Gerhard, >From the logs I can't see anything that confirms ntopng has read/parsed the bpf filter specified. It looks like the filter is ignored. I am not sure those logs contain the full output, though.
Can you please run ntopng in foreground and paste the output? Simply call /usr/local/bin/ntopng /etc/ntopng/ntopng.conf Regards, Simone On Mon, Jan 9, 2017 at 8:46 PM, Gerhard Mourani <gmour...@prival.ca> wrote: > *Configuration:* > --interface tcp://127.0.0.1:5556 > --packet-filter "ip and not proto ipv6 and not ether host > ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host > 10.0.0.39" > --local-networks 10.0.0.0/24,192.168.2.0/24 > --daemon > --user ntopng > --pid /var/run/ntopng/ntopng.pid > --http-port 0 > --https-port 3001 > --data-dir /var/lib/nst/ntopng > --dns-mode 1 > --disable-autologout > --disable-login 0 > --sticky-hosts none > --http-prefix /ntopng > --ndpi-protocols /etc/ntopng/protos.txt > > *Log file:* > 09/Jan/2017 14:43:49 [Ntop.cpp:1121] Setting local networks to > 10.0.0.0/24,192.168.2.0/24 > 09/Jan/2017 14:43:49 [Redis.cpp:92] Successfully connected to redis > 127.0.0.1:6379@0 > 09/Jan/2017 14:43:49 [Ntop.cpp:1095] Parent process is exiting (this is > normal) > 09/Jan/2017 14:43:49 [Ntop.cpp:1267] Registered interface > tcp://127.0.0.1:5556 [id: 1] > 09/Jan/2017 14:43:49 [Ntop.cpp:1279] Registered interface view > tcp://127.0.0.1:5556 [id: 1] > 09/Jan/2017 14:43:49 [main.cpp:255] PID stored in file > /var/run/ntopng/ntopng.pid > 09/Jan/2017 14:43:49 [Utils.cpp:341] User changed to ntopng > 09/Jan/2017 14:43:49 [HTTPserver.cpp:509] Web server dirs > [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] > 09/Jan/2017 14:43:49 [HTTPserver.cpp:515] HTTPS server listening on port > 3001 > 09/Jan/2017 14:43:49 [main.cpp:295] Working directory: /var/lib/nst/ntopng > 09/Jan/2017 14:43:49 [main.cpp:297] Scripts/HTML pages directory: > /usr/share/ntopng > 09/Jan/2017 14:43:49 [Ntop.cpp:271] Welcome to ntopng x86_64 v.2.4.161013 > - (C) 1998-2016 ntop.org > 09/Jan/2017 14:43:49 [Ntop.cpp:276] Built on CentOS release 6.8 (Final) > 09/Jan/2017 14:43:49 [PeriodicActivities.cpp:53] Started periodic > activities loop... > 09/Jan/2017 14:43:49 [RuntimePrefs.cpp:34] Dumping alerts into syslog > 09/Jan/2017 14:43:49 [NetworkInterface.cpp:1538] Started packet polling on > interface tcp://127.0.0.1:5556 [id: 1]... > 09/Jan/2017 14:43:50 [CollectorInterface.cpp:104] Collecting flows on > tcp://127.0.0.1:5556 [ntopng->nprobe] > > Gerhard, > > On Jan 9, 2017, at 11:26 AM, Simone Mainardi <maina...@ntop.org> wrote: > > Gerhard, please attach the configuration used and the full ntopng console > output (or log file). > > On Mon, Jan 9, 2017 at 2:24 PM, Gerhard Mourani <gmour...@prival.ca> > wrote: > Simone, > > The issue is that even if 10.0.0.39 is filtered to be excluded, it appears > in the view of top hosts. Also, the IP 0.0.0.0 appaers and I don't have > any idea about what it is? > > > > GERHARD MOURANI | Spécialiste Telecom – Concepteur Logiciel > 450 761-9973 p634 | gmour...@prival.ca > 9935, rue de Châteauneuf, bureau 120, Brossard, Québec, J4Z 3V4 > Québec 418 907-8356 | Ottawa 613 689-1539 | Toronto 416 645-5626 > facebook.com/Prival-230867980323343 > linkedin.com/company/prival > > > > On Jan 8, 2017, at 5:36 AM, Simone Mainardi <maina...@ntop.org> wrote: > > Gerhard, > > The filter is correct and properly parsed by ntopng. So what is the issue > you are experiencing? > > Simone > > On Thu, Jan 5, 2017 at 7:58 PM, Gerhard Mourani <gmour...@prival.ca> > wrote: > This doesn't work for me, I'm using the following parameters to exclude > 10.0.0.39 which is my ntopng server IP: > --packet-filter "ip and not proto ipv6 and not ether host > ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host > 10.0.0.39" > > Gerhard, > > On Jan 5, 2017, at 12:09 PM, brett.sti...@cargocarriers.co.zw wrote: > > Thank you Simone. > > I will try that tomorrow morning. > > Much appreciated. > > > > On January 5, 2017 6:40:25 PM GMT+02:00, Simone Mainardi < > maina...@ntop.org> wrote: > > Brett, the filter is not complete. If you want to exclude 10.0.50.246 > set: > > --packet-filter="not host 10.0.50.246" > > If you look at the ntopng output you will see if the filter is parsed > correctly. > > > > > On Thu, Jan 5, 2017 at 4:05 PM, Brett Stiell (CCIH) < > brett.sti...@cargocarriers.co.zw> wrote: > > Hi there. > > > > Thanks for getting back to me > > > > This is the contents of my ntopng.start file:- > > > > -G=/var/run/ntopng.pid > > --daemon= > > --local-networks="10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" > > --packet-filter 10.0.50.246 > > -m "10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" > > --track-local-hosts > > > > Regards, > > > > Brett > > > > *From:* Simone Mainardi [mailto:maina...@ntop.org] > *Sent:* Thursday, January 05, 2017 3:26 PM > *To:* n...@unipi.it > *Cc:* ntop mailing list > *Subject:* Re: [Ntop] Excluding hosts or a subnet from being > > monitored > > > > > Hi, > > > > --packet-filter is the proper way to do that. Can you please report > > the > > exact filter you specified? Also check (and paste) ntopng output. > > ntopng > > prints a confirmation message if it has successfully parsed the > > filter. > > > > > Regards > > Simone > > > > On Thu, Jan 5, 2017 at 11:14 AM, Brett Stiell (CCIH) < > brett.sti...@cargocarriers.co.zw> wrote: > > Hi. > > > > Is there any way to exclude a subnet or a range of hosts from being > monitored and appearing on the dashboard etc. > > > > Our servers are in a specific IP range and I am not interested in > receiving their usage data. > > > > I tried –B and –packet-filter and “not” but they don’t seem to work. > > > > Thanks > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > -- > Sent from my Android device with Email Mail. Please excuse my > brevity._______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > >
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
