Hi Simone, After upgrade to the latest version the problem persist, no data on ntopng.
I have send you the logs directly to you and Emanuele email. Please i need a fix for this, this situation is really frustrating. Regards Roberto > On Apr 12, 2017, at 08:33, Simone Mainardi <[email protected]> wrote: > > Roberto, there was an issue that has now been fixed. > > New packages are being rebuilt. Please, wait an hour and then update and give > a feedback. > > Thank you, > > Simone > > On Wed, Apr 12, 2017 at 12:49 AM, Emanuele Faranda <[email protected] > <mailto:[email protected]>> wrote: > Hi Roberto, > > As suggested to Mathias, can you add the option -b=2 to nProbe and -v=5 to > ntopng and send us the log please? > > We must understand if flows exported by the collector are correctly seen by > nProbe or if the problem is in the communication between ntopng and nProbe. > > Regards, > Emanuele > > > > On 04/11/2017 07:57 PM, Roberto Alvarado wrote: > Update to: > > ntopng > > Version 2.5.170411 - Pro Small Business Edition > Built on Debian GNU/Linux 8.2 (jessie) > nDPI 1.8.0-dev-764-3a8c2d0 > > nprobe > > Welcome to nProbe v.7.5.170411 (r5727) for x86_64-unknown-linux-gnu > with native PF_RING acceleration. > Copyright 2002-17 ntop.org <http://ntop.org/> > > Build OS: Debian GNU/Linux 8.2 (jessie) > GIT rev: dev:fef5155c607c28377760e764dafa9f54a462458a:20170411 > Edition: nProbe Standard > > > And the problem persist, as Mathias Henze, after upgrade ntop to 2.5 version, > now no traffic is registered. > > Regards > Roberto > > > On Apr 10, 2017, at 09:36, Roberto Alvarado <[email protected] > <mailto:[email protected]>> wrote: > > Hi Emanuele, > > Thanks for your reply, after upgrade my install to the devel version and > remove the data directory and the mysql tables, now ntopng don't shows > traffic :( > > Now in nprobe, I need to specify the flow version? > > nprobe start log: > > 10/Apr/2017 09:22:02 [nprobe.c:3615] Valid nProbe license found > 10/Apr/2017 09:22:02 [nprobe.c:5489] WARNING: The output interfaceId is set > to 0: did you forget to use -Q perhaps ? > 10/Apr/2017 09:22:02 [nprobe.c:5492] WARNING: The input interfaceId is set to > 0: did you forget to use -u perhaps ? > 10/Apr/2017 09:22:02 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 > ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING > acceleration > 10/Apr/2017 09:22:02 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 (jessie) > 10/Apr/2017 09:22:02 [nprobe.c:5612] [LICENSE] nProbe SystemId: > 10/Apr/2017 09:22:02 [nprobe.c:5726] Sample rate [packet: 1][flow: 1] > 10/Apr/2017 09:22:02 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for > x86_64-unknown-linux-gnu > 10/Apr/2017 09:22:02 [nprobe.c:7046] WARNING: Adding %EXPORTER_IPV4_ADDRESS > to the template as nProbe is working as collector > 10/Apr/2017 09:22:02 [plugin.c:1068] 0 plugin(s) enabled > 10/Apr/2017 09:22:02 [nprobe.c:7575] Non IPv4/v6 traffic is discarded > according to the template > 10/Apr/2017 09:22:02 [util.c:430] GeoIP: loaded AS config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat > 10/Apr/2017 09:22:02 [util.c:441] GeoIP: loaded AS IPv6 config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat > 10/Apr/2017 09:22:02 [nprobe.c:8224] IPv6 traffic will NOT be > exported/accounted by this probe > 10/Apr/2017 09:22:02 [nprobe.c:8225] due to configuration options (e.g. use > NetFlow v9) > 10/Apr/2017 09:22:02 [nprobe.c:8226] Please use -V to set the version to > other than NetFlow V5 > 10/Apr/2017 09:22:02 [nprobe.c:8379] Not capturing packet from interface > (collector mode) > 10/Apr/2017 09:22:02 [util.c:4127] Initializing ZMQ as server > 10/Apr/2017 09:22:02 [util.c:4170] Succesfully created ZMQ endpoint > tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> > 10/Apr/2017 09:22:02 [util.c:3216] nProbe changed user to 'nobody' > 10/Apr/2017 09:22:02 [collect.c:143] Flow collector listening on port 2055 > (IPv4/v6) > 10/Apr/2017 09:22:02 [nprobe.c:8605] nProbe started successfully > > Ok, the same but with -V 9 for netflowv9 and ipfix: > > 10/Apr/2017 09:26:26 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 > ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING > acceleration > 10/Apr/2017 09:26:26 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 (jessie) > 10/Apr/2017 09:26:26 [nprobe.c:5612] [LICENSE] nProbe SystemId: > 10/Apr/2017 09:26:26 [nprobe.c:5726] Sample rate [packet: 1][flow: 1] > 10/Apr/2017 09:26:26 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for > x86_64-unknown-linux-gnu > 10/Apr/2017 09:26:26 [nprobe.c:7118] You selected v9/IPFIX without specifying > a template (-T). > 10/Apr/2017 09:26:26 [nprobe.c:7119] The default template will be used > 10/Apr/2017 09:26:26 [nprobe.c:7124] Using NetFlow Packet Payload Len: 1472 > 10/Apr/2017 09:26:26 [nprobe.c:7046] WARNING: Adding %EXPORTER_IPV4_ADDRESS > to the template as nProbe is working as collector > 10/Apr/2017 09:26:26 [plugin.c:1068] 0 plugin(s) enabled > 10/Apr/2017 09:26:26 [nprobe.c:7545] Each flow is 105 bytes long > 10/Apr/2017 09:26:26 [nprobe.c:7546] The # flows per packet has been set to 13 > 10/Apr/2017 09:26:26 [nprobe.c:7549] IP TOS is accounted > 10/Apr/2017 09:26:26 [nprobe.c:7575] Non IPv4/v6 traffic is discarded > according to the template > 10/Apr/2017 09:26:26 [util.c:430] GeoIP: loaded AS config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat > 10/Apr/2017 09:26:26 [util.c:441] GeoIP: loaded AS IPv6 config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat > 10/Apr/2017 09:26:26 [nprobe.c:8379] Not capturing packet from interface > (collector mode) > 10/Apr/2017 09:26:26 [util.c:4127] Initializing ZMQ as server > 10/Apr/2017 09:26:26 [util.c:4170] Succesfully created ZMQ endpoint > tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> > 10/Apr/2017 09:26:26 [util.c:3216] nProbe changed user to 'nobody' > 10/Apr/2017 09:26:26 [collect.c:143] Flow collector listening on port 2055 > (IPv4/v6) > 10/Apr/2017 09:26:26 [nprobe.c:8605] nProbe started successfully > > > ntopng dashboard… nothing: > > https://i.dmtinc.cl/image/4uv <https://i.dmtinc.cl/image/4uv> > > > Version 2.5.170410 - Pro Small Business Edition > Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 bit > Startup Line ntopng --pid "/var/tmp/ntopng.pid" --daemon "" --interface > "tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>" --data-dir "/data/ntopng" > --http-port "3000" --max-num-hosts "300000" --local-networks > "138.xxx.xx.0/xx" --dump-flows "mysql;localhost;ntop;flows;ntop;xxxxx" > Last Log Trace 10/Apr/2017 09:27:37 [MySQLDB.cpp:622] Successfully connected > to MySQL [localhost:ntop] for interface tcp://127.0.0.1:5556 > <http://127.0.0.1:5556/> > 10/Apr/2017 09:27:37 [MySQLDB.cpp:582] Attempting to connect to MySQL for > interface tcp://127.0.0.1:5556... > 10/Apr/2017 09:27:37 [NetworkInterface.cpp:1931] Started packet polling on > interface tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> [id: 0]... > 10/Apr/2017 09:27:37 [AddressTree.cpp:171] [AddressTree] 138.xxx.xxx.0/xxx > 10/Apr/2017 09:27:37 [Ntop.cpp:614] Local Networks > 10/Apr/2017 09:27:37 [Ntop.cpp:612] Local Interface Addresses (System Host) > 10/Apr/2017 09:27:37 [NtopPro.cpp:300] [LICENSE] Maintenance is available > until Thu Mar 22 12:28:01 2018 [346 days left] > 10/Apr/2017 09:27:37 [NtopPro.cpp:279] [LICENSE] ntopng license: xxxxxx > 10/Apr/2017 09:27:37 [NtopPro.cpp:268] [LICENSE] ntopng systemId: xxxxxxxxxxx > 10/Apr/2017 09:27:37 [PeriodicActivities.cpp:56] Started periodic activities > loop... > 10/Apr/2017 09:27:37 [Ntop.cpp:297] Built on Debian GNU/Linux 8.2 (jessie) > 10/Apr/2017 09:27:37 [Ntop.cpp:292] Welcome to ntopng x86_64 v.2.5.170410 - > (C) 1998-17 ntop.org <http://ntop.org/> > 10/Apr/2017 09:27:37 [main.cpp:313] Scripts/HTML pages directory: > /usr/share/ntopng > 10/Apr/2017 09:27:37 [main.cpp:311] Working directory: /data/ntopng > 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table > flowsv6: changing OUT_BYTES data type to unsigned int. > 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table > flowsv6: changing IN_BYTES data type to unsigned int. > 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table > flowsv4: changing OUT_BYTES data type to unsigned int. > 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table > flowsv4: changing IN_BYTES data type to unsigned int. > 10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering table > flowsv6: changing engine from InnoDB to MyISAM. > 10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering table > flowsv4: changing engine from InnoDB to MyISAM. > 10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering table > flowsv6: renaming BYTES to IN_BYTES and adding OUT_BYTES > 10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering table > flowsv4: renaming BYTES to IN_BYTES and adding OUT_BYTES > 10/Apr/2017 09:27:34 [MySQLDB.cpp:622] Successfully connected to MySQL > [localhost:ntop] for interface tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> > 10/Apr/2017 09:27:34 [MySQLDB.cpp:582] Attempting to connect to MySQL for > interface tcp://127.0.0.1:5556... > 10/Apr/2017 09:27:34 [HTTPserver.cpp:772] HTTP server listening on port(s) > 3000 > 10/Apr/2017 09:27:34 [HTTPserver.cpp:769] Web server dirs > [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] > 10/Apr/2017 09:27:34 [Utils.cpp:368] User changed to nobody > 10/Apr/2017 09:27:34 [HTTPserver.cpp:723] Please read > https://github.com/ntop/ntopng/blob/dev/doc/README.SSL > <https://github.com/ntop/ntopng/blob/dev/doc/README.SSL> if you want to > enable S > > nothing on mysql: > > MariaDB [ntop]> select count(*) flowsv4; > +---------+ > | flowsv4 | > +---------+ > | 1 | > +---------+ > 1 row in set (0.00 sec) > > MariaDB [ntop]> select count(*) flowsv6; > +---------+ > | flowsv6 | > +---------+ > | 1 | > +---------+ > 1 row in set (0.00 sec) > > MariaDB [ntop]> > > nprobe log on stop: > > 10/Apr/2017 09:32:04 [nprobe.c:2867] Processed packets: 0 (max bucket search: > 0) > 10/Apr/2017 09:32:04 [nprobe.c:2850] Fragment queue length: 0 > 10/Apr/2017 09:32:04 [nprobe.c:2876] Flow export stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 10/Apr/2017 09:32:04 [nprobe.c:2883] Flow collection: [collected pkts: > 5277][processed flows: 75120] > 10/Apr/2017 09:32:04 [nprobe.c:2886] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 10/Apr/2017 09:32:04 [nprobe.c:2891] Total flow stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > > nprobe config: > > -i none > -n none > --daemon-mode > -V 9 (added this option after upgrade) > --no-promisc > --zmq tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> > —collector-port 2055 > > and i dont know what to do now > > Regards > Roberto > > > On Apr 10, 2017, at 04:17, Emanuele Faranda <[email protected] > <mailto:[email protected]>> wrote: > > Hi Roberto, > > The issue is likely solved in the 2.5 version of ntopng. > > Since we are migrating towards the 2.6 release, if you can afford to lose > your current ntopng collected data, I suggest you to install the 2.5 version > of ntopng which, at the current time, should be stable enough for use. > > For the update to the 2.5 version, please be sure to: > > - flush redis with "redis-cli flushall" > > - remove the ntopng data directory "rm -rf /data/ntopng" > > - update nprobe too > > Regards, > Emanuele > > > On 04/10/2017 03:23 AM, Roberto Alvarado wrote: > Hi, > > I have this problem, when I open a host detail, the first and last seen date > are from 1970: > > First / Last Seen 01/01/1970 18:07:04 [47 years, 107 days, 15 hours, 10 > min, 44 sec ago] 25/03/1970 03:33:32 [47 years, 25 days, 5 hours, 44 min, 16 > sec ago] > > > Do you know how to fix this??? > > Debian Jessie > > root@mhost:~# date > Fri Apr 7 09:22:13 -03 2017 > root@mhost:~# > > My config: > > ntopng: > > > Version 2.4.170215 - Pro Small Business Edition > Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 bit > Startup Line ntopng —pid “/var/tmp/ntopng.pid" --daemon "" --interface > "tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>" --data-dir "/data/ntopng" > --http-port "3000" --local-networks "138.xxx.xxxx.0/22" --dump-flows > "mysql;localhost;ntop;flows;ntop;xxxxxxx" > > nprobe: > > -i none > -n none > --daemon-mode > --num-threads 1 > --no-promisc > --zmq tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> > --collector-port 2055 > > > Thanks! > > Regards > Robertp > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
