Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Misc
Nprobe receiving low number of packets after updating to v8.1
jnarvaez at loading
Sep 18, 2017, 12:55 AM
Post #1 of 5 (780 views)
Permalink
Hi! after upgrading to nprobe v8.1, it is receveing a very low number of packets, need I to change something in the config?

v7.4 conf file:
-i eth0
--collector-port 9996
--zmq "tcp://127.0.0.1:5556"
-u 1
-Q 1

Results after 10s running Nprobe v7.4:
[root@ntopng /]# timeout 10s /usr/local/bin/nprobe /etc/nprobe/nprobe.conf
18/Sep/2017 09:36:48 [nprobe.c:3391] ERROR: Invalid nProbe license (/etc/nprobe.license) [License mismatch error]
18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ **
18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************
18/Sep/2017 09:36:48 [nprobe.c:4916] -i is ignored as --collector-port|-3 has been used: using '-i none'
18/Sep/2017 09:36:48 [nprobe.c:4975] Welcome to nProbe v.7.4.170215 ($Revision: 5334 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
18/Sep/2017 09:36:48 [nprobe.c:4985] Running on CentOS Linux release 7.3.1611 (Core)
18/Sep/2017 09:36:48 [nprobe.c:4996] [LICENSE] nProbe SystemId: 910306039206AB23
18/Sep/2017 09:36:48 [nprobe.c:5085] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
18/Sep/2017 09:36:48 [nprobe.c:7308] Welcome to nProbe v.7.4.170215 for x86_64-unknown-linux-gnu
18/Sep/2017 09:36:48 [plugin.c:1045] 0 plugin(s) enabled
18/Sep/2017 09:36:48 [nprobe.c:6836] Non IPv4/v6 traffic is discarded according to the template
18/Sep/2017 09:36:48 [util.c:434] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
18/Sep/2017 09:36:48 [util.c:445] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
18/Sep/2017 09:36:48 [nprobe.c:5495] Using packet capture length 128
18/Sep/2017 09:36:48 [nprobe.c:7484] IPv6 traffic will NOT be exported/accounted by this probe
18/Sep/2017 09:36:48 [nprobe.c:7485] due to configuration options (e.g. use NetFlow v9)
18/Sep/2017 09:36:48 [nprobe.c:7631] Not capturing packet from interface (collector mode)
18/Sep/2017 09:36:48 [util.c:4036] Initializing ZMQ as server
18/Sep/2017 09:36:48 [util.c:4079] Succesfully created ZMQ endpoint tcp://127.0.0.1:5556
18/Sep/2017 09:36:48 [collect.c:147] Flow collector listening on port 9996 (IPv4/v6)
18/Sep/2017 09:36:48 [nprobe.c:7856] nProbe started successfully
18/Sep/2017 09:36:58 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
18/Sep/2017 09:36:58 [nprobe.c:499] Received shutdown request... [signal: 15]
18/Sep/2017 09:36:58 [engine.c:2944] About to flush hash (threadId 0)
18/Sep/2017 09:36:58 [engine.c:2946] Completed hash walk (thread 0)
18/Sep/2017 09:37:01 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
18/Sep/2017 09:37:01 [nprobe.c:2713] Processed packets: 1294 (max bucket search: 0)
18/Sep/2017 09:37:01 [nprobe.c:2696] Fragment queue length: 1
18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [ 2099368000 bytes/2538000 pkts ][767 flows/26 pkts sent]
18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [collected pkts: 213][processed flows: 0]
18/Sep/2017 09:37:01 [nprobe.c:2732] Flow drop stats: [0 bytes/0 pkts][0 flows]
18/Sep/2017 09:37:01 [nprobe.c:2737] Total flow stats: [2099368000 bytes/2538000 pkts][767 flows/26 pkts sent]

Results after 10s running v8.1:
[root@ntopng ~]# timeout 10s nprobe –zmq "tcp://127.0.0.1:5556" --collector-port 9996 -u 1 -Q 1
18/Sep/2017 09:50:25 [plugin.c:176] No plugins found in ./plugins
18/Sep/2017 09:50:25 [plugin.c:184] Loading 24 plugins [.so] from /usr/local/lib/nprobe/plugins
18/Sep/2017 09:50:25 [nprobe.c:3730] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
18/Sep/2017 09:50:25 [nprobe.c:3737] ERROR: *****************************************************
18/Sep/2017 09:50:25 [nprobe.c:3738] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3739] ERROR: ** Switching to DEMO MODE (missing valid license) **
18/Sep/2017 09:50:25 [nprobe.c:3740] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3741] ERROR: ** Purchase your nProbe license at **
18/Sep/2017 09:50:25 [nprobe.c:3742] ERROR: ** https://shop.ntop.org/ **
18/Sep/2017 09:50:25 [nprobe.c:3743] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3744] ERROR: *****************************************************
18/Sep/2017 09:50:25 [nprobe.c:5710] -i is ignored as --collector-port|-3 has been used: using '-i none'
18/Sep/2017 09:50:25 [nprobe.c:5769] Welcome to nProbe v.8.1.170918 ($Revision: 5887 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
18/Sep/2017 09:50:25 [nprobe.c:5779] Running on CentOS Linux release 7.3.1611 (Core)
18/Sep/2017 09:50:25 [nprobe.c:5790] [LICENSE] nProbe SystemId: 28BEC22B1C001090
18/Sep/2017 09:50:25 [nprobe.c:5878] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
18/Sep/2017 09:50:25 [nprobe.c:5903] Sample rate [packet: 1][flow: 1]
18/Sep/2017 09:50:25 [nprobe.c:8320] ERROR: ***************************************************************
18/Sep/2017 09:50:25 [nprobe.c:8321] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
18/Sep/2017 09:50:25 [nprobe.c:8322] ERROR: ***************************************************************
18/Sep/2017 09:50:25 [nprobe.c:8328] Welcome to nProbe v.8.1.170918 for x86_64-unknown-linux-gnu
18/Sep/2017 09:50:25 [plugin.c:1070] 0 plugin(s) enabled
18/Sep/2017 09:50:25 [nprobe.c:7824] Non IPv4/v6 traffic is discarded according to the template
18/Sep/2017 09:50:25 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
18/Sep/2017 09:50:25 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
18/Sep/2017 09:50:25 [nprobe.c:8507] IPv6 traffic will NOT be exported/accounted by this probe
18/Sep/2017 09:50:25 [nprobe.c:8508] due to configuration options (e.g. use NetFlow v9)
18/Sep/2017 09:50:25 [nprobe.c:8509] Please use -V to set the version to other than NetFlow V5
18/Sep/2017 09:50:25 [nprobe.c:8662] Not capturing packet from interface (collector mode)
18/Sep/2017 09:50:25 [util.c:3589] nProbe changed user to 'nobody'
18/Sep/2017 09:50:25 [collect.c:143] Flow collector listening on port 9996 (IPv4/v6)
18/Sep/2017 09:50:25 [nprobe.c:8879] nProbe started successfully
18/Sep/2017 09:50:35 [nprobe.c:533] Received shutdown request... [signal: 15]
18/Sep/2017 09:50:35 [engine.c:3019] About to flush hash (threadId 0)
18/Sep/2017 09:50:35 [engine.c:3021] Completed hash walk (thread 0)
18/Sep/2017 09:50:38 [nprobe.c:2998] Processed packets: 1314 (max bucket search: 1)
18/Sep/2017 09:50:38 [nprobe.c:2981] Fragment queue length: 1
18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [ 1083658 bytes/1294 pkts ][796 flows/27 pkts sent]
18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [collected pkts: 217][processed flows: 0]
18/Sep/2017 09:50:38 [nprobe.c:3017] Flow drop stats: [0 bytes/0 pkts][0 flows]
18/Sep/2017 09:50:38 [nprobe.c:3022] Total flow stats: [1083658 bytes/1294 pkts][796 flows/27 pkts sent]

Anybody knows how to solve it?

Thanks in advance.

Kind regards.
Javi
Re: Nprobe receiving low number of packets after updating to v8.1 [ In reply to ]
mainardi at ntop
Sep 18, 2017, 1:28 AM
Post #2 of 5 (778 views)
Permalink
Javier,

nProbe is in DEMO mode:


> 18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
> 18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
> 18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ **
> 18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
> 18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************




This means that your license is no longer valid. Very likely because it is older than 1 year. You should renew the maintenance. See: http://www.ntop.org/support/faq/how-can-i-renew-maintenance-for-commercial-products/ <http://www.ntop.org/support/faq/how-can-i-renew-maintenance-for-commercial-products/>

Regards,
Simone



> On 18 Sep 2017, at 09:55, Javier Narváez <jnarvaez@loading.es> wrote:
>
> Hi! after upgrading to nprobe v8.1, it is receveing a very low number of packets, need I to change something in the config?
>
> v7.4 conf file:
> -i eth0
> --collector-port 9996
> --zmq "tcp://127.0.0.1:5556"
> -u 1
> -Q 1
>
> Results after 10s running Nprobe v7.4:
> [root@ntopng /]# timeout 10s /usr/local/bin/nprobe /etc/nprobe/nprobe.conf
> 18/Sep/2017 09:36:48 [nprobe.c:3391] ERROR: Invalid nProbe license (/etc/nprobe.license) [License mismatch error]
> 18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
> 18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
> 18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ **
> 18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
> 18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:4916] -i is ignored as --collector-port|-3 has been used: using '-i none'
> 18/Sep/2017 09:36:48 [nprobe.c:4975] Welcome to nProbe v.7.4.170215 ($Revision: 5334 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
> 18/Sep/2017 09:36:48 [nprobe.c:4985] Running on CentOS Linux release 7.3.1611 (Core)
> 18/Sep/2017 09:36:48 [nprobe.c:4996] [LICENSE] nProbe SystemId: 910306039206AB23
> 18/Sep/2017 09:36:48 [nprobe.c:5085] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
> 18/Sep/2017 09:36:48 [nprobe.c:7308] Welcome to nProbe v.7.4.170215 for x86_64-unknown-linux-gnu
> 18/Sep/2017 09:36:48 [plugin.c:1045] 0 plugin(s) enabled
> 18/Sep/2017 09:36:48 [nprobe.c:6836] Non IPv4/v6 traffic is discarded according to the template
> 18/Sep/2017 09:36:48 [util.c:434] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 18/Sep/2017 09:36:48 [util.c:445] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 18/Sep/2017 09:36:48 [nprobe.c:5495] Using packet capture length 128
> 18/Sep/2017 09:36:48 [nprobe.c:7484] IPv6 traffic will NOT be exported/accounted by this probe
> 18/Sep/2017 09:36:48 [nprobe.c:7485] due to configuration options (e.g. use NetFlow v9)
> 18/Sep/2017 09:36:48 [nprobe.c:7631] Not capturing packet from interface (collector mode)
> 18/Sep/2017 09:36:48 [util.c:4036] Initializing ZMQ as server
> 18/Sep/2017 09:36:48 [util.c:4079] Succesfully created ZMQ endpoint tcp://127.0.0.1:5556
> 18/Sep/2017 09:36:48 [collect.c:147] Flow collector listening on port 9996 (IPv4/v6)
> 18/Sep/2017 09:36:48 [nprobe.c:7856] nProbe started successfully
> 18/Sep/2017 09:36:58 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
> 18/Sep/2017 09:36:58 [nprobe.c:499] Received shutdown request... [signal: 15]
> 18/Sep/2017 09:36:58 [engine.c:2944] About to flush hash (threadId 0)
> 18/Sep/2017 09:36:58 [engine.c:2946] Completed hash walk (thread 0)
> 18/Sep/2017 09:37:01 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
> 18/Sep/2017 09:37:01 [nprobe.c:2713] Processed packets: 1294 (max bucket search: 0)
> 18/Sep/2017 09:37:01 [nprobe.c:2696] Fragment queue length: 1
> 18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [2099368000 bytes/2538000 pkts][767 flows/26 pkts sent]
> 18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [collected pkts: 213][processed flows: 0]
> 18/Sep/2017 09:37:01 [nprobe.c:2732] Flow drop stats: [0 bytes/0 pkts][0 flows]
> 18/Sep/2017 09:37:01 [nprobe.c:2737] Total flow stats: [2099368000 bytes/2538000 pkts][767 flows/26 pkts sent]
>
> Results after 10s running v8.1:
> [root@ntopng ~]# timeout 10s nprobe –zmq "tcp://127.0.0.1:5556" --collector-port 9996 -u 1 -Q 1
> 18/Sep/2017 09:50:25 [plugin.c:176] No plugins found in ./plugins
> 18/Sep/2017 09:50:25 [plugin.c:184] Loading 24 plugins [.so] from /usr/local/lib/nprobe/plugins
> 18/Sep/2017 09:50:25 [nprobe.c:3730] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
> 18/Sep/2017 09:50:25 [nprobe.c:3737] ERROR: *****************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:3738] ERROR: ** **
> 18/Sep/2017 09:50:25 [nprobe.c:3739] ERROR: ** Switching to DEMO MODE (missing valid license) **
> 18/Sep/2017 09:50:25 [nprobe.c:3740] ERROR: ** **
> 18/Sep/2017 09:50:25 [nprobe.c:3741] ERROR: ** Purchase your nProbe license at **
> 18/Sep/2017 09:50:25 [nprobe.c:3742] ERROR: ** https://shop.ntop.org/ **
> 18/Sep/2017 09:50:25 [nprobe.c:3743] ERROR: ** **
> 18/Sep/2017 09:50:25 [nprobe.c:3744] ERROR: *****************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:5710] -i is ignored as --collector-port|-3 has been used: using '-i none'
> 18/Sep/2017 09:50:25 [nprobe.c:5769] Welcome to nProbe v.8.1.170918 ($Revision: 5887 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
> 18/Sep/2017 09:50:25 [nprobe.c:5779] Running on CentOS Linux release 7.3.1611 (Core)
> 18/Sep/2017 09:50:25 [nprobe.c:5790] [LICENSE] nProbe SystemId: 28BEC22B1C001090
> 18/Sep/2017 09:50:25 [nprobe.c:5878] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
> 18/Sep/2017 09:50:25 [nprobe.c:5903] Sample rate [packet: 1][flow: 1]
> 18/Sep/2017 09:50:25 [nprobe.c:8320] ERROR: ***************************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:8321] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
> 18/Sep/2017 09:50:25 [nprobe.c:8322] ERROR: ***************************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:8328] Welcome to nProbe v.8.1.170918 for x86_64-unknown-linux-gnu
> 18/Sep/2017 09:50:25 [plugin.c:1070] 0 plugin(s) enabled
> 18/Sep/2017 09:50:25 [nprobe.c:7824] Non IPv4/v6 traffic is discarded according to the template
> 18/Sep/2017 09:50:25 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 18/Sep/2017 09:50:25 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 18/Sep/2017 09:50:25 [nprobe.c:8507] IPv6 traffic will NOT be exported/accounted by this probe
> 18/Sep/2017 09:50:25 [nprobe.c:8508] due to configuration options (e.g. use NetFlow v9)
> 18/Sep/2017 09:50:25 [nprobe.c:8509] Please use -V to set the version to other than NetFlow V5
> 18/Sep/2017 09:50:25 [nprobe.c:8662] Not capturing packet from interface (collector mode)
> 18/Sep/2017 09:50:25 [util.c:3589] nProbe changed user to 'nobody'
> 18/Sep/2017 09:50:25 [collect.c:143] Flow collector listening on port 9996 (IPv4/v6)
> 18/Sep/2017 09:50:25 [nprobe.c:8879] nProbe started successfully
> 18/Sep/2017 09:50:35 [nprobe.c:533] Received shutdown request... [signal: 15]
> 18/Sep/2017 09:50:35 [engine.c:3019] About to flush hash (threadId 0)
> 18/Sep/2017 09:50:35 [engine.c:3021] Completed hash walk (thread 0)
> 18/Sep/2017 09:50:38 [nprobe.c:2998] Processed packets: 1314 (max bucket search: 1)
> 18/Sep/2017 09:50:38 [nprobe.c:2981] Fragment queue length: 1
> 18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [1083658 bytes/1294 pkts][796 flows/27 pkts sent]
> 18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [collected pkts: 217][processed flows: 0]
> 18/Sep/2017 09:50:38 [nprobe.c:3017] Flow drop stats: [0 bytes/0 pkts][0 flows]
> 18/Sep/2017 09:50:38 [nprobe.c:3022] Total flow stats: [1083658 bytes/1294 pkts][796 flows/27 pkts sent]
>
> Anybody knows how to solve it?
>
> Thanks in advance.
>
> Kind regards.
> Javi
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: Nprobe receiving low number of packets after updating to v8.1 [ In reply to ]
jnarvaez at loading
Sep 18, 2017, 1:51 AM
Post #3 of 5 (778 views)
Permalink
Hi Simone,

Yes it is in demo mode because it was purchased more than a year ago, is that the problem? I haven't reached the 25000 flows of demo mode...

Nprobe v7.4 in demo mode too receives a lot more of packets.

I would like to get it working before renew it.

Thank you in advance.

Kind regards,
Javi


De: "Simone Mainardi" <mainardi@ntop.org>
Para: ntop-misc@listgateway.unipi.it
Enviados: Lunes, 18 de Septiembre 2017 10:28:36
Asunto: Re: [Ntop-misc] Nprobe receiving low number of packets after updating to v8.1

Javier,

nProbe is in DEMO mode:





18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ **
18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************






This means that your license is no longer valid. Very likely because it is older than 1 year. You should renew the maintenance. See: http://www.ntop.org/support/faq/how-can-i-renew-maintenance-for-commercial-products/

Regards,
Simone




BQ_BEGIN

On 18 Sep 2017, at 09:55, Javier Narváez < jnarvaez@loading.es > wrote:

Hi! after upgrading to nprobe v8.1, it is receveing a very low number of packets, need I to change something in the config?

v7.4 conf file:
-i eth0
--collector-port 9996
--zmq " tcp://127.0.0.1:5556 "
-u 1
-Q 1

Results after 10s running Nprobe v7.4:
[root@ntopng /]# timeout 10s /usr/local/bin/nprobe /etc/nprobe/nprobe.conf
18/Sep/2017 09:36:48 [nprobe.c:3391] ERROR: Invalid nProbe license (/etc/nprobe.license) [License mismatch error]
18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ **
18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************
18/Sep/2017 09:36:48 [nprobe.c:4916] -i is ignored as --collector-port|-3 has been used: using '-i none'
18/Sep/2017 09:36:48 [nprobe.c:4975] Welcome to nProbe v.7.4.170215 ($Revision: 5334 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
18/Sep/2017 09:36:48 [nprobe.c:4985] Running on CentOS Linux release 7.3.1611 (Core)
18/Sep/2017 09:36:48 [nprobe.c:4996] [LICENSE] nProbe SystemId: 910306039206AB23
18/Sep/2017 09:36:48 [nprobe.c:5085] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
18/Sep/2017 09:36:48 [nprobe.c:7308] Welcome to nProbe v.7.4.170215 for x86_64-unknown-linux-gnu
18/Sep/2017 09:36:48 [plugin.c:1045] 0 plugin(s) enabled
18/Sep/2017 09:36:48 [nprobe.c:6836] Non IPv4/v6 traffic is discarded according to the template
18/Sep/2017 09:36:48 [util.c:434] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
18/Sep/2017 09:36:48 [util.c:445] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
18/Sep/2017 09:36:48 [nprobe.c:5495] Using packet capture length 128
18/Sep/2017 09:36:48 [nprobe.c:7484] IPv6 traffic will NOT be exported/accounted by this probe
18/Sep/2017 09:36:48 [nprobe.c:7485] due to configuration options (e.g. use NetFlow v9)
18/Sep/2017 09:36:48 [nprobe.c:7631] Not capturing packet from interface (collector mode)
18/Sep/2017 09:36:48 [util.c:4036] Initializing ZMQ as server
18/Sep/2017 09:36:48 [util.c:4079] Succesfully created ZMQ endpoint tcp://127.0.0.1:5556
18/Sep/2017 09:36:48 [collect.c:147] Flow collector listening on port 9996 (IPv4/v6)
18/Sep/2017 09:36:48 [nprobe.c:7856] nProbe started successfully
18/Sep/2017 09:36:58 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
18/Sep/2017 09:36:58 [nprobe.c:499] Received shutdown request... [signal: 15]
18/Sep/2017 09:36:58 [engine.c:2944] About to flush hash (threadId 0)
18/Sep/2017 09:36:58 [engine.c:2946] Completed hash walk (thread 0)
18/Sep/2017 09:37:01 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
18/Sep/2017 09:37:01 [nprobe.c:2713] Processed packets: 1294 (max bucket search: 0)
18/Sep/2017 09:37:01 [nprobe.c:2696] Fragment queue length: 1
18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [ 2099368000 bytes/2538000 pkts ][767 flows/26 pkts sent]
18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [collected pkts: 213][processed flows: 0]
18/Sep/2017 09:37:01 [nprobe.c:2732] Flow drop stats: [0 bytes/0 pkts][0 flows]
18/Sep/2017 09:37:01 [nprobe.c:2737] Total flow stats: [2099368000 bytes/2538000 pkts][767 flows/26 pkts sent]

Results after 10s running v8.1:
[root@ntopng ~]# timeout 10s nprobe –zmq " tcp://127.0.0.1:5556 " --collector-port 9996 -u 1 -Q 1
18/Sep/2017 09:50:25 [plugin.c:176] No plugins found in ./plugins
18/Sep/2017 09:50:25 [plugin.c:184] Loading 24 plugins [.so] from /usr/local/lib/nprobe/plugins
18/Sep/2017 09:50:25 [nprobe.c:3730] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
18/Sep/2017 09:50:25 [nprobe.c:3737] ERROR: *****************************************************
18/Sep/2017 09:50:25 [nprobe.c:3738] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3739] ERROR: ** Switching to DEMO MODE (missing valid license) **
18/Sep/2017 09:50:25 [nprobe.c:3740] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3741] ERROR: ** Purchase your nProbe license at **
18/Sep/2017 09:50:25 [nprobe.c:3742] ERROR: ** https://shop.ntop.org/ **
18/Sep/2017 09:50:25 [nprobe.c:3743] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3744] ERROR: *****************************************************
18/Sep/2017 09:50:25 [nprobe.c:5710] -i is ignored as --collector-port|-3 has been used: using '-i none'
18/Sep/2017 09:50:25 [nprobe.c:5769] Welcome to nProbe v.8.1.170918 ($Revision: 5887 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
18/Sep/2017 09:50:25 [nprobe.c:5779] Running on CentOS Linux release 7.3.1611 (Core)
18/Sep/2017 09:50:25 [nprobe.c:5790] [LICENSE] nProbe SystemId: 28BEC22B1C001090
18/Sep/2017 09:50:25 [nprobe.c:5878] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
18/Sep/2017 09:50:25 [nprobe.c:5903] Sample rate [packet: 1][flow: 1]
18/Sep/2017 09:50:25 [nprobe.c:8320] ERROR: ***************************************************************
18/Sep/2017 09:50:25 [nprobe.c:8321] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
18/Sep/2017 09:50:25 [nprobe.c:8322] ERROR: ***************************************************************
18/Sep/2017 09:50:25 [nprobe.c:8328] Welcome to nProbe v.8.1.170918 for x86_64-unknown-linux-gnu
18/Sep/2017 09:50:25 [plugin.c:1070] 0 plugin(s) enabled
18/Sep/2017 09:50:25 [nprobe.c:7824] Non IPv4/v6 traffic is discarded according to the template
18/Sep/2017 09:50:25 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
18/Sep/2017 09:50:25 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
18/Sep/2017 09:50:25 [nprobe.c:8507] IPv6 traffic will NOT be exported/accounted by this probe
18/Sep/2017 09:50:25 [nprobe.c:8508] due to configuration options (e.g. use NetFlow v9)
18/Sep/2017 09:50:25 [nprobe.c:8509] Please use -V to set the version to other than NetFlow V5
18/Sep/2017 09:50:25 [nprobe.c:8662] Not capturing packet from interface (collector mode)
18/Sep/2017 09:50:25 [util.c:3589] nProbe changed user to 'nobody'
18/Sep/2017 09:50:25 [collect.c:143] Flow collector listening on port 9996 (IPv4/v6)
18/Sep/2017 09:50:25 [nprobe.c:8879] nProbe started successfully
18/Sep/2017 09:50:35 [nprobe.c:533] Received shutdown request... [signal: 15]
18/Sep/2017 09:50:35 [engine.c:3019] About to flush hash (threadId 0)
18/Sep/2017 09:50:35 [engine.c:3021] Completed hash walk (thread 0)
18/Sep/2017 09:50:38 [nprobe.c:2998] Processed packets: 1314 (max bucket search: 1)
18/Sep/2017 09:50:38 [nprobe.c:2981] Fragment queue length: 1
18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [ 1083658 bytes/1294 pkts ][796 flows/27 pkts sent]
18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [collected pkts: 217][processed flows: 0]
18/Sep/2017 09:50:38 [nprobe.c:3017] Flow drop stats: [0 bytes/0 pkts][0 flows]
18/Sep/2017 09:50:38 [nprobe.c:3022] Total flow stats: [1083658 bytes/1294 pkts][796 flows/27 pkts sent]

Anybody knows how to solve it?

Thanks in advance.

Kind regards.
Javi
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

BQ_END



_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: Nprobe receiving low number of packets after updating to v8.1 [ In reply to ]
mainardi at ntop
Sep 18, 2017, 3:11 AM
Post #4 of 5 (778 views)
Permalink
Javier,

If I look at the collected packets and exported flows, they are absolutely comparable between 7.4 and 8.1

7.4:
> 18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [2099368000 bytes/2538000 pkts][767 flows/26 pkts sent]
> 18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [collected pkts: 213][processed flows: 0]


8.1:

> 18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [1083658 bytes/1294 pkts][796 flows/27 pkts sent]
> 18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [collected pkts: 217][processed flows: 0]


So maybe there's some sampled traffic that is not properly re-scaled and this results in smaller values. Indeed, if you look at v 7.4 bytes and packets, they both end with 000 so an x1000 rescale is likely.

Have a look and tune the following options:

[--sample-rate|-S] <pkt rate>:<flow rate>
| Packet capture sampling rate and flow
| sampling rate. If <pkt rate> starts with
| '@' it means that nprobe will report
| the specified sampling rate but will
| not sample itself as incoming packets
| are already sampled on the specified
| capture device at the specified rate.
| This setup is meaningful only for NetFlow/IPFIX
| as in sFlow this info is part of the packet.
| Default: 1:1 [no sampling]
[--collector-sample-rate] <value> | Specify the bytes/pkts collection sample rate (NetFlow only).
--upscale-traffic | In case of sampled traffic multiply the packets/bytes
| according to the sampling packet rate.
| (See -S for more information)



Regards,
Simone

> On 18 Sep 2017, at 10:51, Javier Narváez <jnarvaez@loading.es> wrote:
>
> Hi Simone,
>
> Yes it is in demo mode because it was purchased more than a year ago, is that the problem? I haven't reached the 25000 flows of demo mode...
>
> Nprobe v7.4 in demo mode too receives a lot more of packets.
>
> I would like to get it working before renew it.
>
> Thank you in advance.
>
> Kind regards,
> Javi
>
> De: "Simone Mainardi" <mainardi@ntop.org>
> Para: ntop-misc@listgateway.unipi.it
> Enviados: Lunes, 18 de Septiembre 2017 10:28:36
> Asunto: Re: [Ntop-misc] Nprobe receiving low number of packets after updating to v8.1
>
> Javier,
>
> nProbe is in DEMO mode:
>
>
> 18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
> 18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
> 18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ <https://shop.ntop.org/> **
> 18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
> 18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************
>
>
>
> This means that your license is no longer valid. Very likely because it is older than 1 year. You should renew the maintenance. See: http://www.ntop.org/support/faq/how-can-i-renew-maintenance-for-commercial-products/ <http://www.ntop.org/support/faq/how-can-i-renew-maintenance-for-commercial-products/>
>
> Regards,
> Simone
>
>
>
> On 18 Sep 2017, at 09:55, Javier Narváez <jnarvaez@loading.es <mailto:jnarvaez@loading.es>> wrote:
>
> Hi! after upgrading to nprobe v8.1, it is receveing a very low number of packets, need I to change something in the config?
>
> v7.4 conf file:
> -i eth0
> --collector-port 9996
> --zmq "tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>"
> -u 1
> -Q 1
>
> Results after 10s running Nprobe v7.4:
> [root@ntopng /]# timeout 10s /usr/local/bin/nprobe /etc/nprobe/nprobe.conf
> 18/Sep/2017 09:36:48 [nprobe.c:3391] ERROR: Invalid nProbe license (/etc/nprobe.license) [License mismatch error]
> 18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
> 18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
> 18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ <https://shop.ntop.org/> **
> 18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
> 18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
> 18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************
> 18/Sep/2017 09:36:48 [nprobe.c:4916] -i is ignored as --collector-port|-3 has been used: using '-i none'
> 18/Sep/2017 09:36:48 [nprobe.c:4975] Welcome to nProbe v.7.4.170215 ($Revision: 5334 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
> 18/Sep/2017 09:36:48 [nprobe.c:4985] Running on CentOS Linux release 7.3.1611 (Core)
> 18/Sep/2017 09:36:48 [nprobe.c:4996] [LICENSE] nProbe SystemId: 910306039206AB23
> 18/Sep/2017 09:36:48 [nprobe.c:5085] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
> 18/Sep/2017 09:36:48 [nprobe.c:7308] Welcome to nProbe v.7.4.170215 for x86_64-unknown-linux-gnu
> 18/Sep/2017 09:36:48 [plugin.c:1045] 0 plugin(s) enabled
> 18/Sep/2017 09:36:48 [nprobe.c:6836] Non IPv4/v6 traffic is discarded according to the template
> 18/Sep/2017 09:36:48 [util.c:434] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 18/Sep/2017 09:36:48 [util.c:445] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 18/Sep/2017 09:36:48 [nprobe.c:5495] Using packet capture length 128
> 18/Sep/2017 09:36:48 [nprobe.c:7484] IPv6 traffic will NOT be exported/accounted by this probe
> 18/Sep/2017 09:36:48 [nprobe.c:7485] due to configuration options (e.g. use NetFlow v9)
> 18/Sep/2017 09:36:48 [nprobe.c:7631] Not capturing packet from interface (collector mode)
> 18/Sep/2017 09:36:48 [util.c:4036] Initializing ZMQ as server
> 18/Sep/2017 09:36:48 [util.c:4079] Succesfully created ZMQ endpoint tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>
> 18/Sep/2017 09:36:48 [collect.c:147] Flow collector listening on port 9996 (IPv4/v6)
> 18/Sep/2017 09:36:48 [nprobe.c:7856] nProbe started successfully
> 18/Sep/2017 09:36:58 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
> 18/Sep/2017 09:36:58 [nprobe.c:499] Received shutdown request... [signal: 15]
> 18/Sep/2017 09:36:58 [engine.c:2944] About to flush hash (threadId 0)
> 18/Sep/2017 09:36:58 [engine.c:2946] Completed hash walk (thread 0)
> 18/Sep/2017 09:37:01 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
> 18/Sep/2017 09:37:01 [nprobe.c:2713] Processed packets: 1294 (max bucket search: 0)
> 18/Sep/2017 09:37:01 [nprobe.c:2696] Fragment queue length: 1
> 18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [2099368000 bytes/2538000 pkts][767 flows/26 pkts sent]
> 18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [collected pkts: 213][processed flows: 0]
> 18/Sep/2017 09:37:01 [nprobe.c:2732] Flow drop stats: [0 bytes/0 pkts][0 flows]
> 18/Sep/2017 09:37:01 [nprobe.c:2737] Total flow stats: [2099368000 bytes/2538000 pkts][767 flows/26 pkts sent]
>
> Results after 10s running v8.1:
> [root@ntopng ~]# timeout 10s nprobe –zmq "tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>" --collector-port 9996 -u 1 -Q 1
> 18/Sep/2017 09:50:25 [plugin.c:176] No plugins found in ./plugins
> 18/Sep/2017 09:50:25 [plugin.c:184] Loading 24 plugins [.so] from /usr/local/lib/nprobe/plugins
> 18/Sep/2017 09:50:25 [nprobe.c:3730] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
> 18/Sep/2017 09:50:25 [nprobe.c:3737] ERROR: *****************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:3738] ERROR: ** **
> 18/Sep/2017 09:50:25 [nprobe.c:3739] ERROR: ** Switching to DEMO MODE (missing valid license) **
> 18/Sep/2017 09:50:25 [nprobe.c:3740] ERROR: ** **
> 18/Sep/2017 09:50:25 [nprobe.c:3741] ERROR: ** Purchase your nProbe license at **
> 18/Sep/2017 09:50:25 [nprobe.c:3742] ERROR: ** https://shop.ntop.org/ <https://shop.ntop.org/> **
> 18/Sep/2017 09:50:25 [nprobe.c:3743] ERROR: ** **
> 18/Sep/2017 09:50:25 [nprobe.c:3744] ERROR: *****************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:5710] -i is ignored as --collector-port|-3 has been used: using '-i none'
> 18/Sep/2017 09:50:25 [nprobe.c:5769] Welcome to nProbe v.8.1.170918 ($Revision: 5887 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
> 18/Sep/2017 09:50:25 [nprobe.c:5779] Running on CentOS Linux release 7.3.1611 (Core)
> 18/Sep/2017 09:50:25 [nprobe.c:5790] [LICENSE] nProbe SystemId: 28BEC22B1C001090
> 18/Sep/2017 09:50:25 [nprobe.c:5878] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
> 18/Sep/2017 09:50:25 [nprobe.c:5903] Sample rate [packet: 1][flow: 1]
> 18/Sep/2017 09:50:25 [nprobe.c:8320] ERROR: ***************************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:8321] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
> 18/Sep/2017 09:50:25 [nprobe.c:8322] ERROR: ***************************************************************
> 18/Sep/2017 09:50:25 [nprobe.c:8328] Welcome to nProbe v.8.1.170918 for x86_64-unknown-linux-gnu
> 18/Sep/2017 09:50:25 [plugin.c:1070] 0 plugin(s) enabled
> 18/Sep/2017 09:50:25 [nprobe.c:7824] Non IPv4/v6 traffic is discarded according to the template
> 18/Sep/2017 09:50:25 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 18/Sep/2017 09:50:25 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 18/Sep/2017 09:50:25 [nprobe.c:8507] IPv6 traffic will NOT be exported/accounted by this probe
> 18/Sep/2017 09:50:25 [nprobe.c:8508] due to configuration options (e.g. use NetFlow v9)
> 18/Sep/2017 09:50:25 [nprobe.c:8509] Please use -V to set the version to other than NetFlow V5
> 18/Sep/2017 09:50:25 [nprobe.c:8662] Not capturing packet from interface (collector mode)
> 18/Sep/2017 09:50:25 [util.c:3589] nProbe changed user to 'nobody'
> 18/Sep/2017 09:50:25 [collect.c:143] Flow collector listening on port 9996 (IPv4/v6)
> 18/Sep/2017 09:50:25 [nprobe.c:8879] nProbe started successfully
> 18/Sep/2017 09:50:35 [nprobe.c:533] Received shutdown request... [signal: 15]
> 18/Sep/2017 09:50:35 [engine.c:3019] About to flush hash (threadId 0)
> 18/Sep/2017 09:50:35 [engine.c:3021] Completed hash walk (thread 0)
> 18/Sep/2017 09:50:38 [nprobe.c:2998] Processed packets: 1314 (max bucket search: 1)
> 18/Sep/2017 09:50:38 [nprobe.c:2981] Fragment queue length: 1
> 18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [1083658 bytes/1294 pkts][796 flows/27 pkts sent]
> 18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [collected pkts: 217][processed flows: 0]
> 18/Sep/2017 09:50:38 [nprobe.c:3017] Flow drop stats: [0 bytes/0 pkts][0 flows]
> 18/Sep/2017 09:50:38 [nprobe.c:3022] Total flow stats: [1083658 bytes/1294 pkts][796 flows/27 pkts sent]
>
> Anybody knows how to solve it?
>
> Thanks in advance.
>
> Kind regards.
> Javi
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: Nprobe receiving low number of packets after updating to v8.1 [ In reply to ]
jnarvaez at loading
Sep 18, 2017, 6:33 AM
Post #5 of 5 (775 views)
Permalink
Thank you!

I added --collector-sample-rate 1000 and --upscale-traffic and now traffic is reported is fine.

Kind regards


De: "Simone Mainardi" <mainardi@ntop.org>
Para: ntop-misc@listgateway.unipi.it
Enviados: Lunes, 18 de Septiembre 2017 12:11:04
Asunto: Re: [Ntop-misc] Nprobe receiving low number of packets after updating to v8.1

Javier,

If I look at the collected packets and exported flows, they are absolutely comparable between 7.4 and 8.1

7.4:




BQ_BEGIN

18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [ 2099368000 bytes/2538000 pkts ] [ 767 flows/26 pkts sent ]
18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [ collected pkts: 213 ][processed flows: 0]




BQ_END


8.1:


BQ_BEGIN


BQ_BEGIN

18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [ 1083658 bytes/1294 pkts ][ 796 flows/27 pkts sent ]
18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [ collected pkts: 217 ][processed flows: 0]

BQ_END


BQ_END


So maybe there's some sampled traffic that is not properly re-scaled and this results in smaller values. Indeed, if you look at v 7.4 bytes and packets, they both end with 000 so an x1000 rescale is likely.

Have a look and tune the following options:

[--sample-rate|-S] <pkt rate>:<flow rate>
| Packet capture sampling rate and flow
| sampling rate. If <pkt rate> starts with
| '@' it means that nprobe will report
| the specified sampling rate but will
| not sample itself as incoming packets
| are already sampled on the specified
| capture device at the specified rate.
| This setup is meaningful only for NetFlow/IPFIX
| as in sFlow this info is part of the packet.
| Default: 1:1 [no sampling]
[--collector-sample-rate] <value> | Specify the bytes/pkts collection sample rate (NetFlow only).
--upscale-traffic | In case of sampled traffic multiply the packets/bytes
| according to the sampling packet rate.
| (See -S for more information)



Regards,
Simone


BQ_BEGIN

On 18 Sep 2017, at 10:51, Javier Narváez < jnarvaez@loading.es > wrote:

Hi Simone,

Yes it is in demo mode because it was purchased more than a year ago, is that the problem? I haven't reached the 25000 flows of demo mode...

Nprobe v7.4 in demo mode too receives a lot more of packets.

I would like to get it working before renew it.

Thank you in advance.

Kind regards,
Javi


De: "Simone Mainardi" < mainardi@ntop.org >
Para: ntop-misc@listgateway.unipi.it
Enviados: Lunes, 18 de Septiembre 2017 10:28:36
Asunto: Re: [Ntop-misc] Nprobe receiving low number of packets after updating to v8.1

Javier,

nProbe is in DEMO mode:



BQ_BEGIN

18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ **
18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************

BQ_END




This means that your license is no longer valid. Very likely because it is older than 1 year. You should renew the maintenance. See: http://www.ntop.org/support/faq/how-can-i-renew-maintenance-for-commercial-products/

Regards,
Simone




BQ_BEGIN

On 18 Sep 2017, at 09:55, Javier Narváez < jnarvaez@loading.es > wrote:

Hi! after upgrading to nprobe v8.1, it is receveing a very low number of packets, need I to change something in the config?

v7.4 conf file:
-i eth0
--collector-port 9996
--zmq " tcp://127.0.0.1:5556 "
-u 1
-Q 1

Results after 10s running Nprobe v7.4:
[root@ntopng /]# timeout 10s /usr/local/bin/nprobe /etc/nprobe/nprobe.conf
18/Sep/2017 09:36:48 [nprobe.c:3391] ERROR: Invalid nProbe license (/etc/nprobe.license) [License mismatch error]
18/Sep/2017 09:36:48 [nprobe.c:3398] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:3399] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3400] ERROR: ** Switching to DEMO MODE (missing valid license) **
18/Sep/2017 09:36:48 [nprobe.c:3401] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3402] ERROR: ** Purchase your nProbe license at **
18/Sep/2017 09:36:48 [nprobe.c:3403] ERROR: ** https://shop.ntop.org/ **
18/Sep/2017 09:36:48 [nprobe.c:3404] ERROR: ** **
18/Sep/2017 09:36:48 [nprobe.c:3405] ERROR: *****************************************************
18/Sep/2017 09:36:48 [nprobe.c:7290] ERROR: ***************************************************************
18/Sep/2017 09:36:48 [nprobe.c:7291] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
18/Sep/2017 09:36:48 [nprobe.c:7292] ERROR: ***************************************************************
18/Sep/2017 09:36:48 [nprobe.c:4916] -i is ignored as --collector-port|-3 has been used: using '-i none'
18/Sep/2017 09:36:48 [nprobe.c:4975] Welcome to nProbe v.7.4.170215 ($Revision: 5334 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
18/Sep/2017 09:36:48 [nprobe.c:4985] Running on CentOS Linux release 7.3.1611 (Core)
18/Sep/2017 09:36:48 [nprobe.c:4996] [LICENSE] nProbe SystemId: 910306039206AB23
18/Sep/2017 09:36:48 [nprobe.c:5085] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
18/Sep/2017 09:36:48 [nprobe.c:7308] Welcome to nProbe v.7.4.170215 for x86_64-unknown-linux-gnu
18/Sep/2017 09:36:48 [plugin.c:1045] 0 plugin(s) enabled
18/Sep/2017 09:36:48 [nprobe.c:6836] Non IPv4/v6 traffic is discarded according to the template
18/Sep/2017 09:36:48 [util.c:434] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
18/Sep/2017 09:36:48 [util.c:445] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
18/Sep/2017 09:36:48 [nprobe.c:5495] Using packet capture length 128
18/Sep/2017 09:36:48 [nprobe.c:7484] IPv6 traffic will NOT be exported/accounted by this probe
18/Sep/2017 09:36:48 [nprobe.c:7485] due to configuration options (e.g. use NetFlow v9)
18/Sep/2017 09:36:48 [nprobe.c:7631] Not capturing packet from interface (collector mode)
18/Sep/2017 09:36:48 [util.c:4036] Initializing ZMQ as server
18/Sep/2017 09:36:48 [util.c:4079] Succesfully created ZMQ endpoint tcp://127.0.0.1:5556
18/Sep/2017 09:36:48 [collect.c:147] Flow collector listening on port 9996 (IPv4/v6)
18/Sep/2017 09:36:48 [nprobe.c:7856] nProbe started successfully
18/Sep/2017 09:36:58 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
18/Sep/2017 09:36:58 [nprobe.c:499] Received shutdown request... [signal: 15]
18/Sep/2017 09:36:58 [engine.c:2944] About to flush hash (threadId 0)
18/Sep/2017 09:36:58 [engine.c:2946] Completed hash walk (thread 0)
18/Sep/2017 09:37:01 [cache.c:1224] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec]
18/Sep/2017 09:37:01 [nprobe.c:2713] Processed packets: 1294 (max bucket search: 0)
18/Sep/2017 09:37:01 [nprobe.c:2696] Fragment queue length: 1
18/Sep/2017 09:37:01 [nprobe.c:2722] Flow export stats: [ 2099368000 bytes/2538000 pkts ][767 flows/26 pkts sent]
18/Sep/2017 09:37:01 [nprobe.c:2729] Flow collection: [collected pkts: 213][processed flows: 0]
18/Sep/2017 09:37:01 [nprobe.c:2732] Flow drop stats: [0 bytes/0 pkts][0 flows]
18/Sep/2017 09:37:01 [nprobe.c:2737] Total flow stats: [2099368000 bytes/2538000 pkts][767 flows/26 pkts sent]

Results after 10s running v8.1:
[root@ntopng ~]# timeout 10s nprobe –zmq " tcp://127.0.0.1:5556 " --collector-port 9996 -u 1 -Q 1
18/Sep/2017 09:50:25 [plugin.c:176] No plugins found in ./plugins
18/Sep/2017 09:50:25 [plugin.c:184] Loading 24 plugins [.so] from /usr/local/lib/nprobe/plugins
18/Sep/2017 09:50:25 [nprobe.c:3730] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
18/Sep/2017 09:50:25 [nprobe.c:3737] ERROR: *****************************************************
18/Sep/2017 09:50:25 [nprobe.c:3738] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3739] ERROR: ** Switching to DEMO MODE (missing valid license) **
18/Sep/2017 09:50:25 [nprobe.c:3740] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3741] ERROR: ** Purchase your nProbe license at **
18/Sep/2017 09:50:25 [nprobe.c:3742] ERROR: ** https://shop.ntop.org/ **
18/Sep/2017 09:50:25 [nprobe.c:3743] ERROR: ** **
18/Sep/2017 09:50:25 [nprobe.c:3744] ERROR: *****************************************************
18/Sep/2017 09:50:25 [nprobe.c:5710] -i is ignored as --collector-port|-3 has been used: using '-i none'
18/Sep/2017 09:50:25 [nprobe.c:5769] Welcome to nProbe v.8.1.170918 ($Revision: 5887 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
18/Sep/2017 09:50:25 [nprobe.c:5779] Running on CentOS Linux release 7.3.1611 (Core)
18/Sep/2017 09:50:25 [nprobe.c:5790] [LICENSE] nProbe SystemId: 28BEC22B1C001090
18/Sep/2017 09:50:25 [nprobe.c:5878] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
18/Sep/2017 09:50:25 [nprobe.c:5903] Sample rate [packet: 1][flow: 1]
18/Sep/2017 09:50:25 [nprobe.c:8320] ERROR: ***************************************************************
18/Sep/2017 09:50:25 [nprobe.c:8321] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
18/Sep/2017 09:50:25 [nprobe.c:8322] ERROR: ***************************************************************
18/Sep/2017 09:50:25 [nprobe.c:8328] Welcome to nProbe v.8.1.170918 for x86_64-unknown-linux-gnu
18/Sep/2017 09:50:25 [plugin.c:1070] 0 plugin(s) enabled
18/Sep/2017 09:50:25 [nprobe.c:7824] Non IPv4/v6 traffic is discarded according to the template
18/Sep/2017 09:50:25 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
18/Sep/2017 09:50:25 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
18/Sep/2017 09:50:25 [nprobe.c:8507] IPv6 traffic will NOT be exported/accounted by this probe
18/Sep/2017 09:50:25 [nprobe.c:8508] due to configuration options (e.g. use NetFlow v9)
18/Sep/2017 09:50:25 [nprobe.c:8509] Please use -V to set the version to other than NetFlow V5
18/Sep/2017 09:50:25 [nprobe.c:8662] Not capturing packet from interface (collector mode)
18/Sep/2017 09:50:25 [util.c:3589] nProbe changed user to 'nobody'
18/Sep/2017 09:50:25 [collect.c:143] Flow collector listening on port 9996 (IPv4/v6)
18/Sep/2017 09:50:25 [nprobe.c:8879] nProbe started successfully
18/Sep/2017 09:50:35 [nprobe.c:533] Received shutdown request... [signal: 15]
18/Sep/2017 09:50:35 [engine.c:3019] About to flush hash (threadId 0)
18/Sep/2017 09:50:35 [engine.c:3021] Completed hash walk (thread 0)
18/Sep/2017 09:50:38 [nprobe.c:2998] Processed packets: 1314 (max bucket search: 1)
18/Sep/2017 09:50:38 [nprobe.c:2981] Fragment queue length: 1
18/Sep/2017 09:50:38 [nprobe.c:3007] Flow export stats: [ 1083658 bytes/1294 pkts ][796 flows/27 pkts sent]
18/Sep/2017 09:50:38 [nprobe.c:3014] Flow collection: [collected pkts: 217][processed flows: 0]
18/Sep/2017 09:50:38 [nprobe.c:3017] Flow drop stats: [0 bytes/0 pkts][0 flows]
18/Sep/2017 09:50:38 [nprobe.c:3022] Total flow stats: [1083658 bytes/1294 pkts][796 flows/27 pkts sent]

Anybody knows how to solve it?

Thanks in advance.

Kind regards.
Javi
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

BQ_END



_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

BQ_END



_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal