After connecting to the box, I can confirm that that was just a configuration issue.
Simone On Thu, Apr 13, 2017 at 9:37 AM, Emanuele Faranda <[email protected]> wrote: > Hi Roberto, > > From the logs, the problem seems related to the ntopng "NULL interface" > error. Please execute the following instructions in this exact order: > > 1) systemctl stop ntopng > > 2) redis-cli flushall > > 3) rm -rf /data/ntopng (your ntopng data directory) > > 4) systemctl start ntopng > > Can you see the interface "tcp://127.0.0.1:5556" in the interfaces menu > into ntopng? > > Regards, > Emanuele > > On 04/13/2017 04:35 AM, Roberto Alvarado wrote: > > Hi Simone, > > After upgrade to the latest version the problem persist, no data on ntopng. > > I have send you the logs directly to you and Emanuele email. > > Please i need a fix for this, this situation is really frustrating. > > Regards > Roberto > > > On Apr 12, 2017, at 08:33, Simone Mainardi <[email protected]> wrote: > > Roberto, there was an issue that has now been fixed. > > New packages are being rebuilt. Please, wait an hour and then update and > give a feedback. > > Thank you, > > Simone > > On Wed, Apr 12, 2017 at 12:49 AM, Emanuele Faranda <[email protected]> > wrote: > >> Hi Roberto, >> >> As suggested to Mathias, can you add the option -b=2 to nProbe and -v=5 >> to ntopng and send us the log please? >> >> We must understand if flows exported by the collector are correctly seen >> by nProbe or if the problem is in the communication between ntopng and >> nProbe. >> >> Regards, >> Emanuele >> >> >> >> On 04/11/2017 07:57 PM, Roberto Alvarado wrote: >> >>> Update to: >>> >>> ntopng >>> >>> Version 2.5.170411 - Pro Small Business Edition >>> Built on Debian GNU/Linux 8.2 (jessie) >>> nDPI 1.8.0-dev-764-3a8c2d0 >>> >>> nprobe >>> >>> Welcome to nProbe v.7.5.170411 (r5727) for x86_64-unknown-linux-gnu >>> with native PF_RING acceleration. >>> Copyright 2002-17 ntop.org >>> >>> Build OS: Debian GNU/Linux 8.2 (jessie) >>> GIT rev: dev:fef5155c607c28377760e764dafa9f54a462458a:20170411 >>> Edition: nProbe Standard >>> >>> >>> And the problem persist, as Mathias Henze, after upgrade ntop to 2.5 >>> version, now no traffic is registered. >>> >>> Regards >>> Roberto >>> >>> >>> On Apr 10, 2017, at 09:36, Roberto Alvarado <[email protected]> >>>> wrote: >>>> >>>> Hi Emanuele, >>>> >>>> Thanks for your reply, after upgrade my install to the devel version >>>> and remove the data directory and the mysql tables, now ntopng don't shows >>>> traffic :( >>>> >>>> Now in nprobe, I need to specify the flow version? >>>> >>>> nprobe start log: >>>> >>>> 10/Apr/2017 09:22:02 [nprobe.c:3615] Valid nProbe license found >>>> 10/Apr/2017 09:22:02 [nprobe.c:5489] WARNING: The output interfaceId is >>>> set to 0: did you forget to use -Q perhaps ? >>>> 10/Apr/2017 09:22:02 [nprobe.c:5492] WARNING: The input interfaceId is >>>> set to 0: did you forget to use -u perhaps ? >>>> 10/Apr/2017 09:22:02 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 >>>> ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING >>>> acceleration >>>> 10/Apr/2017 09:22:02 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 >>>> (jessie) >>>> 10/Apr/2017 09:22:02 [nprobe.c:5612] [LICENSE] nProbe SystemId: >>>> 10/Apr/2017 09:22:02 [nprobe.c:5726] Sample rate [packet: 1][flow: 1] >>>> 10/Apr/2017 09:22:02 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for >>>> x86_64-unknown-linux-gnu >>>> 10/Apr/2017 09:22:02 [nprobe.c:7046] WARNING: Adding >>>> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector >>>> 10/Apr/2017 09:22:02 [plugin.c:1068] 0 plugin(s) enabled >>>> 10/Apr/2017 09:22:02 [nprobe.c:7575] Non IPv4/v6 traffic is discarded >>>> according to the template >>>> 10/Apr/2017 09:22:02 [util.c:430] GeoIP: loaded AS config file >>>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat >>>> 10/Apr/2017 09:22:02 [util.c:441] GeoIP: loaded AS IPv6 config file >>>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat >>>> 10/Apr/2017 09:22:02 [nprobe.c:8224] IPv6 traffic will NOT be >>>> exported/accounted by this probe >>>> 10/Apr/2017 09:22:02 [nprobe.c:8225] due to configuration options (e.g. >>>> use NetFlow v9) >>>> 10/Apr/2017 09:22:02 [nprobe.c:8226] Please use -V to set the version >>>> to other than NetFlow V5 >>>> 10/Apr/2017 09:22:02 [nprobe.c:8379] Not capturing packet from >>>> interface (collector mode) >>>> 10/Apr/2017 09:22:02 [util.c:4127] Initializing ZMQ as server >>>> 10/Apr/2017 09:22:02 [util.c:4170] Succesfully created ZMQ endpoint >>>> tcp://127.0.0.1:5556 >>>> 10/Apr/2017 09:22:02 [util.c:3216] nProbe changed user to 'nobody' >>>> 10/Apr/2017 09:22:02 [collect.c:143] Flow collector listening on port >>>> 2055 (IPv4/v6) >>>> 10/Apr/2017 09:22:02 [nprobe.c:8605] nProbe started successfully >>>> >>>> Ok, the same but with -V 9 for netflowv9 and ipfix: >>>> >>>> 10/Apr/2017 09:26:26 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 >>>> ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING >>>> acceleration >>>> 10/Apr/2017 09:26:26 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 >>>> (jessie) >>>> 10/Apr/2017 09:26:26 [nprobe.c:5612] [LICENSE] nProbe SystemId: >>>> 10/Apr/2017 09:26:26 [nprobe.c:5726] Sample rate [packet: 1][flow: 1] >>>> 10/Apr/2017 09:26:26 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for >>>> x86_64-unknown-linux-gnu >>>> 10/Apr/2017 09:26:26 [nprobe.c:7118] You selected v9/IPFIX without >>>> specifying a template (-T). >>>> 10/Apr/2017 09:26:26 [nprobe.c:7119] The default template will be used >>>> 10/Apr/2017 09:26:26 [nprobe.c:7124] Using NetFlow Packet Payload Len: >>>> 1472 >>>> 10/Apr/2017 09:26:26 [nprobe.c:7046] WARNING: Adding >>>> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector >>>> 10/Apr/2017 09:26:26 [plugin.c:1068] 0 plugin(s) enabled >>>> 10/Apr/2017 09:26:26 [nprobe.c:7545] Each flow is 105 bytes long >>>> 10/Apr/2017 09:26:26 [nprobe.c:7546] The # flows per packet has been >>>> set to 13 >>>> 10/Apr/2017 09:26:26 [nprobe.c:7549] IP TOS is accounted >>>> 10/Apr/2017 09:26:26 [nprobe.c:7575] Non IPv4/v6 traffic is discarded >>>> according to the template >>>> 10/Apr/2017 09:26:26 [util.c:430] GeoIP: loaded AS config file >>>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat >>>> 10/Apr/2017 09:26:26 [util.c:441] GeoIP: loaded AS IPv6 config file >>>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat >>>> 10/Apr/2017 09:26:26 [nprobe.c:8379] Not capturing packet from >>>> interface (collector mode) >>>> 10/Apr/2017 09:26:26 [util.c:4127] Initializing ZMQ as server >>>> 10/Apr/2017 09:26:26 [util.c:4170] Succesfully created ZMQ endpoint >>>> tcp://127.0.0.1:5556 >>>> 10/Apr/2017 09:26:26 [util.c:3216] nProbe changed user to 'nobody' >>>> 10/Apr/2017 09:26:26 [collect.c:143] Flow collector listening on port >>>> 2055 (IPv4/v6) >>>> 10/Apr/2017 09:26:26 [nprobe.c:8605] nProbe started successfully >>>> >>>> >>>> ntopng dashboard… nothing: >>>> >>>> https://i.dmtinc.cl/image/4uv >>>> >>>> >>>> Version 2.5.170410 - Pro Small Business Edition >>>> Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 >>>> bit >>>> Startup Line ntopng --pid "/var/tmp/ntopng.pid" --daemon "" >>>> --interface "tcp://127.0.0.1:5556" --data-dir "/data/ntopng" >>>> --http-port "3000" --max-num-hosts "300000" --local-networks >>>> "138.xxx.xx.0/xx" --dump-flows "mysql;localhost;ntop;flows;ntop;xxxxx" >>>> Last Log Trace 10/Apr/2017 09:27:37 [MySQLDB.cpp:622] Successfully >>>> connected to MySQL [localhost:ntop] for interface tcp://127.0.0.1:5556 >>>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:582] Attempting to connect to MySQL >>>> for interface tcp://127.0.0.1:5556... >>>> 10/Apr/2017 09:27:37 [NetworkInterface.cpp:1931] Started packet polling >>>> on interface tcp://127.0.0.1:5556 [id: 0]... >>>> 10/Apr/2017 09:27:37 [AddressTree.cpp:171] [AddressTree] >>>> 138.xxx.xxx.0/xxx >>>> 10/Apr/2017 09:27:37 [Ntop.cpp:614] Local Networks >>>> 10/Apr/2017 09:27:37 [Ntop.cpp:612] Local Interface Addresses (System >>>> Host) >>>> 10/Apr/2017 09:27:37 [NtopPro.cpp:300] [LICENSE] Maintenance is >>>> available until Thu Mar 22 12:28:01 2018 [346 days left] >>>> 10/Apr/2017 09:27:37 [NtopPro.cpp:279] [LICENSE] ntopng license: xxxxxx >>>> 10/Apr/2017 09:27:37 [NtopPro.cpp:268] [LICENSE] ntopng systemId: >>>> xxxxxxxxxxx >>>> 10/Apr/2017 09:27:37 [PeriodicActivities.cpp:56] Started periodic >>>> activities loop... >>>> 10/Apr/2017 09:27:37 [Ntop.cpp:297] Built on Debian GNU/Linux 8.2 >>>> (jessie) >>>> 10/Apr/2017 09:27:37 [Ntop.cpp:292] Welcome to ntopng x86_64 >>>> v.2.5.170410 - (C) 1998-17 ntop.org >>>> 10/Apr/2017 09:27:37 [main.cpp:313] Scripts/HTML pages directory: >>>> /usr/share/ntopng >>>> 10/Apr/2017 09:27:37 [main.cpp:311] Working directory: /data/ntopng >>>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering >>>> table flowsv6: changing OUT_BYTES data type to unsigned int. >>>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering >>>> table flowsv6: changing IN_BYTES data type to unsigned int. >>>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering >>>> table flowsv4: changing OUT_BYTES data type to unsigned int. >>>> 10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering >>>> table flowsv4: changing IN_BYTES data type to unsigned int. >>>> 10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering >>>> table flowsv6: changing engine from InnoDB to MyISAM. >>>> 10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering >>>> table flowsv4: changing engine from InnoDB to MyISAM. >>>> 10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering >>>> table flowsv6: renaming BYTES to IN_BYTES and adding OUT_BYTES >>>> 10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering >>>> table flowsv4: renaming BYTES to IN_BYTES and adding OUT_BYTES >>>> 10/Apr/2017 09:27:34 [MySQLDB.cpp:622] Successfully connected to MySQL >>>> [localhost:ntop] for interface tcp://127.0.0.1:5556 >>>> 10/Apr/2017 09:27:34 [MySQLDB.cpp:582] Attempting to connect to MySQL >>>> for interface tcp://127.0.0.1:5556... >>>> 10/Apr/2017 09:27:34 [HTTPserver.cpp:772] HTTP server listening on >>>> port(s) 3000 >>>> 10/Apr/2017 09:27:34 [HTTPserver.cpp:769] Web server dirs >>>> [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] >>>> 10/Apr/2017 09:27:34 [Utils.cpp:368] User changed to nobody >>>> 10/Apr/2017 09:27:34 [HTTPserver.cpp:723] Please read >>>> https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to >>>> enable S >>>> >>>> nothing on mysql: >>>> >>>> MariaDB [ntop]> select count(*) flowsv4; >>>> +---------+ >>>> | flowsv4 | >>>> +---------+ >>>> | 1 | >>>> +---------+ >>>> 1 row in set (0.00 sec) >>>> >>>> MariaDB [ntop]> select count(*) flowsv6; >>>> +---------+ >>>> | flowsv6 | >>>> +---------+ >>>> | 1 | >>>> +---------+ >>>> 1 row in set (0.00 sec) >>>> >>>> MariaDB [ntop]> >>>> >>>> nprobe log on stop: >>>> >>>> 10/Apr/2017 09:32:04 [nprobe.c:2867] Processed packets: 0 (max bucket >>>> search: 0) >>>> 10/Apr/2017 09:32:04 [nprobe.c:2850] Fragment queue length: 0 >>>> 10/Apr/2017 09:32:04 [nprobe.c:2876] Flow export stats: [0 bytes/0 >>>> pkts][0 flows/0 pkts sent] >>>> 10/Apr/2017 09:32:04 [nprobe.c:2883] Flow collection: [collected pkts: >>>> 5277][processed flows: 75120] >>>> 10/Apr/2017 09:32:04 [nprobe.c:2886] Flow drop stats: [0 bytes/0 >>>> pkts][0 flows] >>>> 10/Apr/2017 09:32:04 [nprobe.c:2891] Total flow stats: [0 bytes/0 >>>> pkts][0 flows/0 pkts sent] >>>> >>>> nprobe config: >>>> >>>> -i none >>>> -n none >>>> --daemon-mode >>>> -V 9 (added this option after upgrade) >>>> --no-promisc >>>> --zmq tcp://127.0.0.1:5556 >>>> —collector-port 2055 >>>> >>>> and i dont know what to do now >>>> >>>> Regards >>>> Roberto >>>> >>>> >>>> On Apr 10, 2017, at 04:17, Emanuele Faranda <[email protected]> wrote: >>>>> >>>>> Hi Roberto, >>>>> >>>>> The issue is likely solved in the 2.5 version of ntopng. >>>>> >>>>> Since we are migrating towards the 2.6 release, if you can afford to >>>>> lose your current ntopng collected data, I suggest you to install the 2.5 >>>>> version of ntopng which, at the current time, should be stable enough for >>>>> use. >>>>> >>>>> For the update to the 2.5 version, please be sure to: >>>>> >>>>> - flush redis with "redis-cli flushall" >>>>> >>>>> - remove the ntopng data directory "rm -rf /data/ntopng" >>>>> >>>>> - update nprobe too >>>>> >>>>> Regards, >>>>> Emanuele >>>>> >>>>> >>>>> On 04/10/2017 03:23 AM, Roberto Alvarado wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I have this problem, when I open a host detail, the first and last >>>>>> seen date are from 1970: >>>>>> >>>>>> First / Last Seen 01/01/1970 18:07:04 [47 years, 107 days, 15 >>>>>> hours, 10 min, 44 sec ago] 25/03/1970 03:33:32 [47 years, 25 days, 5 >>>>>> hours, 44 min, 16 sec ago] >>>>>> >>>>>> >>>>>> Do you know how to fix this??? >>>>>> >>>>>> Debian Jessie >>>>>> >>>>>> root@mhost:~# date >>>>>> Fri Apr 7 09:22:13 -03 2017 >>>>>> root@mhost:~# >>>>>> >>>>>> My config: >>>>>> >>>>>> ntopng: >>>>>> >>>>>> >>>>>> Version 2.4.170215 - Pro Small Business Edition >>>>>> Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - >>>>>> 64 bit >>>>>> Startup Line ntopng —pid “/var/tmp/ntopng.pid" --daemon "" >>>>>> --interface "tcp://127.0.0.1:5556" --data-dir "/data/ntopng" >>>>>> --http-port "3000" --local-networks "138.xxx.xxxx.0/22" --dump-flows >>>>>> "mysql;localhost;ntop;flows;ntop;xxxxxxx" >>>>>> >>>>>> nprobe: >>>>>> >>>>>> -i none >>>>>> -n none >>>>>> --daemon-mode >>>>>> --num-threads 1 >>>>>> --no-promisc >>>>>> --zmq tcp://127.0.0.1:5556 >>>>>> --collector-port 2055 >>>>>> >>>>>> >>>>>> Thanks! >>>>>> >>>>>> Regards >>>>>> Robertp >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > _______________________________________________ > Ntop mailing > [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
