Simone, Here when launched from command line:
[root@ntptest plugins]# /usr/bin/ntopng -i eth0 --packet-filter="ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host (192.168.2.227)" 10/Jan/2017 16:10:46 [Ntop.cpp:1121] Setting local networks to 127.0.0.0/8 10/Jan/2017 16:10:46 [Redis.cpp:92] Successfully connected to redis 127.0.0.1:6379@0 10/Jan/2017 16:10:46 [PcapInterface.cpp:85] Reading packets from interface eth0... 10/Jan/2017 16:10:46 [PcapInterface.cpp:254] Packet capture filter on eth0 set to "ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host (192.168.2.227)" 10/Jan/2017 16:10:46 [Ntop.cpp:1267] Registered interface eth0 [id: 0] 10/Jan/2017 16:10:46 [Ntop.cpp:1279] Registered interface view eth0 [id: 0] 10/Jan/2017 16:10:46 [main.cpp:255] PID stored in file /var/run/ntopng.pid 10/Jan/2017 16:10:46 [Utils.cpp:341] User changed to nobody 10/Jan/2017 16:10:46 [HTTPserver.cpp:466] Please read https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable SSL. 10/Jan/2017 16:10:46 [HTTPserver.cpp:509] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 10/Jan/2017 16:10:46 [HTTPserver.cpp:512] HTTP server listening on port 3000 10/Jan/2017 16:10:46 [main.cpp:295] Working directory: /var/tmp/ntopng 10/Jan/2017 16:10:46 [main.cpp:297] Scripts/HTML pages directory: /usr/share/ntopng 10/Jan/2017 16:10:46 [Ntop.cpp:271] Welcome to ntopng x86_64 v.2.4.161019 - (C) 1998-2016 ntop.org<http://ntop.org> 10/Jan/2017 16:10:46 [Ntop.cpp:276] Built on CentOS release 6.8 (Final) 10/Jan/2017 16:10:46 [PeriodicActivities.cpp:53] Started periodic activities loop... 10/Jan/2017 16:10:46 [RuntimePrefs.cpp:34] Dumping alerts into syslog 10/Jan/2017 16:10:46 [Ntop.cpp:531] Adding 192.168.2.0/24 as IPv4 local network for eth0 10/Jan/2017 16:10:46 [Ntop.cpp:561] Adding fe80::20c:29ff:fe83:c98e/64 as IPv6 local network for eth0 10/Jan/2017 16:10:46 [NetworkInterface.cpp:1538] Started packet polling on interface eth0 [id: 0]... 10/Jan/2017 16:10:53 [NetworkInterface.cpp:1058] Invalid packet received [len: 1804][MTU: 1518]. 10/Jan/2017 16:10:53 [NetworkInterface.cpp:1059] WARNING: If you have TSO/GRO enabled, please disable it 10/Jan/2017 16:10:53 [NetworkInterface.cpp:1061] WARNING: Use: sudo ethtool -K eth0 gro off gso off tso off Seem that the filter passed but still can see IP 192.168.2.227 on my list! Gerhard, On Jan 10, 2017, at 4:04 PM, Simone Mainardi <[email protected]<mailto:[email protected]>> wrote: Gerhard, From the logs I can't see anything that confirms ntopng has read/parsed the bpf filter specified. It looks like the filter is ignored. I am not sure those logs contain the full output, though. Can you please run ntopng in foreground and paste the output? Simply call /usr/local/bin/ntopng /etc/ntopng/ntopng.conf Regards, Simone On Mon, Jan 9, 2017 at 8:46 PM, Gerhard Mourani <[email protected]<mailto:[email protected]>> wrote: Configuration: --interface tcp://127.0.0.1:5556 --packet-filter "ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host 10.0.0.39" --local-networks 10.0.0.0/24,192.168.2.0/24 --daemon --user ntopng --pid /var/run/ntopng/ntopng.pid --http-port 0 --https-port 3001 --data-dir /var/lib/nst/ntopng --dns-mode 1 --disable-autologout --disable-login 0 --sticky-hosts none --http-prefix /ntopng --ndpi-protocols /etc/ntopng/protos.txt Log file: 09/Jan/2017 14:43:49 [Ntop.cpp:1121] Setting local networks to 10.0.0.0/24,192.168.2.0/24 09/Jan/2017 14:43:49 [Redis.cpp:92] Successfully connected to redis 127.0.0.1:6379@0 09/Jan/2017 14:43:49 [Ntop.cpp:1095] Parent process is exiting (this is normal) 09/Jan/2017 14:43:49 [Ntop.cpp:1267] Registered interface tcp://127.0.0.1:5556 [id: 1] 09/Jan/2017 14:43:49 [Ntop.cpp:1279] Registered interface view tcp://127.0.0.1:5556 [id: 1] 09/Jan/2017 14:43:49 [main.cpp:255] PID stored in file /var/run/ntopng/ntopng.pid 09/Jan/2017 14:43:49 [Utils.cpp:341] User changed to ntopng 09/Jan/2017 14:43:49 [HTTPserver.cpp:509] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 09/Jan/2017 14:43:49 [HTTPserver.cpp:515] HTTPS server listening on port 3001 09/Jan/2017 14:43:49 [main.cpp:295] Working directory: /var/lib/nst/ntopng 09/Jan/2017 14:43:49 [main.cpp:297] Scripts/HTML pages directory: /usr/share/ntopng 09/Jan/2017 14:43:49 [Ntop.cpp:271] Welcome to ntopng x86_64 v.2.4.161013 - (C) 1998-2016 ntop.org 09/Jan/2017 14:43:49 [Ntop.cpp:276] Built on CentOS release 6.8 (Final) 09/Jan/2017 14:43:49 [PeriodicActivities.cpp:53] Started periodic activities loop... 09/Jan/2017 14:43:49 [RuntimePrefs.cpp:34] Dumping alerts into syslog 09/Jan/2017 14:43:49 [NetworkInterface.cpp:1538] Started packet polling on interface tcp://127.0.0.1:5556 [id: 1]... 09/Jan/2017 14:43:50 [CollectorInterface.cpp:104] Collecting flows on tcp://127.0.0.1:5556 [ntopng->nprobe] Gerhard, On Jan 9, 2017, at 11:26 AM, Simone Mainardi <[email protected]> wrote: Gerhard, please attach the configuration used and the full ntopng console output (or log file). On Mon, Jan 9, 2017 at 2:24 PM, Gerhard Mourani <[email protected]> wrote: Simone, The issue is that even if 10.0.0.39 is filtered to be excluded, it appears in the view of top hosts. Also, the IP 0.0.0.0 appaers and I don't have any idea about what it is? [X] GERHARD MOURANI | Spécialiste Telecom – Concepteur Logiciel 450 761-9973 p634 | [email protected] 9935, rue de Châteauneuf, bureau 120, Brossard, Québec, J4Z 3V4 Québec 418 907-8356 | Ottawa 613 689-1539 | Toronto 416 645-5626 facebook.com/Prival-230867980323343 linkedin.com/company/prival [X] On Jan 8, 2017, at 5:36 AM, Simone Mainardi <[email protected]> wrote: Gerhard, The filter is correct and properly parsed by ntopng. So what is the issue you are experiencing? Simone On Thu, Jan 5, 2017 at 7:58 PM, Gerhard Mourani <[email protected]> wrote: This doesn't work for me, I'm using the following parameters to exclude 10.0.0.39 which is my ntopng server IP: --packet-filter "ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host 10.0.0.39" Gerhard, On Jan 5, 2017, at 12:09 PM, [email protected] wrote: Thank you Simone. I will try that tomorrow morning. Much appreciated. On January 5, 2017 6:40:25 PM GMT+02:00, Simone Mainardi <[email protected]> wrote: Brett, the filter is not complete. If you want to exclude 10.0.50.246 set: --packet-filter="not host 10.0.50.246" If you look at the ntopng output you will see if the filter is parsed correctly. On Thu, Jan 5, 2017 at 4:05 PM, Brett Stiell (CCIH) < [email protected]> wrote: Hi there. Thanks for getting back to me This is the contents of my ntopng.start file:- -G=/var/run/ntopng.pid --daemon= --local-networks="10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" --packet-filter 10.0.50.246 -m "10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" --track-local-hosts Regards, Brett *From:* Simone Mainardi [mailto:[email protected]] *Sent:* Thursday, January 05, 2017 3:26 PM *To:* [email protected] *Cc:* ntop mailing list *Subject:* Re: [Ntop] Excluding hosts or a subnet from being monitored Hi, --packet-filter is the proper way to do that. Can you please report the exact filter you specified? Also check (and paste) ntopng output. ntopng prints a confirmation message if it has successfully parsed the filter. Regards Simone On Thu, Jan 5, 2017 at 11:14 AM, Brett Stiell (CCIH) < [email protected]> wrote: Hi. Is there any way to exclude a subnet or a range of hosts from being monitored and appearing on the dashboard etc. Our servers are in a specific IP range and I am not interested in receiving their usage data. I tried –B and –packet-filter and “not” but they don’t seem to work. Thanks _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop -- Sent from my Android device with Email Mail. Please excuse my brevity._______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
