Gerard, When you say wildly inaccurate, are you referring to the realtime charts in the dashboard only? I would expect them to be somehow inaccurate due to the nature of NetFlow, but once you visit the historical pages then totals and speeds must be accurate.
Try and visit the historical charts page of the interface, or the same page for any of your local hosts. Exact data must be there. If you want to mitigate the inaccuracy of the dashboard, you should reduce the refresh rate to a value that is meaningful, on the basis of the NetFlow timeouts you have configured. To change this, visit the interface page, wheel menu entry, and change the setting. You can also try and disable the nProbe cache to make sure flows are delivered straight to ntopng as soon as they are received. Option is --disable-cache. Feel free to attach screenshots if necessary. Simone > On 14 Jan 2019, at 23:54, Gerard Beekmans <gbeekm...@tsag.net> wrote: > > Hi, > > I just finished setting up ntong Enterprise along with nprobe Professional. I > am seeing traffic rates/speeds that are much higher than what they are, > likely due to a misconfiguration on my end or a limitation of the setup. > > We’re using an Exinda packet shaper appliance that sends Netflow V9 to nprobe > which in turn sends it to ntopng. All the traffic appear to show up in > ntopng’s web GUI but with much higher rates than what they are, sometimes > 100x faster than what the speeds physically could be. > > From our central location we have VPN tunnels established with dozens of > remote sites that we provide Internet to. Despite some of those sites only > having 2 to 5 Mbps available speed, ntopng reports their flows as hundreds of > Mbps. > > /etc/ntopng/ntopng.conf configuration: > > -G=/var/run/ntopng.pid > -i=tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556> > > /etc/nprobe/nprobe.conf configuration: > > -i=none > -n=none > -3=2055 > --zmq=tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556> > -T="@NTOPNG@" > -V=9 > -d=1 > -t=60 > > From what I have been able to glean from posts online is that this is in part > a limitation of how Netflow works and possible an issue with the idle timeout > values? I can’t find an exact timeout number that the Exinda appliance uses. > Its documentation mentions that flows are “exported within 10 seconds” and > has a 1 minute timeout configured for persistent or long-term flows. > > I tried setting the nprobe timeout to both ’10’ and most recently ‘1’ which > seems to have made no difference. > > It is important to get this information correct. We previously used a > programmed called Plixer which did a better job at portraying actual speeds > (it also was nowhere near correct but the discrepancy was not significant > enough to worry about it too much). > > We require this level of precision for reporting and forensics. For example, > on a nearly daily basis we will be asked questions such as “why was the > Internet slow at our location at X day during Y and Z hours”. I need to be > able to piece together what happened on a specific subnet, on certain days > during certain timeframes and need to show the data that includes which > applications were at fault (often it’s the Netflix and other social media and > streaming at fault, or various OS updates). > > Any insights and help in fixing this, if possible, would be much appreciated. > Thanks, > Gerard Beekmans > Sr. Network Engineer > First Nations Technical Services Advisory Group Inc. > Phone: 780-638-2739 <tel:780-638-2739> > Fax: 780-483-8632 <tel:780-483-8632> > Helpdesk: 1-888-999-3356 <tel:1-888-999-3356> > Email: gbeekm...@tsag.net <mailto:gbeekm...@tsag.net> > Santa Fe Plaza > 18232 - 102 Avenue NW > Edmonton, AB T5S 1S7 > http://www.tsag.net <http://www.tsag.net/> > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
