Re: [Ntop] Ntop and ERSPAN

g v.3.3.180125 version. I send you attached an small pcap. > > > > > Greetings > > 2018-03-01 20:54 GMT+01:00 Simone Mainardi <maina...@ntop.org > <mailto:maina...@ntop.org>>: > As you can see from > https://github.com/ntop/ntopng/blob/dev/src/Ne

Re: [Ntop] Ntop and ERSPAN

roduce? > On 1 Mar 2018, at 20:40, Rokkhan <rokk...@gmail.com> wrote: > > Hi, > I am using ntopng and it shows traffic flows as gre, instead of the real > traffic. > Do i have to enable any option? > Greetings > > > El 1 mar. 2018 20:35, "Simone Mainardi&q

Re: [Ntop] Ntop and ERSPAN

ntopng decapsulates GRE tunnels by default. nprobe needs the following option to account for decapsulated traffic: [--tunnel|-5] | Compute flows on tunnelled traffic rather than | on the external envelope Simone > On 28 Feb 2018, at

Re: [Ntop] Ingress Packets Sampling Rate?

Peter, That setting (which defaults to 1) tells ntopng that the input traffic is sampled. If you set it to X, ntopng will know that it is getting only one packet out of X and will perform proper upscaling. > On 19 Feb 2018, at 22:27, Peter Shute wrote: > > Can someone

Re: [Ntop] Disappearing ntopng menu items

Peter, > On 19 Feb 2018, at 22:04, Peter Shute wrote: > > Apologies for the repeat postings. One of our spam filters has suddenly > decided everything from this list is spam. I've whitelisted it now, so > hopefully that's fixed. I suspect this has happened before when the

Re: [Ntop] Wrong Traffic Numbers after upgrade from 2.5 to 3.1

atched after i provided a dump. > > On Thu, Feb 8, 2018 at 12:09 PM, Simone Mainardi <maina...@ntop.org > <mailto:maina...@ntop.org>> wrote: > Enrico, > > Can you please verify, under the interface stats page, if there are sFlow > drops reported? > >

Re: [Ntop] Disappearing ntopng menu items

Peter, > On 14 Feb 2018, at 00:11, Peter Shute wrote: > > If I log into ntopng, then leave it in the browser for a long time (hours? > overnight?), some menu items disappear. For example I no longer see > Preferences in the Settings menu, and the Power menu is no longer

Re: [Ntop] Combining subnet statistics

Peter, > On 13 Feb 2018, at 22:49, Peter Shute <psh...@nuw.org.au> wrote: > > Simone Mainardi wrote: > >>> I have this running now, so I can't try creating host pools unless I undo >> those changes. >>> >>> One thing I've noticed with dynami

Re: [Ntop] IPv6 flow

Joni, The template has ipv6 source and destination addresses but none of the flows sent as data records has a non-zero value for either the source or the destination IPv6 address. They are all valid IPv4 flows. You can verify that on your own with the following wireshark filter against your

Re: [Ntop] Combining subnet statistics

esses? Yes, rename it as if it was a normal interface. Simone > >> -Original Message- >> From: ntop-boun...@listgateway.unipi.it [mailto:ntop- >> boun...@listgateway.unipi.it] On Behalf Of Simone Mainardi >> Sent: Tuesday, 13 February 2018 1:29 AM >

Re: [Ntop] IPv6 flow

Joni, please check again I haven't received anything yet. > On 12 Feb 2018, at 16:03, Joni Lee <nok...@hostinginside.com> wrote: > > On 2018-02-10 20:42, Simone Mainardi wrote: >> Can you guys generate and send privately/upload a NetFlow pcap that >> contains bot

Re: [Ntop] Combining subnet statistics

Yes, you can do that. You should create an host pool for any branch you are interested monitoring. An host pool can be defined as a set of subnets so this will do the trick. Once you've created the pools, visit the ntopng preferences and enable the timeseries creation for them. Simone > On

Re: [Ntop] IPv6 flow

Can you guys generate and send privately/upload a NetFlow pcap that contains both template and data records for IPv4 and IPv6? I want to try and reproduce. Thanks, Simone > On 10 Feb 2018, at 12:52, Matthias Henze wrote: > > Hi, > > thanks for pointing this out and

Re: [Ntop] Wrong Traffic Numbers after upgrade from 2.5 to 3.1

; On Thu, Jun 8, 2017 at 11:51 AM, Enrico Kern <enrico.k...@glispamedia.com > <mailto:enrico.k...@glispamedia.com>> wrote: > ah that did the trick. Thank you > > On Thu, Jun 8, 2017 at 11:48 AM, Simone Mainardi <maina...@ntop.org > <mailto:maina...@ntop.org>> wro

Re: [Ntop] netflow + ntop on BGP

Hello, Very likely you are monitoring plain NetFlow traffic without interpreting its contents. Please, refer to this resource for proper setup: https://www.ntop.org/nprobe/why-nprobejsonzmq-instead-of-native-sflownetflow-support-in-ntopng/

Re: [Ntop] Ntop Digest, Vol 165, Issue 2

- >> >> Message: 1 >> Date: Sat, 3 Feb 2018 19:03:56 +0100 >> From: Simone Mainardi <maina...@ntop.org> >> To: n...@unipi.it >> Cc: ntop@listgateway.unipi.it >> Subject: Re: [Ntop] host_get_json.lua period >> Message-ID: <f0cd4dbf-

Re: [Ntop] WARNING: Config file start not found

Hi, > On 19 Jan 2018, at 00:42, s...@daisychick.com wrote: > > Initial install. Getting an error message "WARNING: Config file start not > found" > > I made the start file as per the install instructions. Is there some > permission thing or something I'm missing? Google does not return any >

Re: [Ntop] installation fails on Ubuntu 1604/64

> > ubuntu@ubuntu:~$ apt-cache show autogen > N: Can't select versions from package 'autogen' as it is purely virtual > N: No packages found > > Thank's ! Yes, that seems to be the problem, i am using Ubuntu1604 Desktop > (Live CD) and not the Server version... > > Jo

Re: [Ntop-misc] Problem installing software alongside ntopng

Jeff, It looks like you have systemd installed on ubuntu14 -- at least this is what I can infer from the package you've tried to install omd-1.20.trusty.amd64.deb. Systemd is not officially distributed with ubuntu14 that comes with upstart. Please, make sure to stay with the init system that

Re: [Ntop] nDPI entries

To create new entries for internal protocols see https://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ You can either use ports, as well as host names/ip addresses. Simone > On 9 Jan 2018, at 01:38,

Re: [Ntop] Ignore asymmetric VLAN tags in ntopng

Yes, you can tell nProbe to ignore VLAN tags. See nProbe option -p. Simone > On 5 Jan 2018, at 19:56, Markus Einarsson wrote: > > Hi, > > In my current port mirroring setup I'm struggling with asymmetric VLAN > tagging in the mirrored traffic. All outgoing packets are

Re: [Ntop-misc] OUT_BYTES value always zero in flow records when I use --disable-cache

ones that can be > aggregated? In my world, many of the tenant networks that we will be > monitoring have a lot of small TCP transactions and DNS UDP dominates much of > the flow volume - at least as a percentage of flow records (not necessarily > byte volume). > > Than

Re: [Ntop] nprobe starts and stops - no log to trouble shoot

Art, It looks like there's a systemctl command that is trying to stop a running nprobe instance (see pid 13045), while you are also running nprobe from the command line (see pid 12778). Make sure all the nprobe processes are stopped (possibly terminate them manually) and then try to re-start

Re: [Ntop-misc] OUT_BYTES value always zero in flow records when I use --disable-cache

Your NetFlow exporter outputs each bi-directional flow as two separate data records -- one for the client-to-server direction and the other for the server-to-client direction. Once the direction is given, one counter for the bytes (i.e., IN_BYTES) is necessary. By default, nProbe automatically

Re: [Ntop] windows and ssl

Hi, Please see https://www.ntop.org/support/faq/how-can-i-move-a-license-to-a-new-server/ Simone > On 4 Jan 2018, at 08:25, support-nt wrote: > > Hi Luca, > > is it possible to use Enterprise license

Re: [Ntop] ntopng installation

Dear Ali, Putting the interface in promiscuous mode means that the interface will pass all the L2 frames to the host -- by default, interfaces immediately check MAC addresses and discard packets that are not destined to them. This causes the IP stack of the host to see all the traffic. Apart

Re: [Ntop-misc] General questions and documentation of nprobe internals

Mark, > >> >> Regarding Kafka, the producer has many configuration options but only very >> few are exposed for configuration in nprobe. Let me ask these one by one: >> >> batch.size, linger.ms , buffer.memory - These are >> essential to controlling batching in Kafka.

Re: [Ntop] How to filter dumped traffic

Hi, > On 21 Dec 2017, at 18:58, Rokkhan wrote: > > Hi, > > I am testing ntopng 3.3.1 on a Centos 7. Is there anyway to filter dumped > packets to disk on an interface? > > I would like to have a dedicated interface to dump traffic but the only > option I see is to dump

Re: [Ntop-misc] General questions and documentation of nprobe internals

Mark, > On 20 Dec 2017, at 13:25, Mark Petronic wrote: > > I am running with nprobe 8.2 in collector mode. I am currently designing a > collection infrastructure so I want to try to understand what nprobe is doing > internally as to better understand how data is being

Re: [Ntop] 1 Router, 2 Uplinks, 1 Netflow

Matthias, You can either enable the dynamic interfaces creation on the ntopng side (e.g., on the basis of the %EXPORTER_IPV4_ADDRESS) or you can run two separate nprobes, one per stream, and then send the results to two ntopng interfaces. Regard, Simone > On 10 Dec 2017, at 15:39, Matthias

Re: [Ntop-misc] Query regarding nProbe collector configuration

Jeff, You need both nProbe and ntopng. nProbe interprets the IPFIX and outputs the data to ntopng that is in charge of visualisation. A simple configuration is the following: ./nprobe -i none -n none --collector-port 9995 --zmq tcp://127.0.0.1:5556 ./ntopng -i tcp://*:5556 -m The

Re: [Ntop] Can't Connect after 3.2 Update

Chris, Yes, please send one error report. Also try to temporarily remove ntopng from the services with /r and run it in the foreground with /c. This should print out errors directly in the terminal. Simone > On 13 Dec 2017, at 01:13, chris b wrote: > > Updated our

Re: [Ntop] Data not persisting through service restart or reboot (MySQL setup)

Matt, According to your description the `gibberish output` should be compressed flow data so it looks like flows go into mysql. Can you please be more specific on what you mean with data doesn't appear to persist? Have you enabled the generation of historical timeseries from the timeseries

[Ntop] New stable releases of ntopng, nProbe and nDPI

Dear All, We are pleased to announce that new stable releases of ntopng, nProbe and nDPI are out. Among the new features introduced it is worth mentioning - Grafana integration and active devices discovery in ntopng - Collection of ASA firewalls NetFlow in nProbe - Customizable application

Re: [Ntop] installation fails on Ubuntu 1604/64

e the problem, i am using Ubuntu1604 Desktop > (Live CD) and not the Server version... > > Joe > > > > Simone > > On 20.11.2017 at 10:12 AM, "Simone Mainardi" <maina...@ntop.org> wrote: > Joe, > > autogen package is available on ubuntu16: >

Re: [Ntop] Contents of /var/tmp/ntopng/

Hello Marat, > On 21 Nov 2017, at 08:07, Marat Khalili wrote: > > Dear ntopng experts, > > Directory /var/tmp/ntopng/ contains 443K inodes (files and directories) on my > system, significant number of which (~20K) changes daily. This number of > small files slows down daily

Re: [Ntop] Email reports

Currently, sending reports via mail is not supported but it is on our TODOs. Simone > On 20 Nov 2017, at 11:33, jose perez wrote: > > Hello. > I have just to install ntopng 3.0 on a pfsense firewall because i need to > send reports of network traffic (wifi, vlan, etc),

Re: [Ntop] installation fails on Ubuntu 1604/64

Josef, See this error: Wait please... ./autogen.sh: line 35: autoreconf: command not found Make sure to install all the prerequisites as explained in https://github.com/ntop/ntopng/blob/dev/doc/README.compilation Regards,

Re: [Ntop-misc] Nprobe: Filter netflow by VLAN tag

rowser, however I cannot see any change, on the > interfaces dropdown I only see "tcp://127.0.0.1:5556" > > Hope you can help. Regards. > > Javier Narváez > > - Mensaje original - > De: "Simone Mainardi" <maina...@ntop.org> > Para:

Re: [Ntop-misc] Nprobe: Filter netflow by VLAN tag

sible to filter that vlan in ntopng? or configure > nprobe in another mode? > > The data comes in sflow from an Arista Switch and there is a lot of flows I > do not need... > > Thank you, kind regards. > > ----- Mensaje original - > De: "Simone

Re: [Ntop] no interface historical if ntopng run in daemon mode

r email: On 6 Nov 2017, at 09:11, Simone Mainardi <maina...@ntop.org> wrote: Icon is not shown where there's no historical data available for that host. Typically this occurs when: - the host is remote (ntopng doesn't record historical activities for remote hosts) - local host time ser

Re: [Ntop] Active Discovery

Hi, it doesn't require any license. It is available in any ntopng version >= 3.1 Simone > On 8 Nov 2017, at 18:45, Christina Phillips wrote: > > Hello – does Active Discovery require a specific license? Or is this tied to > the latest build? > > ~Christina > >

Re: [Ntop-misc] Sflow to netflow collector

A:06:85:C3][vlan 10/10][tos 0][ifIdx: 104 -> > 1000100][subflowId: 0/0x][idx=1480][firstSeen=1509960270/0][direction: RX] > —snip— > > Im concerned about the “NonIP 0.0.0.0” could that be the issue ? > > I’m happy to go back to Arista as ask to verify the devi

Re: [Ntop-misc] Sflow to netflow collector

Alan, Add nProbe options: -i none -n none -V 9 And report. In case you are still not getting the right exporter address, please add -b 2 and report the full nProbe output. Regards, Simone > On 6 Nov 2017, at 09:04, Alan Kemp wrote: > > Hi Guys > > I’m trying to collect

Re: [Ntop] no interface historical if ntopng run in daemon mode

Icon is not shown where there's no historical data available for that host. Typically this occurs when: - the host is remote (ntopng doesn't record historical activities for remote hosts) - local host time series creation has been disabled from the preferences Regards, Simone > On 5 Nov

Re: [Ntop] exporting from ntopng to ElasticSearch

Christina, The function that produces the flow JSON that will be sent to the ElasticSearch is this one: https://github.com/ntop/ntopng/blob/dev/src/NetworkInterface.cpp#L691 You may want to extend it to include all the

Re: [Ntop] ntopng reporting

Hello, You can do that. You just have to create a dynamic interface for each exporter. See: https://github.com/ntop/ntopng/issues/890 and https://github.com/ntop/ntopng/issues/1048 Regards, Simone > On

Re: [Ntop] ntopng and elasticsearch integration

Hi, What is the ntopng version you are using? ES authentication is supported, however, it seems that you have a extra ; after your elasticpassword. Also the double quotes doesn't seem the standard ones. Please check. > On 12 Oct 2017, at 00:10, Christina Phillips wrote: >

Re: [Ntop] Mysql errors

arameters to nprobe? > > /nprobe ... --mysql=\"localhost:ntopng:nf:root:root\"\n" > > Thanks > regards > Roberto > >> Sobre 25-09-2017 4:45:11, Simone Mainardi <maina...@ntop.org> escribió: >> >> Roberto, >> >> Please, refer

Re: [Ntop] Mysql errors

Roberto, Please, refer to this issue: https://github.com/ntop/ntopng/issues/1387 Simone > On 25 Sep 2017, at 06:03, Roberto Alvarado wrote: > > Hi Folks, > > Do you have an idea to fix this kind of errors: > > > Sep 25

Re: [Ntop] ntopng: no alert threshold definition for hosts with private ip

Mandrysch <rocco.mandry...@gmail.com> wrote: > > hi, > > thanks for the answer! > maybe i was not clear in my last email. i see the issue when the host is > flagged as 'local host' and 'private ip'. > > cheers, > rocco > > > On 09/19/2017 07:02 PM, Sim

Re: [Ntop] ntopng: no alert threshold definition for hosts with private ip

Rocco, You can define alerts only for "Local Hosts". Make sure to specify them in CIDR notation using option -m. Regards, Simone > On 19 Sep 2017, at 17:37, Rocco Mandrysch wrote: > > hi, > > i would like to define a threshold for flows which triggers an alert for

Re: [Ntop-misc] Nprobe receiving low number of packets after updating to v8.1

demo mode because it was purchased more than a year ago, is that > the problem? I haven't reached the 25000 flows of demo mode... > > Nprobe v7.4 in demo mode too receives a lot more of packets. > > I would like to get it working before renew it. > > Thank you in ad

Re: [Ntop] ntop-authentication behind proxy

=/authorize.html could mean you entered a wrong user/password pair Regards, Simone > On 8 Sep 2017, at 09:47, Webstyle <nto...@webstyle.ch> wrote: > > Yes, as written, no cookie issue, because I've also tried with another > browser. > > On Sep 8 2017 at 09:36AM, Simone Main

Re: [Ntop] nProbe / ntopng in large home network

zbox_c_series <https://www.zotac.com/product/mini_pcs/zbox_c_series> > or am I best off trawling eBay for an old server? > > Thanks again, > > Dan > > > On 12 Sep 2017 8:56 a.m., "Simone Mainardi" <maina...@ntop.org > <mailt

Re: [Ntop] Question about licenses and ipfix traffic

Roberto, > On 12 Sep 2017, at 16:45, Roberto Alvarado wrote: > > Hi Folks, > > A question, if I have a router with around 50 Gbps of traffic and I want to > send this traffic to ntong/nprobe using IPFIX, > > What is the correct license for this? nProbe standard +

Re: [Ntop] ntop-authentication behind proxy

The issue was not about disabling login, it was a cookie issue. Please, try that... Thank you. Simone > On 8 Sep 2017, at 09:20, Webstyle <nto...@webstyle.ch> wrote: > > On Sep 5 2017 at 03:22PM, Simone Mainardi wrote:> Please, check if this > issue applies and> report:

Re: [Ntop] ntop-authentication behind proxy

Please, check if this issue applies and report: https://github.com/ntop/ntopng/issues/1383 Thanks, Simone > On 5 Sep 2017, at 13:44, Webstyle wrote: > > Hi folks! > > I'd need to use ntop authentication on a reverse-proxied

Re: [Ntop] starting ntop errors and warnings

Spiros, > On 4 Sep 2017, at 21:48, Spiros Papageorgiou <pap...@noc.ntua.gr> wrote: > > On 4/9/2017 10:47 πμ, Simone Mainardi wrote: >> Spiros, >> >>> On 2 Sep 2017, at 06:43, Spiros Papageorgiou <pap...@noc.ntua.gr >>> <mailto:pap...@noc.nt

Re: [Ntop] influxdb support

Spiros, > On 2 Sep 2017, at 11:04, Spiros Papageorgiou wrote: > > Hi all, > > I checked about ntopng supporting influxdb and I only found a feature request > by Luca and a mention of ntop at the Influxdb site. The manpage says nothing > about influx support. > > So,

Re: [Ntop] starting ntop errors and warnings

Spiros, > On 2 Sep 2017, at 06:43, Spiros Papageorgiou wrote: > > Hi Luca, > > I updated everything and the error messages seem to be gone. I can see that > huge pages have been allocated: > > # cat /sys/devices/system/node/node*/meminfo | grep Huge F10Quit

Re: [Ntop] nprobe and ntopng ipfix configuration

Dear Jon, > On 4 Sep 2017, at 04:00, Jon Kirk wrote: > > Hi, > > I have nprobe running on a centos server which is our internet gateway. It > is currently sending netflow v5 (the default) using ZMQ to ntopng which is > running on a windows 7 workstation. ZMQ carries

Re: [Ntop] nprobe config question

Hi David, Please, see below inserted replies, > On 16 Aug 2017, at 17:45, David Kraut wrote: > > Hi All, > > I have ntopng v3 running on Ubuntu 16 and I believe I have nprobe running as > expected on a remote box, which is sending netflow to ntopng. As a sanity >

Re: [Ntop-misc] New ports/applications

ng build or runtime? See for example https://github.com/ntop/nDPI/issues/309#issuecomment-263911392 <https://github.com/ntop/nDPI/issues/309#issuecomment-263911392> Hint: use google to search for previous similar questions: "site:https://github.com/ntop/ custom ndpi protocols"

Re: [Ntop-misc] New ports/applications

Marat, If you are capturing raw packets, then I encourage you to submit a request on the nDPI GitHub page along with a pcap of the traffic you are interested in supporting. If you are collecting NetFlow data, you can't leverage nDPI as no packet payload can be inspected by either nProbe or

Re: [Ntop] Syslog Alert forwarding?

Brian, Alert-to-syslog support is now added: For threshold-based alerts you also have indication if the alert is: * ENGAGED -- that is, the threshold condition holds true * RELEASED -- that is, the threshold condition no longer holds true See: simone@devel:~/nProbe$ sudo tail -f

Re: [Ntop-misc] Help with setting nProbe sample rate

Ryan, According to your Juniper settings, you have 10 packets (run-length = 9 + sample-triggering-packet = 1) sampled every input-rate=100 packets. Thus, the sampling rate is 10/100 = 10%. So please use --collector-sample-rate=10 See: [--collector-sample-rate]| Specify the bytes/pkts

Re: [Ntop-misc] ntopng activities log

Dear Robert, > On 19 Jul 2017, at 16:08, Finze, Robert wrote: > > Hi, > > I've just had a crash of ntopng. > The cause of which was that there were no free inodes on the root partition. I did some tests with a full file system but was unable to reproduce the

Re: [Ntop] Ntop Digest, Vol 158, Issue 15

ne so it is more specific than "Re: > Contents of Ntop digest..." > > > Today's Topics: > > 1. Re: Ntop Digest, Vol 158, Issue 11 (Simone Mainardi) > > > -- > > Message: 1 &

Re: [Ntop] Ntop Digest, Vol 158, Issue 11

When replying, please edit your Subject line so it is more specific than "Re: > Contents of Ntop digest..." > > > Today's Topics: > >1. Help (Chris Markus) >2. Daily download totals needed (Peter Shute) >3. Re: Daily download totals needed (Peter

Re: [Ntop] Daily download totals needed

Peter, Currently, daily totals breakdown are not supported for traffic profiles. As an alternative, you can use the report feature available for the networks -- even though it doesn't separate incoming from outgoing. See this screenshot: The feature shown above is only available in the

Re: [Ntop] Help

Dear Chris, In order to monitor net flow data you need to use ntopng in combination with nProbe. Assuming your have configured your devices to export Netflow on port 2055, you can use this configuration: ./nprobe -i none -n none --collector-port 2055 --zmq tcp://*:5556 This configuration

Re: [Ntop] JSON meta description

> > Enforta ("Prestige-Internet") > > Mobile: +7 (903) 509-25-18 <+7%20903%20509-25-18> > > > > *From:* ntop-boun...@listgateway.unipi.it [mailto:ntop-bounces@ > listgateway.unipi.it] *On Behalf Of *Simone Mainardi > *Sent:* Friday, July 7, 2017 1

Re: [Ntop] JSON meta description

Hello, To determine the list of fields exported to ES, you can refer to this method: https://github.com/ntop/ntopng/blob/dev/src/Flow.cpp#L1693 Regards, Simone On Wed, Jul 5, 2017 at 3:39 PM, Семенищев Павел Леонидович < p.semenish...@enforta.com> wrote: > Hello Team, > > Where can I find the

Re: [Ntop] Netflow (NSEL) updates from Cisco ASA

message with subject or body 'help' to > ntop-requ...@listgateway.unipi.it > > You can reach the person managing the list at > ntop-ow...@listgateway.unipi.it > > When replying, please edit your Subject line so it is more specific than > "Re: Contents of Ntop

Re: [Ntop] Netflow (NSEL) updates from Cisco ASA

Pelham, ASA flow-updates are received and processed by nprobe. However, I am not sure they contain all the necessary information required to properly update flow statistics. Can you please generate and send a .pcap capture file of your ASA netflow (make sure it contains both templates and data

Re: [Ntop] Custom alert on Flows and Alert to mail

supported but it is on our TODO list. Stay tuned! > > -- > > Yann > tel : 14.16 > > ------ > *De: *"Simone Mainardi" <maina...@ntop.org> > *À: *n...@unipi.it > *Cc: *"ntop mailing list" <ntop@listgateway.unipi.i

Re: [Ntop] Issues setting up grafana with ntopng

Hello Ryan, >From the response shown in the timeseries field, it looks like you are getting some "DOCTYPE html..." Can you please: - inspect the ntopng log ans see if there are errors - use the browser inspector (right click on the web page) to investigate errors and network requests, possibly

Re: [Ntop] WARNING: Unknown alert source for entity

Matthias, On Fri, Jun 9, 2017 at 11:19 AM, Matthias Henze <li...@mhcsoftware.de> wrote: > Hi Simone, > > Am 09.06.2017 um 10:59 schrieb Simone Mainardi: > >> Mathias, >> >> Please send extra information. How do you start ntopng? >> > > Nothing

Re: [Ntop] Wrong Traffic Numbers after upgrade from 2.5 to 3.1

Enrico, If I remember correctly, your Arista switches are sending sFlow. So please try to add nProbe option* --upscale-traffic* that will adjust the traffic on the basis of sFlow sampling rates. Simone On Thu, Jun 8, 2017 at 10:52 AM, Enrico Kern wrote: > Hi all,

Re: [Ntop-misc] ntopng bridge on nat gateway with vlans

Dear Thomas, On Tue, May 30, 2017 at 3:22 PM, wrote: > Hi Marco, > > thank you for the answer. > > Let's try to make an easy testcase. How about this: > eth0 wan (external ip) > eth1 lan (192.168.x.x) > > lan gets NATed to wan. > We support bridging in routing mode. A

Re: [Ntop] ntopng nagios integration with windows

Nico, We are reviewing the windows release together with its nagios support. We will release a new stable windows build shortly. Please, hold on. Simone On Wed, May 10, 2017 at 10:16 AM, Nico Vogel wrote: > Hello, > > > > I need some help with the nagios integration.

Re: [Ntop] Need some conceptual guidance with sending flows to ntopng

g the apt-get repo (running LTS 16.04) but when I > changed following the upgrade ntopng still says 2.4.170215 > > My OS is Debian stretch/sid [x86_64][Ubuntu 16.04.1 LTS] - 64 bit > > > Thanks > > ~b > > > > On April 19, 2017 at 2:26 AM Simone Mainardi <maina.

Re: [Ntop-misc] ntopng/nprobe as IPFIX collector - multiple interfaces

Hi Dave, Presently, ntopng allows you to create virtual interfaces on the basis of the IPFIX exporter. That is, if you have multiple routers sending IPFIX on nProbe 2055, ntopng is able to keep their traffic separated. There's also some experimental code to create virtual interfaces on the basis

Re: [Ntop] First and Last seen date problem

ele email. > > Please i need a fix for this, this situation is really frustrating. > > Regards > Roberto > > > On Apr 12, 2017, at 08:33, Simone Mainardi <maina...@ntop.org> wrote: > > Roberto, there was an issue that has now been fixed. > > New packages are b

Re: [Ntop] First and Last seen date problem

Roberto, there was an issue that has now been fixed. New packages are being rebuilt. Please, wait an hour and then update and give a feedback. Thank you, Simone On Wed, Apr 12, 2017 at 12:49 AM, Emanuele Faranda wrote: > Hi Roberto, > > As suggested to Mathias, can you add

Re: [Ntop] Strange "Seen Since" value ...

RESS > %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %NPROBE_IPV4_ADDRESS > %INPUT_SNMP %OUTPUT_SNMP" > > ntop > > -G=/var/run/ntopng.pid > --interface="tcp://127.0.0.1:5556" > --interface="tcp://127.0.0.1:5557" > -F="mysql;localhost;nt

Re: [Ntop] IPv6

Matthias, I guess you've also asked help here and the issue is fixed: https://github.com/ntop/nProbe/issues/169#issuecomment-293005183 If not, please feel free to continue with the thread. On Mon, Apr 10, 2017 at 9:20 AM, Matthias Henze wrote: > Recently I see many flows

Re: [Ntop] Strange "Seen Since" value ...

try version 2.5 that solves the issue On Mon, Apr 10, 2017 at 6:49 PM, Matthias Henze wrote: > Hi, > > all views under "Hosts" (Hosts, Network, Countries, etc.) show strange > "Seen Since" values: 47 years, 111 days, 16 h, 47 min, 32 sec > > How to fix this? > > TIA >

Re: [Ntop] IPv6

Matthias, Don't use the option version -V, that will be automatically determined from the incoming packets. Also specify -n none to avoid exporting netflow and just use ZMQ. Regards, Simone On Fri, Apr 7, 2017 at 10:13 AM, Matthias Henze wrote: > Now I've tried: > >

Re: [Ntop] Basic Newbie Question

On Thu, Apr 6, 2017 at 3:10 PM, Matthias Henze <li...@mhcsoftware.de> wrote: > Hi, > > Am 05.04.2017 um 11:47 schrieb Simone Mainardi: > >> Those reports are now available in the enterprise version of ntopng. >> Please contact our sales dept to get a trial lice

Re: [Ntop] Historical Data Issue's

Hi, On Wed, Apr 5, 2017 at 12:55 PM, Simon Bell wrote: > Hi Simone, > > > > Removing the –V from the nprobe configuration has fixed all the historical > flows, > I'm glad the suggestion helped > I assumed it was needed because of (and 2.4 seemed to require it?): > > > >

Re: [Ntop] Basic Newbie Question

Hi, On Wed, Apr 5, 2017 at 8:32 AM, Matthias Henze wrote: > Hi, > > I try to use Ntop with Mikrotik routers and NetFlow. Basically it works. > My main goal is to collect historical data for reports which I want to > display inside of Ntop. I've read this: > >

Re: [Ntop] NTOPNG Host-Hosts Traffic totals

Dave, On Tue, Apr 4, 2017 at 10:05 PM, Dave Davis wrote: > Running latest version 2.5.170403 > > When clicking on the column header title called "Traffic" of the menu > selection Hosts/Hosts, ( and filtering Local Hosts only), it sorts the > output by Traffic totals. Nice.

Re: [Ntop-misc] nprobe not capturing traffic

TS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT > %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP > %LAST_SWITCHED %FIRST_SWITCHED > -V=9 > -V not needed --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt > > On Sat, Apr 1, 2017 at 5:49 PM, Simone Mainardi <m

Re: [Ntop-misc] nprobe not capturing traffic

> > The scenario is > > eth1 > nprobe (probe-Packet capturing on eth1) -->ntopng ( > collector)( all configuration on single machine) > > Problem: nprobe not capturing traffic. > > thanks in advance.. if you need further information letme know > &g

Re: [Ntop] Historical Data Issue's

Hi Simon, On Fri, Mar 31, 2017 at 4:33 PM, Simon Bell wrote: > Hi Simon, > > > > I believe so, I purchased it a few weeks ago: > > > > *Version* > > 2.5.170331 > > - > Pro Small Business

Re: [Ntop] Historical Data Issue's

Simon, Do you have a valid Pro license? Can you please explain what is the page that doesn't pull in MySQL data? Simone On Fri, Mar 31, 2017 at 1:36 PM, Simon Bell wrote: > Hi Simon, > > > > I’ve re-upped to the nightly builds still seeing the same issue, ignore > the

Re: [Ntop-misc] nprobe not capturing traffic

Khurram Can you please post configurations used in both setups? On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram wrote: > Hi, > I have installed both nprobe and ntopng at ubuntu 16.04. i want to > capture traffic on the same server on eth1 for research experimental >

Re: [Ntop] Validating flow export timeout.

See netflow fields FLOW_ACTIVE_TIMEOUT Timeout value (in seconds) for active flow entries in the NetFlow cache FLOW_INACTIVE_TIMEOUT Timeout value (in seconds) for inactive flow entries in the NetFlow cache Simone On Fri, Mar 31, 2017 at 6:40 AM, asad wrote: > Hi > >

<    1   2   3   4   >