Hello Simone,
Thanks for the quick response. By host statistics, you mean native, right?
We have checked that and also did a tcpdump to verify that we are getting
responses. Below is the json that is returned from one of the runs,
hbase-metadata-devjson:
{
u'ip': {u'ipVersion': 4, u'ip': u'172.25.3.132', u'localHost': False},
u'icmp_rcvd': {u'bytes': 0, u'packets': 0},
u'pktStats.recv': {},
u'contacts': {
u'client': { u'192.168.254.1': u'62', u'239.255.255.250': u'1'},
u'server': {}
},
u'tcp_sent': {u'bytes': 117789898, u'packets': 86207},
u'symbolic_name': u'172.25.3.132',
u'throughput_trend_pps': u'Stable',
u'ndpiStats': {
u'Unknown': {u'packets': {u'rcvd': 0, u'sent': 347}, u'bytes':
{u'rcvd': 0, u'sent': 69306}},
u'SSDP': {u'packets': {u'rcvd': 0, u'sent': 1}, u'bytes': {u'rcvd': 0,
u'sent': 180}},
u'RTSP': {u'packets': {u'rcvd': 0, u'sent': 85860}, u'bytes': {u'rcvd':
0, u'sent': 117720592}}
},
u'pktStats.sent': {
u'upTo6500': 678,
u'upTo1024': 2201,
u'upTo2500': 836,
u'upTo128': 1082,
u'upTo1518': 73338,
u'upTo512': 1346,
u'upTo256': 6695,
u'upTo9000': 65
},
u'dns': {u'rcvd': {u'stats': {}}, u'sent': {u'stats': {}}},
u'mac_address': u'02:C4:92:CA:3F:FD',
u'throughput_bps': 0.0,
u'throughput_pps': 0.0,
u'other_ip_rcvd': {u'bytes': 0, u'packets': 0},
u'sent': {u'bytes': 117790078, u'packets': 86208},
u'http': {},
u'other_ip_sent': {u'bytes': 0, u'packets': 0},
u'throughput_trend_bps': u'Stable',
u'flows.as_client': 63,
u'activityStats': {u'1456688976': 60, u'1456689036': 48, u'1456688916':
60, u'1456688856': 60},
u'rcvd': {u'bytes': 0, u'packets': 0},
u'flows.as_server': 0,
u'asn': 14138,
u'localHost': True,
u'udp_rcvd': {u'bytes': 0, u'packets': 0},
u'udp_sent': {u'bytes': 180, u'packets': 1},
u'num_alerts': 0,
u'epp': {u'rcvd': {}, u'sent': {}},
u'systemHost': False,
u'asname': u'AS14138',
u'icmp_sent': {u'bytes': 0, u'packets': 0},
u'tcp_rcvd': {u'bytes': 0, u'packets': 0}
}
Notice the tcp_sent, which does have data. Let me know if I can provide any
other information that can help.
Regards,
Ajit
On Mon, Mar 7, 2016 at 7:55 AM, Simone Mainardi <[email protected]> wrote:
> ifnum is not recognized as valid param. Since it's unknown, I guess ntopng
> is replying with host statistics related to the currently active interface.
> Check hosts statistics against the active interface.
>
> Simone
>
> On Mon, Mar 7, 2016 at 4:46 PM, Ajit Sarnaik <[email protected]>
> wrote:
>
>> Hello Simone,
>>
>> Here is the request,
>>
>> "http://localhost:6398/lua/host_get_json.lua?ifnum=4&host=172.25.3.130";
>>
>> We do get the Tx stats, but Rx (response from server) is 0.
>>
>> Regards,
>>
>> Ajit
>>
>> On Mon, Mar 7, 2016 at 7:05 AM, Simone Mainardi <[email protected]>
>> wrote:
>>
>>> Ajit, are you calling the http "host_get_json.lua" endpoint directly?
>>> Could you please post the full http request you make?
>>>
>>> simone
>>>
>>> On Mon, Mar 7, 2016 at 3:51 AM, Ajit Sarnaik <[email protected]>
>>> wrote:
>>>
>>>> Hello Folks,
>>>>
>>>> Just starting using ntop. We would like to capture network statistics
>>>> for bidirectional traffic and we are using "host_get_json.lua" script to
>>>> accomplish this. What we are noticing is that the Tx traffic stats are
>>>> appropriate, where as the Rx traffic stats are 0. We have done a tcpdump to
>>>> determine if the response are being received on the interface, and they are
>>>> coming in. Below is the snippet of he config file.
>>>>
>>>> # Specifies the network interface or collector endpoint to be
>>>> used by ntopng for network
>>>> # monitoring. On Unix you can specify both the interface name
>>>> (e.g. lo) or the numeric
>>>> # interface id as shown by ntopng -h. On Windows you must use
>>>> the interface number instead.
>>>> # Note that you can specify -i multiple times in order to
>>>> instruct ntopng to create multiā
>>>> # ple interfaces.
>>>> #
>>>> --interface eth0
>>>> --interface eth1
>>>> #
>>>> # -w|--http-port
>>>> # Sets the HTTP port of the embedded web server.
>>>> #
>>>> --http-port 6398
>>>> #
>>>> # -m|--local-networks
>>>> # ntopng determines the ip addresses and netmasks for each
>>>> active interface. Any traffic on
>>>> # those networks is considered local. This parameter allows
>>>> the user to define additional
>>>> # networks and subnetworks whose traffic is also considered
>>>> local in ntopng reports. All
>>>> # other hosts are considered remote. If not specified the
>>>> default is set to 192.168.1.0/24.
>>>> #
>>>> # Commas separate multiple network values. Both netmask and
>>>> CIDR notation may be used,
>>>> # even mixed together, for instance "
>>>> 131.114.21.0/24,10.0.0.0/255.0.0.0".
>>>> #
>>>> --local-networks "172.25.1.0/24,172.25.2.0/24,172.25.3.128/25"
>>>> #
>>>> # -n|--dns-mode
>>>> # Sets the DNS address resolution mode: 0 - Decode DNS responses
>>>> and resolve only local
>>>> # (-m) numeric IPs 1 - Decode DNS responses and resolve all
>>>> numeric IPs 2 - Decode DNS
>>>> # responses and don't resolve numeric IPs 3 - Don't decode DNS
>>>> responses and don't resolve
>>>> #
>>>> -n=3
>>>>
>>>> Have any of you seen this behavior. Would appreciate any help in this
>>>> regards. Any pointers to FAQs would also be helpful.
>>>>
>>>> Regards,
>>>>
>>>> --
>>>> Ajit Sarnaik
>>>>
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> [email protected]
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> [email protected]
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>
>>
>>
>> --
>> Ajit Sarnaik
>>
>> _______________________________________________
>> Ntop mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
--
Ajit Sarnaik
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
