Sacha, if nprobe is used as collector do nprobe -n none -i none -3 2055 --zmq “tcp://*:5888 <tcp://*:5888>”
Regards Luca > On 15 Nov 2015, at 21:13, Sacha Yunusic <[email protected]> wrote: > > Hi there, > I’m starting using ntopng and nprobe and we want to use it in production, so > I’m in the learning process. > The lab I’m running has some boxes that send NetFlow v9 to the server where > I’ve running nprobe and ntopng, thru udp-2055: > [root~]# tcpdump port 2055 -nnn > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes > 16:58:22.508489 IP 192.168.xxx.yyy.58136 > 192.168.zzz.www.2055: UDP, length > 1368 > 16:58:22.508529 IP 192.168.xxx.yyy.58136 > 192.168.zzz.www.2055: UDP, length > 692 > > 192.168.xxx.yyy is the box that sends Netflow, and 192.168.zzz.www is the > server we’re running nprobe and ntopng. > > What I want is to capture that Netflow v9 traffic, send it to ntopng, so, > this is what I’m doing: > # nprobe -n 127.0.0.1:2055 -i em1 --zmq "tcp://*:5888 <tcp://*:5888>" --redis > 127.0.0.1:6379 --flow-version 9 > I’m not sure how usefull/needed is to have Redis in here… but still… > In this case, I see traffic, but only traffic I see in em1 (eth0) that is > sent directly to my probe server (not the netflow data), so I tried this: > > # nprobe -n 127.0.0.1:2055 -i none --zmq "tcp://*:5888 <tcp://*:5888>" > --redis 127.0.0.1:6379 --flow-version 9 > > And there I don’t see any flows nor anything. > > At the nprobeng part, this is what I do: > # ntopng -i tcp://127.0.0.1:5888 <tcp://127.0.0.1:5888> --redis > 127.0.0.1:6379 --http-port 4000 > > What I’m doing bad? > > Sacha Yunusic | Gerente Técnico | Pentagon Security & Akainix > Av. Kennedy 4700, Piso 10, Of. 1002, Edificio New Century, Vitacura | Código > Postal (ZIP Code) 7630454 > Central: (56-2) 2246 1050 | Directo: (56-2) 2246 2620 | Cel: (56-9) 9883 4752 > | www.penta-sec.com <http://www.penta-sec.com/> & www.akainix.com > <http://www.akainix.com/> > > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
