Hi, On Sat, Apr 1, 2017 at 7:24 AM, Shahzada Khurram <[email protected]> wrote:
> hi Simone, > thanks for reply please find below detail configuration, > all configuration done by nbox web Gui mode. . > 1. independently ntopng working fine and traffic capturing working fine > 2. When we configure nprobe ( probe) with ntopng ( collector ) its not > working. > > (ntopng log ) > > 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng > 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C) > 1998-2016 ntop.org > 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS > 31/Mar/2017 22:17:32 Started periodic activities loop... > 31/Mar/2017 22:17:32 Dumping alerts into syslog > 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E > 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6 > 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar 29 > 01:48:45 2018 [362 days left] > 31/Mar/2017 22:17:32 Started packet polling on interface tcp:// > 127.0.0.1:5556 [id: 4]... > 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556 > [nprobe->ntopng] > > (nprobe log) > > 31/Mar/2017 22:19:07 Each flow is 63 bytes long > 31/Mar/2017 22:19:07 The # packets per flow has been set to 22 > 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the > template > 31/Mar/2017 22:19:07 GeoIP: loaded AS config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat > 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file > /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat > 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your > collector might ignore these flows. > 31/Mar/2017 22:19:07 Using packet capture length 128 > 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: 128 > bytes] > 31/Mar/2017 22:19:07 nProbe changed user to 'nobody' > 31/Mar/2017 22:19:07 nProbe started successfully > > (nprobe-eth1-conf) > > -n=tcp://127.0.0.1:5556 > this is not OK. Collector should be empty (-n=none) or use another port as port 5556 is used by ntopng to listen for ZMQ packets. this option is missing: --zmq="tcp://127.0.0.1:5556" > -i=eth1 > -s=128 > -t=60 > -d=60 > -a=0 > -e=1 > -B=10 > -w=128000 > -z=0 > -S=1:1 > -E=0:0 > -g=/var/run/nprobe-eth1.pid > -p=1/0/0/0/0/1 > --zmq-probe-mode > If you want to use nprobe with --zmq-probe-mode then ntopng should be executed with -i tcp://127.0.0.1:5556c (see the c after the port). Your ntopng configuration doesn't have that. --vlanid-as-iface-idx=none > -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT > %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP > %LAST_SWITCHED %FIRST_SWITCHED > -V=9 > --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt > > > The scenario is > > eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng ( > collector) ( all configuration on single machine) > > Problem: nprobe not capturing traffic. > > thanks in advance.. if you need further information letme know > > > khurram > > > > On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <[email protected]> > wrote: > >> Khurram >> >> Can you please post configurations used in both setups? >> >> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <[email protected]> >> wrote: >> >>> Hi, >>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to >>> capture traffic on the same server on eth1 for research experimental >>> purpose. but the problem is when i run ntopng as interdependent its working >>> fine and capturing the packet. but when i run ntopng as collector with >>> nprobe. nprobe not capturing traffic. is there any special setting for >>> nprobe. please help me for this regard. >>> >>> -- >>> >>> *Thanks & Regards,* >>> >>> * Khurram* >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > > > > -- > > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
