Try adding a -n none to the nprobe configuration. Yuri ############################################### Yuri Francalacci - [email protected] - http://www.ntop.org "Simplicity is the ultimate sophistication" - Leonardo da Vinci ###############################################
> On 18 Sep 2015, at 12:45, Oscar Carlstedt <[email protected]> wrote: > > Hi, > > Yes, I might have been unclear, sorry. > > Exporting flows to nTop works fine. If i run nProbe with the -i eth0 flag > I can see statistics in nTop and the flows are exported through the zeromq > socket. > > It's the NetFlow part that I can't get to work (--collector-port 2055). > I'm sending NetFlow data to port 2055 on the nProbe/nTop host. The port is > open i the CentOS-firewall. But nProbe doesn't seem to be collecting. > > I'm concerned about these errors: > > 18/Sep/2015 17:41:17 [collect.c:51] ERROR: Bad configuration: flows will > be sent to the collection port > 18/Sep/2015 17:41:17 [collect.c:52] ERROR: causing a waterfall effect: > flow collection will be disabled > > /Oscar > > On Fri, September 18, 2015 11:12 am, Yuri Francalacci wrote: >> Oscar, >> in this scenario ntopng will connect to port 5556 of nprobe (note that >> nProbe acts as server instead of client in this case). >> So, you will not see any packet exported on port 2055 for sure, but if >> ntopng is configured in the right way, you will see traffic from ntopng to >> nprobe on port 5556. >> Yuri >> ############################################### >> Yuri Francalacci - [email protected] - http://www.ntop.org >> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >> ############################################### >> >>> On 18 Sep 2015, at 11:56, Oscar Carlstedt <[email protected]> wrote: >>> >>> Hi, >>> >>> I'm having trouble configuring nProbe as a NetFlow-collector and then >>> relaying to nTop. I'm using this command: >>> >>> [root@localhost ~]# nprobe --zmq "tcp://*:5556" --collector-port 2055 >>> >>> And getting these results: >>> >>> 18/Sep/2015 17:41:17 [nprobe.c:3130] Valid nProbe license found >>> 18/Sep/2015 17:41:17 [nprobe.c:4488] WARNING: The output interfaceId is >>> set to 0: did you forget to use -Q perhaps ? >>> 18/Sep/2015 17:41:17 [nprobe.c:4491] WARNING: The input interfaceId is >>> set >>> to 0: did you forget to use -u perhaps ? >>> 18/Sep/2015 17:41:17 [nprobe.c:4552] Welcome to nProbe v.7.2.150914 >>> ($Revision: 4468 $) for x86_64-unknown-linux-gnu with native PF_RING >>> acceleration >>> 18/Sep/2015 17:41:17 [nprobe.c:4562] Running on CentOS Linux release >>> 7.1.1503 (Core) >>> 18/Sep/2015 17:41:17 [nprobe.c:4573] [LICENSE] nProbe SystemId: >>> 688C59C68206217E >>> 18/Sep/2015 17:41:17 [nprobe.c:4584] [LICENSE] nProbe License: >>> D7D37ED89D454B911767CA48AE0BF91014740557803F3D11BE >>> 18/Sep/2015 17:41:17 [nprobe.c:4587] [LICENSE] nProbe Edition: Standard >>> [without PF_RING Acceleration] >>> 18/Sep/2015 17:41:17 [nprobe.c:4614] [LICENSE] Maintenance is available >>> until Fri Sep 16 21:56:20 2016 [364 days left] >>> 18/Sep/2015 17:41:17 [nprobe.c:4658] WARNING: -n parameter is missing. >>> 127.0.0.1:2055 will be used. >>> 18/Sep/2015 17:41:17 [nprobe.c:6526] Welcome to nprobe v.7.2.150914 for >>> x86_64-unknown-linux-gnu >>> 18/Sep/2015 17:41:17 [plugin.c:1000] 0 plugin(s) enabled >>> 18/Sep/2015 17:41:17 [nprobe.c:6203] Non IPv4/v6 traffic is discarded >>> according to the template >>> 18/Sep/2015 17:41:17 [util.c:287] GeoIP: loaded AS config file >>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat >>> 18/Sep/2015 17:41:17 [util.c:296] GeoIP: loaded AS IPv6 config file >>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat >>> 18/Sep/2015 17:41:17 [nprobe.c:6698] IPv6 traffic will NOT be >>> exported/accounted by this probe >>> 18/Sep/2015 17:41:17 [nprobe.c:6699] due to configuration options (e.g. >>> use NetFlow v9) >>> 18/Sep/2015 17:41:17 [util.c:3840] Succesfully created ZMQ endpoint >>> tcp://*:5556 >>> 18/Sep/2015 17:41:17 [util.c:2892] WARNING: Don't dropping privileges >>> (required by NetFilter) >>> 18/Sep/2015 17:41:17 [collect.c:51] ERROR: Bad configuration: flows will >>> be sent to the collection port >>> 18/Sep/2015 17:41:17 [collect.c:52] ERROR: causing a waterfall effect: >>> flow collection will be disabled >>> 18/Sep/2015 17:41:17 [nprobe.c:7035] nProbe started successfully >>> >>> I can see packets coming in: >>> >>> [root@localhost ~]# tcpdump -i ens160 udp dst port 2055 >>> tcpdump: verbose output suppressed, use -v or -vv for full protocol >>> decode >>> listening on ens160, link-type EN10MB (Ethernet), capture size 65535 >>> bytes >>> 17:37:07.828907 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >>> length 72 >>> 17:37:07.937884 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >>> length 72 >>> 17:37:08.046399 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >>> length 72 >>> 17:37:08.156147 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >>> length 72 >>> 17:37:08.264936 IP a.b.c.d.63493 > localhost.localdomain.iop: UDP, >>> length 72 >>> >>> But no flows are exported to nTop. Am I missing any parameters? >>> >>> Please advise. >>> >>> Best Regards, >>> Oscar Carlstedt >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > > /Oscar > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
