Hi,
I am collecting from several firewall exporters on the same server. I
confirm I am receiving netflows for *all of these*...
But half of them operate fine, and the other half ntopng says "No
Results Found"
root 31869 1 0 Dec11 ? 00:36:26 nprobe --zmq
tcp://*:5555 -i none -n none --collector-port 2055
root 31870 1 0 Dec11 ? 00:00:43 nprobe --zmq
tcp://*:5556 -i none -n none --collector-port 2056
root 31871 1 0 Dec11 ? 00:00:42 nprobe --zmq
tcp://*:5557 -i none -n none --collector-port 2057
root 31872 1 0 Dec11 ? 00:00:47 nprobe --zmq
tcp://*:5558 -i none -n none --collector-port 2058
root 31878 1 0 Dec11 ? 00:00:36 nprobe --zmq
tcp://*:5559 -i none -n none --collector-port 2059
root 31879 1 0 Dec11 ? 00:03:55 nprobe --zmq
tcp://*:5560 -i none -n none --collector-port 2060
root 31885 1 0 Dec11 ? 00:01:51 nprobe --zmq
tcp://*:5561 -i none -n none --collector-port 2061
root 31888 1 0 Dec11 ? 00:00:36 nprobe --zmq
tcp://*:5562 -i none -n none --collector-port 2062
root 31902 1 0 Dec11 ? 00:06:02 nprobe --zmq
tcp://*:5563 -i none -n none --collector-port 2063
root 31913 1 0 Dec11 ? 00:04:19 nprobe --zmq
tcp://*:5564 -i none -n none --collector-port 2064
root 31916 1 0 Dec11 ? 00:00:36 nprobe --zmq
tcp://*:5565 -i none -n none --collector-port 2065
I thought it was the netflow config on the firwalls, but they're all
identical.
Regards,
Warren
Warren,
If you specify none as value for -n, no flow will be export -- in this
case the -P parameter is mandatory.
Please see nprobe --help
On Fri, Dec 11, 2015 at 8:45 AM, Warren Daly (OPUS)
<[email protected] <mailto:[email protected]>> wrote:
Hi,
I start nprobe (v.7.2.151204) like this
nprobe --zmq tcp://*:5556 -i none -n none --collector-port 2056
--debug
We know it's receiving flows.....
11/Dec/2015 14:28:03 [nprobe.c:6827] Not capturing packet from
interface (collector mode)
11/Dec/2015 14:28:03 [util.c:3840] Succesfully created ZMQ
endpoint tcp://*:5556
11/Dec/2015 14:28:03 [collect.c:145] Flow collector listening on
port 2056 (IPv4/v6)
11/Dec/2015 14:28:03 [nprobe.c:6928] WARNING:
*****************************************
11/Dec/2015 14:28:03 [nprobe.c:6929] WARNING: ** You're running
nprobe in DEBUG mode **
11/Dec/2015 14:28:03 [nprobe.c:6930] WARNING:
*****************************************
11/Dec/2015 14:28:03 [nprobe.c:7035] nProbe started successfully
11/Dec/2015 14:28:03 [collect.c:1742] NETFLOW_DEBUG: Received 1408
bytes flow
11/Dec/2015 14:28:05 [collect.c:1742] NETFLOW_DEBUG: Received 1412
bytes flow
11/Dec/2015 14:28:06 [collect.c:1742] NETFLOW_DEBUG: Received 1472
bytes flow
11/Dec/2015 14:28:08 [collect.c:1742] NETFLOW_DEBUG: Received 1428
bytes flow
11/Dec/2015 14:28:12 [collect.c:1742] NETFLOW_DEBUG: Received 1444
bytes flow
11/Dec/2015 14:28:14 [collect.c:1742] NETFLOW_DEBUG: Received 1444
bytes flow
I start ntopng (v.2.2.151204) like this
ntopng -i "tcp://192.168.13.7:5556 <http://192.168.13.7:5556>"
But when I login to ntopng I see "No Results Found"
Both ntop and nprobe are running on the same machine Ubuntu 14.04
x64, 12Gb of Ram, Core i7.
Netflow sender is a Cisco 5510 Firewall.
Thanks.
Warren
_______________________________________________
Ntop mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
--
Warren Daly
Chief Technical Officer
+855 (0) 89 288 107 Skype: warrendaly
OPUS
+855 (0) 23 987 014
www.opus.com.kh
Suite 3FN1 - VTrust Office Centre
Parkway Square | Phnom Penh, Cambodia
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
