 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >> length 72 >> 17:37:08.156147 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >> length 72 >> 17:37:08.264936 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >> length 72 >> >> But no flows are exported to nTop. Am I missing any parameters? >> >> Please advise. >> >> Best Regards, >> Oscar Carlstedt >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop /Oscar _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
