Gerard,
On Tue, Jan 10, 2017 at 10:13 PM, Gerhard Mourani <gmour...@prival.ca> wrote: > Simone, > > Here when launched from command line: > > [root@ntptest plugins]# /usr/bin/ntopng -i eth0 --packet-filter="ip and > not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not net ( > 224.0.0.0/8 or 239.0.0.0/8) and not host (192.168.2.227)" > OK, so the filter is properly parsed. I went back through this thread and found that you complained that > "The issue is that even if 10.0.0.39 is filtered to be excluded, it appears in the view of top hosts.," The point here is that the filter doesn't contain any clause that matches host 10.0.0.39 ... > 10/Jan/2017 16:10:46 [Ntop.cpp:1121] Setting local networks to 127.0.0.0/8 > 10/Jan/2017 16:10:46 [Redis.cpp:92] Successfully connected to redis > 127.0.0.1:6379@0 > 10/Jan/2017 16:10:46 [PcapInterface.cpp:85] Reading packets from interface > eth0... > 10/Jan/2017 16:10:46 [PcapInterface.cpp:254] Packet capture filter on eth0 > set to "ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not > net (224.0.0.0/8 or 239.0.0.0/8) and not host (192.168.2.227)" > 10/Jan/2017 16:10:46 [Ntop.cpp:1267] Registered interface eth0 [id: 0] > 10/Jan/2017 16:10:46 [Ntop.cpp:1279] Registered interface view eth0 [id: 0] > 10/Jan/2017 16:10:46 [main.cpp:255] PID stored in file /var/run/ntopng.pid > 10/Jan/2017 16:10:46 [Utils.cpp:341] User changed to nobody > 10/Jan/2017 16:10:46 [HTTPserver.cpp:466] Please read > https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to > enable SSL. > 10/Jan/2017 16:10:46 [HTTPserver.cpp:509] Web server dirs > [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] > 10/Jan/2017 16:10:46 [HTTPserver.cpp:512] HTTP server listening on port > 3000 > 10/Jan/2017 16:10:46 [main.cpp:295] Working directory: /var/tmp/ntopng > 10/Jan/2017 16:10:46 [main.cpp:297] Scripts/HTML pages directory: > /usr/share/ntopng > 10/Jan/2017 16:10:46 [Ntop.cpp:271] Welcome to ntopng x86_64 v.2.4.161019 > - (C) 1998-2016 ntop.org > 10/Jan/2017 16:10:46 [Ntop.cpp:276] Built on CentOS release 6.8 (Final) > 10/Jan/2017 16:10:46 [PeriodicActivities.cpp:53] Started periodic > activities loop... > 10/Jan/2017 16:10:46 [RuntimePrefs.cpp:34] Dumping alerts into syslog > 10/Jan/2017 16:10:46 [Ntop.cpp:531] Adding 192.168.2.0/24 as IPv4 local > network for eth0 > 10/Jan/2017 16:10:46 [Ntop.cpp:561] Adding fe80::20c:29ff:fe83:c98e/64 as > IPv6 local network for eth0 > 10/Jan/2017 16:10:46 [NetworkInterface.cpp:1538] Started packet polling on > interface eth0 [id: 0]... > 10/Jan/2017 16:10:53 [NetworkInterface.cpp:1058] Invalid packet received > [len: 1804][MTU: 1518]. > 10/Jan/2017 16:10:53 [NetworkInterface.cpp:1059] WARNING: If you have > TSO/GRO enabled, please disable it > 10/Jan/2017 16:10:53 [NetworkInterface.cpp:1061] WARNING: Use: sudo > ethtool -K eth0 gro off gso off tso off > > Seem that the filter passed but still can see IP 192.168.2.227 on my list! > > Gerhard, > > > On Jan 10, 2017, at 4:04 PM, Simone Mainardi <maina...@ntop.org> wrote: > > Gerhard, > > From the logs I can't see anything that confirms ntopng has read/parsed > the bpf filter specified. It looks like the filter is ignored. I am not > sure those logs contain the full output, though. > > Can you please run ntopng in foreground and paste the output? Simply call > /usr/local/bin/ntopng /etc/ntopng/ntopng.conf > > Regards, > Simone > > On Mon, Jan 9, 2017 at 8:46 PM, Gerhard Mourani <gmour...@prival.ca> > wrote: > Configuration: > --interface tcp://127.0.0.1:5556 > --packet-filter "ip and not proto ipv6 and not ether host > ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host > 10.0.0.39" > --local-networks 10.0.0.0/24,192.168.2.0/24 > --daemon > --user ntopng > --pid /var/run/ntopng/ntopng.pid > --http-port 0 > --https-port 3001 > --data-dir /var/lib/nst/ntopng > --dns-mode 1 > --disable-autologout > --disable-login 0 > --sticky-hosts none > --http-prefix /ntopng > --ndpi-protocols /etc/ntopng/protos.txt > > Log file: > 09/Jan/2017 14:43:49 [Ntop.cpp:1121] Setting local networks to > 10.0.0.0/24,192.168.2.0/24 > 09/Jan/2017 14:43:49 [Redis.cpp:92] Successfully connected to redis > 127.0.0.1:6379@0 > 09/Jan/2017 14:43:49 [Ntop.cpp:1095] Parent process is exiting (this is > normal) > 09/Jan/2017 14:43:49 [Ntop.cpp:1267] Registered interface tcp:// > 127.0.0.1:5556 [id: 1] > 09/Jan/2017 14:43:49 [Ntop.cpp:1279] Registered interface view tcp:// > 127.0.0.1:5556 [id: 1] > 09/Jan/2017 14:43:49 [main.cpp:255] PID stored in file > /var/run/ntopng/ntopng.pid > 09/Jan/2017 14:43:49 [Utils.cpp:341] User changed to ntopng > 09/Jan/2017 14:43:49 [HTTPserver.cpp:509] Web server dirs > [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] > 09/Jan/2017 14:43:49 [HTTPserver.cpp:515] HTTPS server listening on port > 3001 > 09/Jan/2017 14:43:49 [main.cpp:295] Working directory: /var/lib/nst/ntopng > 09/Jan/2017 14:43:49 [main.cpp:297] Scripts/HTML pages directory: > /usr/share/ntopng > 09/Jan/2017 14:43:49 [Ntop.cpp:271] Welcome to ntopng x86_64 v.2.4.161013 > - (C) 1998-2016 ntop.org > 09/Jan/2017 14:43:49 [Ntop.cpp:276] Built on CentOS release 6.8 (Final) > 09/Jan/2017 14:43:49 [PeriodicActivities.cpp:53] Started periodic > activities loop... > 09/Jan/2017 14:43:49 [RuntimePrefs.cpp:34] Dumping alerts into syslog > 09/Jan/2017 14:43:49 [NetworkInterface.cpp:1538] Started packet polling on > interface tcp://127.0.0.1:5556 [id: 1]... > 09/Jan/2017 14:43:50 [CollectorInterface.cpp:104] Collecting flows > on tcp://127.0.0.1:5556 [ntopng->nprobe] > > Gerhard, > > On Jan 9, 2017, at 11:26 AM, Simone Mainardi <maina...@ntop.org> wrote: > > Gerhard, please attach the configuration used and the full ntopng console > output (or log file). > > On Mon, Jan 9, 2017 at 2:24 PM, Gerhard Mourani <gmour...@prival.ca > > wrote: > Simone, > > The issue is that even if 10.0.0.39 is filtered to be excluded, it appears > in the view of top hosts. Also, the IP 0.0.0.0 appaers and I don't have > any idea about what it is? > > > > GERHARD MOURANI | Spécialiste Telecom – Concepteur Logiciel > 450 761-9973 p634 | gmour...@prival.ca > 9935, rue de Châteauneuf, bureau 120, Brossard, Québec, J4Z 3V4 > Québec 418 907-8356 | Ottawa 613 689-1539 | Toronto 416 645-5626 > facebook.com/Prival-230867980323343 > linkedin.com/company/prival > > > > On Jan 8, 2017, at 5:36 AM, Simone Mainardi <maina...@ntop.org> wrote: > > Gerhard, > > The filter is correct and properly parsed by ntopng. So what is the issue > you are experiencing? > > Simone > > On Thu, Jan 5, 2017 at 7:58 PM, Gerhard Mourani <gmour...@prival.ca > > wrote: > This doesn't work for me, I'm using the following parameters to exclude > 10.0.0.39 which is my ntopng server IP: > --packet-filter "ip and not proto ipv6 and not ether host > ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host > 10.0.0.39" > > Gerhard, > > On Jan 5, 2017, at 12:09 PM, brett.sti...@cargocarriers.co.zw wrote: > > Thank you Simone. > > I will try that tomorrow morning. > > Much appreciated. > > > > On January 5, 2017 6:40:25 PM GMT+02:00, Simone Mainardi < > maina...@ntop.org> wrote: > > Brett, the filter is not complete. If you want to exclude 10.0.50.246 > set: > > --packet-filter="not host 10.0.50.246" > > If you look at the ntopng output you will see if the filter is parsed > correctly. > > > > > On Thu, Jan 5, 2017 at 4:05 PM, Brett Stiell (CCIH) < > brett.sti...@cargocarriers.co.zw> wrote: > > Hi there. > > > > Thanks for getting back to me > > > > This is the contents of my ntopng.start file:- > > > > -G=/var/run/ntopng.pid > > --daemon= > > --local-networks="10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" > > --packet-filter 10.0.50.246 > > -m "10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" > > --track-local-hosts > > > > Regards, > > > > Brett > > > > *From:* Simone Mainardi [mailto:maina...@ntop.org] > *Sent:* Thursday, January 05, 2017 3:26 PM > *To:* n...@unipi.it > *Cc:* ntop mailing list > *Subject:* Re: [Ntop] Excluding hosts or a subnet from being > > monitored > > > > > Hi, > > > > --packet-filter is the proper way to do that. Can you please report > > the > > exact filter you specified? Also check (and paste) ntopng output. > > ntopng > > prints a confirmation message if it has successfully parsed the > > filter. > > > > > Regards > > Simone > > > > On Thu, Jan 5, 2017 at 11:14 AM, Brett Stiell (CCIH) < > brett.sti...@cargocarriers.co.zw> wrote: > > Hi. > > > > Is there any way to exclude a subnet or a range of hosts from being > monitored and appearing on the dashboard etc. > > > > Our servers are in a specific IP range and I am not interested in > receiving their usage data. > > > > I tried –B and –packet-filter and “not” but they don’t seem to work. > > > > Thanks > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > -- > Sent from my Android device with Email Mail. Please excuse my > brevity._______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > > > >
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
