Matt, I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015
Simone On Fri, 3 Mar 2017 at 17:28, Matt Kettler <matt.kett...@fourthdim.com> wrote: > Ok, so my first run generated nothing, but that’s with the log level at > the default of “normal”. > > > > Cranking up the log level to debug, I see a few bits that are interesting > (stripping out all the logs that a function got called): > > > > 03/Mar/2017 10:16:17 [HTTPserver.cpp:620] [HTTP] /lua/hosts_stats.lua > [/usr/share/ntopng/scripts/lua/hosts_stats.lua] > > 03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule 0.0.0.0/0 > > 03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule ::/0 > > 03/Mar/2017 10:16:17 [Lua.cpp:112] NULL interface: did you restart ntopng > in the meantime? > > 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file > /usr/share/ntopng/httpdocs/inc/header.inc > > 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp:// > 127.0.0.1:5556 > > 03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556 > > 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp:// > 127.0.0.1:5556 > > 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp:// > 127.0.0.1:5556 > > 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp:// > 127.0.0.1:5556 > > 03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556 > > 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp:// > 127.0.0.1:5556 > > 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp:// > 127.0.0.1:5556 > > 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file > /usr/share/ntopng/httpdocs/inc/hosts_stats_id.inc > > 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file > /usr/share/ntopng/httpdocs/inc/hosts_stats_top.inc > > 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file > /usr/share/ntopng/httpdocs/inc/hosts_stats_bottom.inc > > > > Not sure if the “null interface” and “no allowed interface” bits are the > issue. > > > > My browser-inspect isn’t showing any obvious errors. > > > > *From:* ntop-boun...@listgateway.unipi.it [mailto: > ntop-boun...@listgateway.unipi.it] *On Behalf Of *Simone Mainardi > *Sent:* Friday, March 03, 2017 8:55 AM > > > *To:* n...@unipi.it > *Cc:* ntop@listgateway.unipi.it > *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts.. > > > > Hi, > > > > On Fri, Mar 3, 2017 at 1:48 PM, Matt Kettler <matt.kett...@fourthdim.com> > wrote: > > I don't think it is time. Both have more-or-less the same offset relative > to one particular local NTP server and are both in the same timezone. The > offsets suggests a less than 0.3 millisecond time difference. > > > > Also, wouldn't the same time problem apply to flows, which time out after > 1 minute? And wouldn't that also cause the "hosts" counter to read "0 > hosts" rather than "584 hosts"? > > no. The bottom-right counter show the number of hosts in cache, while the > Hosts page gives only the currently active hosts. So it can be that the > bottom counter is > of the current number of active hosts. > > > > If I go into a flow, and click on a client IP, I can see the first/last > seen line suggest host was seen very recently: > > > > 03/03/2017 07:22:46 [17 min, 56 sec ago] 03/03/2017 07:39:46 [44 sec > ago] > > > > It is also identifying the host as being local and belonging in one of > the host pools I created. It's a shame it doesn't show up in the all hosts > page. > > > > Regardless, I jacked up the local host timeout to 1 hour, which is as high > as it will go. > > > > I am not using "delay flow-create" at all on my asa, and my template > timeout is set to 15 minutes (which I think I may drop to 1-2 minutes > soon). The above "last seen" of 44 seconds suggests they're being exported > often. > > Please, start ntopng in foreground and inspect the console for any error > that may occur when visiting the hosts page. Also use your browser to > search for any possible JS errors (right-click and inspect element before > visiting the empty hosts page). > > > ------------------------------ > > *From:* ntop-boun...@listgateway.unipi.it < > ntop-boun...@listgateway.unipi.it> on behalf of Simone Mainardi < > maina...@ntop.org> > *Sent:* Friday, March 3, 2017 5:45 AM > *To:* n...@unipi.it > *Cc:* ntop@listgateway.unipi.it > *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts.. > > > > Hi, > > > > Is the clock of the ASA set properly? How often flows are exported? My > guess is that timestamps of received flows are not in sync with the ntopng > clock and thus hosts are considered idle and not shown in the web UI. > > > > You may also want to increase idle timeouts from the ntopng preferences > web page. > > > > Regards, > > Simone > > > > On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kett...@fourthdim.com> > wrote: > > I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS > 16.04 to evaluate if it is worth purchasing. > > > > This seems to work partially, I can see flows, protocol breakdowns etc. > However, the population of hosts doesn’t seem to be working so well. > > > > I generally see that there are hosts in the status block in the lower > right, but when I go to "hosts" from the top menu, there are no hosts found. > > > > Flows on the other hand populate correctly, and I can even click on a host > IP in there and get a summary of the host. > > > > I've tried tinkering with various things, like changing the idle timeouts, > and adding local hosts as sticky, but that doesn't seem to help. At one > point I got some local hosts to populate, and they stayed for a while as I > was using sticky locals, but I realized no remotes were ever being added, > so I tried restarting it with sticky-hosts=none, and now nothing is > populated. > > > > I've also tried updating a few times, currently I am running: > > ntopng --version > > v.2.5.170301 [Enterprise/Professional Edition] > > > > and was running: > > v.2.5.170228 [Enterprise/Professional Edition] > > > > and prior to that I was running whatever was current on the apt repo last > friday. > > > > Have I misconfigured something? Failing to understand a limit of the demo > versions? > > > > I'm using this sending netflows from a Cisco ASA to nprobe, which then > zmq's them to ntopng, so these are my conf files: (minor censoring of bits > with xxx's) > > > > nprobe: > > --collector=none > > --interface=none > > --zmq="tcp://*:5556" > > --collector-port=2055 > > --lifetime-timeout=180 > > --idle-timeout=60 > > -g=/var/run/nprobe-none.pid > > --vlanid-as-iface-idx=none > > --as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat > > --daemon-mode > > --dump-stats=/var/log/nprobe/none-0_flows_stats.txt > > --city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat > > -V=5 > > > > ntopng: > > -G=/var/run/ntopng.pid > > --interface="tcp://127.0.0.1:5556" > > --local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx" > > --daemon > > --http-port=3000 > > --sticky-hosts=none > > --dump-hosts=none > > -F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx" > > *This e-mail is intended solely for the addressee. Access to this email by > anyone else is unauthorized. If you have received this e-mail in error, > please notify the sender immediately, delete the e-mail from your computer > and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS > EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH > DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any > action taken or omitted to be taken in reliance on it, is prohibited and > may be unlawful. Fourth Dimension is not responsible for any damages caused > by your unauthorized use of the materials in this e-mail. > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > *This e-mail is intended solely for the addressee. Access to this email by > anyone else is unauthorized. If you have received this e-mail in error, > please notify the sender immediately, delete the e-mail from your computer > and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS > EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH > DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any > action taken or omitted to be taken in reliance on it, is prohibited and > may be unlawful. Fourth Dimension is not responsible for any damages caused > by your unauthorized use of the materials in this e-mail. > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop > > > *This e-mail is intended solely for the addressee. Access to this email by > anyone else is unauthorized. If you have received this e-mail in error, > please notify the sender immediately, delete the e-mail from your computer > and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS > EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH > DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any > action taken or omitted to be taken in reliance on it, is prohibited and > may be unlawful. Fourth Dimension is not responsible for any damages caused > by your unauthorized use of the materials in this e-mail. > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop -- Sent from my iPad. Sorry for typos.
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
