i tried that aswell, has no effect. And when i use tcpdump i can also verify that the zmq connections are ok
On Fri, Jun 17, 2016 at 12:25 PM, Simone Mainardi <maina...@ntop.org> wrote: > Hi, > > According to the information shown, it may be that ntopng is not able to > fetch monitored flows from the nProbe. I would try to bind the nProbe to > any address (--zmq tcp://*:5557) and see if ntopng can see the traffic. > > Simone > > > > On Mon, Jun 13, 2016 at 1:03 PM, Enrico Kern <enrico.k...@glispamedia.com> > wrote: > >> Hi, >> >> i have some weird issue with sflow data, >> >> i try to get nprobe and ntopng working with sflows exported from an >> Arista Switch. I installed the latest versions from the centos repository: >> >> nprobe-7.3.160613-5264.x86_64 >> ntopng-2.3.160613-1231.x86_64 >> >> and launch nprobe: >> >> nprobe --zmq "tcp://127.0.0.1:5557" -i none -n none --collector-port >> 6343 --verbose 2 --dump-stats -nf -V5 -b 2 >> >> and ntop: >> >> >> ntopng -i tcp://127.0.0.1:5557 -d /var/tmp -w 3001 >> >> >> on the ntop webinterface i see no traffic at all. I confirmed that zeromq >> receives packets with tcpdump and also see the sflow packets coming in. >> nprobe also sees the flows and reports that for each new flow: >> >> 13/Jun/2016 12:54:27 [engine.c:2570] New Flow: [tcp] 192.168.1.6:59339 >> -> 192.168.1.7:6800 [AC:16:2D:71:xx:xx -> 00:50:56:AF:xx:xx][vlan >> 900][tos 0][ifIdx: 1000011 -> 1000003][subflowId: >> 0/0x0000][idx=68177][firstSeen=1465815267/0] >> >> as example. But the flows never get exported. If i stop nprobe it says >> that: >> >> 13/Jun/2016 12:56:35 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 >> total/0.0 set/sec] >> 13/Jun/2016 12:56:35 [nprobe.c:5326] Still allocated 0 hash buckets >> 13/Jun/2016 12:56:35 [nprobe.c:2698] Processed packets: 6 (max bucket >> search: 0) >> 13/Jun/2016 12:56:35 [nprobe.c:2681] Fragment queue length: 0 >> 13/Jun/2016 12:56:35 [nprobe.c:2707] Flow export stats: [0 bytes/0 >> pkts][0 flows/0 pkts sent] >> 13/Jun/2016 12:56:35 [nprobe.c:2714] Flow collection: [collected pkts: >> 147][processed flows: 0] >> 13/Jun/2016 12:56:35 [nprobe.c:2717] Flow drop stats: [0 bytes/0 >> pkts][0 flows] >> 13/Jun/2016 12:56:35 [nprobe.c:2722] Total flow stats: [0 bytes/0 >> pkts][0 flows/0 pkts sent] >> >> >> so while it received 147 pakets it did not process a single flow. >> tcpdump also shows me the flows: >> >> # tcpdump port 6343 >> tcpdump: WARNING: eth0: no IPv4 address assigned >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes >> 12:57:58.378005 IP x.10780 > target.sflow: sFlowv5, IPv4 agent xxxx, >> agent-id 9, length 1201 >> 12:57:58.800558 IP 5x.10780 > target.sflow: sFlowv5, IPv4 agent xxxx, >> agent-id 1, length 253 >> 12:57:59.800595 IP x.10780 > target.sflow: sFlowv5, IPv4 agent xxxx, >> agent-id 9, length 1201 >> 12:58:00.505019 IP x.10780 > target.sflow: sFlowv5, IPv4 agent xxxx, >> agent-id 9, length 1201 >> 12:58:00.800634 IP x.10780 > target.sflow: sFlowv5, IPv4 agent xxxx, >> agent-id 1, length 253 >> >> >> I have no issues if i use the arista flows with prtg, imtech analyzer or >> solarwinds. Just ntop doesnt like it. Fun is if i use nprobe with an pcap >> file it seem to proceess at least 1 flow: >> >> # nprobe -i sflow.pcap >> >> 13/Jun/2016 13:01:19 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 >> total/0.0 set/sec] >> 13/Jun/2016 13:01:19 [nprobe.c:2698] Processed packets: 61 (max bucket >> search: 0) >> 13/Jun/2016 13:01:19 [nprobe.c:2681] Fragment queue length: 0 >> 13/Jun/2016 13:01:19 [nprobe.c:2707] Flow export stats: [72589 bytes/61 >> pkts][1 flows/1 pkts sent] >> 13/Jun/2016 13:01:19 [nprobe.c:2717] Flow drop stats: [0 bytes/0 >> pkts][0 flows] >> 13/Jun/2016 13:01:19 [nprobe.c:2722] Total flow stats: [72589 bytes/61 >> pkts][1 flows/1 pkts sent] >> >> >> i played around now with this for almost a day, i have no idea anymore, i >> dont think im doing something wrong and followed the documentation and >> googled like hours but no result. I also tried that first on ubuntu 14.04 >> before i ended up now on CentOS 6.x on a complete different machine just to >> rule out issues, but its the same on both installations. >> >> Anyone an idea? >> >> Thanks in advance! >> >> Regards. >> >> Enrico >> >> >> -- >> >> Enrico Kern >> >> Lead System Engineer >> >> glispa GmbH >> Sonnenburger Straße 73 >> 10437 Berlin, Germany >> >> tel: +49 30 5557130-17 >> fax: +49 30 5557130-50 >> skype: flyersaenrico.k...@glispamedia.comwww.glispa.com >> >> __________________________________________ >> Sitz Berlin, AG Charlottenburg HRB 114678B >> >> >> _______________________________________________ >> Ntop mailing list >> Ntop@listgateway.unipi.it >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop > -- Enrico Kern Lead System Engineer glispa GmbH Sonnenburger Straße 73 10437 Berlin, Germany tel: +49 30 5557130-17 fax: +49 30 5557130-50 skype: flyersaenrico.k...@glispamedia.comwww.glispa.com __________________________________________ Sitz Berlin, AG Charlottenburg HRB 114678B
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
