Hello Simone, Now that you mention that we need nProbe, will nProbe with ntopng be enough or I need to have other components, such as n2disk, nbox, npfring ntopng-data as well please. We mysql for other purposes, can we use that instead redis please.
Regards, Ajit On Tue, Mar 8, 2016 at 4:23 AM, Simone Mainardi <[email protected]> wrote: > Ajit, you need nProbe to decode GRE tunneled traffic: > http://www.ntop.org/products/netflow/nprobe/ > > On Tue, Mar 8, 2016 at 1:12 PM, Ajit Sarnaik <[email protected]> > wrote: > >> Hell Simone, >> >> This issue does not address the GRE question though. >> >> Regards, >> >> Ajit >> >> On Tue, Mar 8, 2016 at 4:03 AM, Simone Mainardi <[email protected]> >> wrote: >> >>> Ajit, please refer to the following issue: >>> https://github.com/ntop/ntopng/issues/432 >>> >>> On Tue, Mar 8, 2016 at 12:42 PM, Ajit Sarnaik <[email protected]> >>> wrote: >>> >>>> Hello Luca, >>>> >>>> Are GRE tunnels supported by NTOPNG please. Will file the issue request. >>>> >>>> Regards, >>>> >>>> Ajit >>>> >>>> On Tue, Mar 8, 2016 at 3:35 AM, Luca Deri <[email protected]> wrote: >>>> >>>>> Hi Ajit, >>>>> please file an issue request >>>>> >>>>> Luca >>>>> >>>>> On 03/08/2016 12:28 PM, Ajit Sarnaik wrote: >>>>> >>>>> Hello Simone, >>>>> >>>>> Is there support for GRE tunnels in ntopng please. >>>>> >>>>> Regards, >>>>> >>>>> Ajit >>>>> >>>>> On Tue, Mar 8, 2016 at 3:27 AM, Ajit Sarnaik <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello Simone, >>>>>> >>>>>> Thanks for the quick response. By host statistics, you mean native, >>>>>> right? We have checked that and also did a tcpdump to verify that we are >>>>>> getting responses. Below is the json that is returned from one of the >>>>>> runs, >>>>>> >>>>>> hbase-metadata-devjson: >>>>>> { >>>>>> u'ip': {u'ipVersion': 4, u'ip': u'172.25.3.132', u'localHost': >>>>>> False}, >>>>>> u'icmp_rcvd': {u'bytes': 0, u'packets': 0}, >>>>>> u'pktStats.recv': {}, >>>>>> u'contacts': { >>>>>> u'client': { u'192.168.254.1': u'62', u'239.255.255.250': u'1'}, >>>>>> u'server': {} >>>>>> }, >>>>>> u'tcp_sent': {u'bytes': 117789898, u'packets': 86207}, >>>>>> u'symbolic_name': u'172.25.3.132', >>>>>> u'throughput_trend_pps': u'Stable', >>>>>> u'ndpiStats': { >>>>>> u'Unknown': {u'packets': {u'rcvd': 0, u'sent': 347}, u'bytes': >>>>>> {u'rcvd': 0, u'sent': 69306}}, >>>>>> u'SSDP': {u'packets': {u'rcvd': 0, u'sent': 1}, u'bytes': >>>>>> {u'rcvd': 0, u'sent': 180}}, >>>>>> u'RTSP': {u'packets': {u'rcvd': 0, u'sent': 85860}, u'bytes': >>>>>> {u'rcvd': 0, u'sent': 117720592}} >>>>>> }, >>>>>> u'pktStats.sent': { >>>>>> u'upTo6500': 678, >>>>>> u'upTo1024': 2201, >>>>>> u'upTo2500': 836, >>>>>> u'upTo128': 1082, >>>>>> u'upTo1518': 73338, >>>>>> u'upTo512': 1346, >>>>>> u'upTo256': 6695, >>>>>> u'upTo9000': 65 >>>>>> }, >>>>>> u'dns': {u'rcvd': {u'stats': {}}, u'sent': {u'stats': {}}}, >>>>>> u'mac_address': u'02:C4:92:CA:3F:FD', >>>>>> u'throughput_bps': 0.0, >>>>>> u'throughput_pps': 0.0, >>>>>> u'other_ip_rcvd': {u'bytes': 0, u'packets': 0}, >>>>>> u'sent': {u'bytes': 117790078, u'packets': 86208}, >>>>>> u'http': {}, >>>>>> u'other_ip_sent': {u'bytes': 0, u'packets': 0}, >>>>>> u'throughput_trend_bps': u'Stable', >>>>>> u'flows.as_client': 63, >>>>>> u'activityStats': {u'1456688976': 60, u'1456689036': 48, >>>>>> u'1456688916': 60, u'1456688856': 60}, >>>>>> u'rcvd': {u'bytes': 0, u'packets': 0}, >>>>>> u'flows.as_server': 0, >>>>>> u'asn': 14138, >>>>>> u'localHost': True, >>>>>> u'udp_rcvd': {u'bytes': 0, u'packets': 0}, >>>>>> u'udp_sent': {u'bytes': 180, u'packets': 1}, >>>>>> u'num_alerts': 0, >>>>>> u'epp': {u'rcvd': {}, u'sent': {}}, >>>>>> u'systemHost': False, >>>>>> u'asname': u'AS14138', >>>>>> u'icmp_sent': {u'bytes': 0, u'packets': 0}, >>>>>> u'tcp_rcvd': {u'bytes': 0, u'packets': 0} >>>>>> } >>>>>> >>>>>> >>>>>> Notice the tcp_sent, which does have data. Let me know if I can >>>>>> provide any other information that can help. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Ajit >>>>>> >>>>>> On Mon, Mar 7, 2016 at 7:55 AM, Simone Mainardi < <[email protected]> >>>>>> [email protected]> wrote: >>>>>> >>>>>>> ifnum is not recognized as valid param. Since it's unknown, I guess >>>>>>> ntopng is replying with host statistics related to the currently active >>>>>>> interface. Check hosts statistics against the active interface. >>>>>>> >>>>>>> Simone >>>>>>> >>>>>>> On Mon, Mar 7, 2016 at 4:46 PM, Ajit Sarnaik < >>>>>>> <[email protected]>[email protected]> wrote: >>>>>>> >>>>>>>> Hello Simone, >>>>>>>> >>>>>>>> Here is the request, >>>>>>>> >>>>>>>> " >>>>>>>> http://localhost:6398/lua/host_get_json.lua?ifnum=4&host=172.25.3.130 >>>>>>>> " >>>>>>>> >>>>>>>> We do get the Tx stats, but Rx (response from server) is 0. >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>> Ajit >>>>>>>> >>>>>>>> On Mon, Mar 7, 2016 at 7:05 AM, Simone Mainardi < >>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>> >>>>>>>>> Ajit, are you calling the http "host_get_json.lua" endpoint >>>>>>>>> directly? Could you please post the full http request you make? >>>>>>>>> >>>>>>>>> simone >>>>>>>>> >>>>>>>>> On Mon, Mar 7, 2016 at 3:51 AM, Ajit Sarnaik < >>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hello Folks, >>>>>>>>>> >>>>>>>>>> Just starting using ntop. We would like to capture network >>>>>>>>>> statistics for bidirectional traffic and we are using >>>>>>>>>> "host_get_json.lua" >>>>>>>>>> script to accomplish this. What we are noticing is that the Tx >>>>>>>>>> traffic >>>>>>>>>> stats are appropriate, where as the Rx traffic stats are 0. We have >>>>>>>>>> done a >>>>>>>>>> tcpdump to determine if the response are being received on the >>>>>>>>>> interface, >>>>>>>>>> and they are coming in. Below is the snippet of he config file. >>>>>>>>>> >>>>>>>>>> # Specifies the network interface or collector endpoint >>>>>>>>>> to be used by ntopng for network >>>>>>>>>> # monitoring. On Unix you can specify both the interface >>>>>>>>>> name (e.g. lo) or the numeric >>>>>>>>>> # interface id as shown by ntopng -h. On Windows you must >>>>>>>>>> use the interface number instead. >>>>>>>>>> # Note that you can specify -i multiple times in order to >>>>>>>>>> instruct ntopng to create multiā >>>>>>>>>> # ple interfaces. >>>>>>>>>> # >>>>>>>>>> --interface eth0 >>>>>>>>>> --interface eth1 >>>>>>>>>> # >>>>>>>>>> # -w|--http-port >>>>>>>>>> # Sets the HTTP port of the embedded web server. >>>>>>>>>> # >>>>>>>>>> --http-port 6398 >>>>>>>>>> # >>>>>>>>>> # -m|--local-networks >>>>>>>>>> # ntopng determines the ip addresses and netmasks for each >>>>>>>>>> active interface. Any traffic on >>>>>>>>>> # those networks is considered local. This parameter >>>>>>>>>> allows the user to define additional >>>>>>>>>> # networks and subnetworks whose traffic is also >>>>>>>>>> considered local in ntopng reports. All >>>>>>>>>> # other hosts are considered remote. If not specified the >>>>>>>>>> default is set to 192.168.1.0/24. >>>>>>>>>> # >>>>>>>>>> # Commas separate multiple network values. Both >>>>>>>>>> netmask and CIDR notation may be used, >>>>>>>>>> # even mixed together, for instance " >>>>>>>>>> 131.114.21.0/24,10.0.0.0/255.0.0.0". >>>>>>>>>> # >>>>>>>>>> --local-networks "172.25.1.0/24,172.25.2.0/24,172.25.3.128/25" >>>>>>>>>> # >>>>>>>>>> # -n|--dns-mode >>>>>>>>>> # Sets the DNS address resolution mode: 0 - Decode DNS >>>>>>>>>> responses and resolve only local >>>>>>>>>> # (-m) numeric IPs 1 - Decode DNS responses and >>>>>>>>>> resolve all numeric IPs 2 - Decode DNS >>>>>>>>>> # responses and don't resolve numeric IPs 3 - Don't decode >>>>>>>>>> DNS responses and don't resolve >>>>>>>>>> # >>>>>>>>>> -n=3 >>>>>>>>>> >>>>>>>>>> Have any of you seen this behavior. Would appreciate any help in >>>>>>>>>> this regards. Any pointers to FAQs would also be helpful. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Ajit Sarnaik >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ntop mailing list >>>>>>>>>> <[email protected]>[email protected] >>>>>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ntop mailing list >>>>>>>>> [email protected] >>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Ajit Sarnaik >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ntop mailing list >>>>>>>> [email protected] >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ajit Sarnaik >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ajit Sarnaik >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing >>>>> [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> >>>> >>>> >>>> -- >>>> Ajit Sarnaik >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> >> -- >> Ajit Sarnaik >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > -- Ajit Sarnaik
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
