Hi Simone, thanks for testing the configuration. Yesterday I've started over with a fresh DB. ntopng does have all privileges. It does create two tables "ntopngv4_2" and "ntopngv6_2". When I manually search for a IP, I can see corresponding entries (after doing ip to integer conversion).
Yet, using the search field in the ntop web-ui it says: "Host 10.0.2.4 cannot be found. Perhaps this host has been previously purged from memory or it has never been observed by this instance." This morning I've restarted (and updated) ntopng. An assumption is that the search only show hosts which were visible since it's running. I will try to confirm this. ------------------- For redundancy reasons I want 2 probes which will be capturing the same traffic. If one probe dies, the other will continue sending flows to the collector. So I don't need to know which from which probe the flows are coming (rather from which interface on each probe). Also for redundancy reasons it would be nice if the probes could "cache" flows in case the collector dies. My initial idea was that probes, collector and ntop use the same DB to store (historical) flows. But you already said that the format differs. (Maybe this discussion should be on a separate thread.) Cheers Robert On 04.03.2016 17:15, Simone Mainardi wrote: > Hi Robert, > > I've just tested your configuration on our lab and everything work as > expected, including MySQL flow export and retrieval. > On Server B, could you please try and see if the MySQL (identified by the > specified password) has privileges to create database ntopng? > > ------ > > The idea to add more probes (e.g., `Servers of type A`) it totally sound. > For the collector you have two choices: > - use only one collector for all the probes (in this case all the traffic > is aggregated together as if it were coming from a single interface) > - run a separate collector for each probe (in this case you can keep the > traffic of each probe separated from the others) > > Simone > > On Wed, Mar 2, 2016 at 1:57 PM, Finze, Robert <[email protected] >> wrote: > >> Hi Simone, >> >> thanks for your answer. Here's my configuration: >> >> Server A (Probe): >> nprobe -i eth1 -V 9 -n 10.0.0.1:2055 -G >> >> Server B (Collector): >> nprobe --zmq tcp://*:5556 -V 9 -i none --collector-port 2055 -n none -G >> >> ntopng -i tcp://127.0.0.1:5556 -d /storage/ntopng -q -e -F >> "mysql;localhost;flowdb;ntopdb;dbuser,dbuserpw" >> >> >> The idea is to add more Servers of type A. I'm not quite sure however if >> this is the way it is supposed to work. For instance do I need a >> separate 'nprobe' process on Server B? >> >> >> Cheers >> >> Robert >> >> On 02.03.2016 09:47, Simone Mainardi wrote: >>> Robert, >>> >>> Presently, ntopng is not able to read MySQL flows that have been dumped >> by >>> nProbe. Hence, the latest solution proposed is not doable now. >>> >>> Could you please post nprobe and ntopng configurations so we can try and >>> reproduce your issue. If I understand correctly: you can see dumped flows >>> in the database, but ntopng is not able to fetch them for data >> exploration. >>> >>> thanks, >>> >>> Simone >>> >>> On Wed, Mar 2, 2016 at 9:28 AM, Finze, Robert < >> [email protected] >>>> wrote: >>> >>>> Hello List, >>>> >>>> I'm a new (and happy) ntop/nrobe user currently setting up a testbed and >>>> can't get ntop to display historical data. >>>> >>>> The setup is that one nprobe server creates netflows and sends it to >>>> another server where also a nprobe process is collecting the flows and >>>> providing a zmq endpoint for ntop. ntop also writes them into a mysql >>>> database (checked manually). >>>> >>>> Yet when I click through the interface and try to display historical >>>> data it says "no results found". >>>> (for example in the host view or when searching for hosts which have >>>> been online yesterday). >>>> >>>> I've used the "-F" flag to save data to mysql. Is there another flag >>>> that I need to tell ntop to read from the database? >>>> >>>> (Ideally I would let multiple nrpobes write to that DB and ntop only >>>> read from it). >>>> >>>> >>>> Cheers >>>> >>>> Robert >>>> >>>> P.S.: >>>> I've read the articles >>>> (http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng/) >>>> about this. >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
0xF7F18CD0.asc
Description: application/pgp-keys
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
