Mailing List Archive

Hi,

Is the clock of the ASA set properly? How often flows are exported? My
guess is that timestamps of received flows are not in sync with the ntopng
clock and thus hosts are considered idle and not shown in the web UI.

You may also want to increase idle timeouts from the ntopng preferences web
page.

Regards,
Simone

On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS
> 16.04 to evaluate if it is worth purchasing.
>
>
>
> This seems to work partially, I can see flows, protocol breakdowns etc.
> However, the population of hosts doesn’t seem to be working so well.
>
>
>
> I generally see that there are hosts in the status block in the lower
> right, but when I go to "hosts" from the top menu, there are no hosts found.
>
>
>
> Flows on the other hand populate correctly, and I can even click on a host
> IP in there and get a summary of the host.
>
>
>
> I've tried tinkering with various things, like changing the idle timeouts,
> and adding local hosts as sticky, but that doesn't seem to help. At one
> point I got some local hosts to populate, and they stayed for a while as I
> was using sticky locals, but I realized no remotes were ever being added,
> so I tried restarting it with sticky-hosts=none, and now nothing is
> populated.
>
>
>
> I've also tried updating a few times, currently I am running:
>
> ntopng --version
>
> v.2.5.170301 [Enterprise/Professional Edition]
>
>
>
> and was running:
>
> v.2.5.170228 [Enterprise/Professional Edition]
>
>
>
> and prior to that I was running whatever was current on the apt repo last
> friday.
>
>
>
> Have I misconfigured something? Failing to understand a limit of the demo
> versions?
>
>
>
> I'm using this sending netflows from a Cisco ASA to nprobe, which then
> zmq's them to ntopng, so these are my conf files: (minor censoring of bits
> with xxx's)
>
>
>
> nprobe:
>
> --collector=none
>
> --interface=none
>
> --zmq="tcp://*:5556"
>
> --collector-port=2055
>
> --lifetime-timeout=180
>
> --idle-timeout=60
>
> -g=/var/run/nprobe-none.pid
>
> --vlanid-as-iface-idx=none
>
> --as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>
> --daemon-mode
>
> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt
>
> --city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
>
> -V=5
>
>
>
> ntopng:
>
> -G=/var/run/ntopng.pid
>
> --interface="tcp://127.0.0.1:5556"
>
> --local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx"
>
> --daemon
>
> --http-port=3000
>
> --sticky-hosts=none
>
> --dump-hosts=none
>
> -F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi,

Is the clock of the ASA set properly? How often flows are exported? My
guess is that timestamps of received flows are not in sync with the ntopng
clock and thus hosts are considered idle and not shown in the web UI.

You may also want to increase idle timeouts from the ntopng preferences web
page.

Regards,
Simone

On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS
> 16.04 to evaluate if it is worth purchasing.
>
>
>
> This seems to work partially, I can see flows, protocol breakdowns etc.
> However, the population of hosts doesn’t seem to be working so well.
>
>
>
> I generally see that there are hosts in the status block in the lower
> right, but when I go to "hosts" from the top menu, there are no hosts found.
>
>
>
> Flows on the other hand populate correctly, and I can even click on a host
> IP in there and get a summary of the host.
>
>
>
> I've tried tinkering with various things, like changing the idle timeouts,
> and adding local hosts as sticky, but that doesn't seem to help. At one
> point I got some local hosts to populate, and they stayed for a while as I
> was using sticky locals, but I realized no remotes were ever being added,
> so I tried restarting it with sticky-hosts=none, and now nothing is
> populated.
>
>
>
> I've also tried updating a few times, currently I am running:
>
> ntopng --version
>
> v.2.5.170301 [Enterprise/Professional Edition]
>
>
>
> and was running:
>
> v.2.5.170228 [Enterprise/Professional Edition]
>
>
>
> and prior to that I was running whatever was current on the apt repo last
> friday.
>
>
>
> Have I misconfigured something? Failing to understand a limit of the demo
> versions?
>
>
>
> I'm using this sending netflows from a Cisco ASA to nprobe, which then
> zmq's them to ntopng, so these are my conf files: (minor censoring of bits
> with xxx's)
>
>
>
> nprobe:
>
> --collector=none
>
> --interface=none
>
> --zmq="tcp://*:5556"
>
> --collector-port=2055
>
> --lifetime-timeout=180
>
> --idle-timeout=60
>
> -g=/var/run/nprobe-none.pid
>
> --vlanid-as-iface-idx=none
>
> --as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>
> --daemon-mode
>
> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt
>
> --city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
>
> -V=5
>
>
>
> ntopng:
>
> -G=/var/run/ntopng.pid
>
> --interface="tcp://127.0.0.1:5556"
>
> --local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx"
>
> --daemon
>
> --http-port=3000
>
> --sticky-hosts=none
>
> --dump-hosts=none
>
> -F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

I don't think it is time. Both have more-or-less the same offset relative to one particular local NTP server and are both in the same timezone. The offsets suggests a less than 0.3 millisecond time difference.


Also, wouldn't the same time problem apply to flows, which time out after 1 minute? And wouldn't that also cause the "hosts" counter to read "0 hosts" rather than "584 hosts"?


If I go into a flow, and click on a client IP, I can see the first/last seen line suggest host was seen very recently:


03/03/2017 07:22:46 [17 min, 56 sec ago] 03/03/2017 07:39:46 [44 sec ago]


?It is also identifying the host as being local and belonging in one of the host pools I created. It's a shame it doesn't show up in the all hosts page.


Regardless, I jacked up the local host timeout to 1 hour, which is as high as it will go.


I am not using "delay flow-create" at all on my asa, and my template timeout is set to 15 minutes (which I think I may drop to 1-2 minutes soon). The above "last seen" of 44 seconds suggests they're being exported often.


________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Friday, March 3, 2017 5:45 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Hi,

Is the clock of the ASA set properly? How often flows are exported? My guess is that timestamps of received flows are not in sync with the ntopng clock and thus hosts are considered idle and not shown in the web UI.

You may also want to increase idle timeouts from the ntopng preferences web page.

Regards,
Simone

On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:
I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS 16.04 to evaluate if it is worth purchasing.

This seems to work partially, I can see flows, protocol breakdowns etc. However, the population of hosts doesn’t seem to be working so well.

I generally see that there are hosts in the status block in the lower right, but when I go to "hosts" from the top menu, there are no hosts found.

Flows on the other hand populate correctly, and I can even click on a host IP in there and get a summary of the host.

I've tried tinkering with various things, like changing the idle timeouts, and adding local hosts as sticky, but that doesn't seem to help. At one point I got some local hosts to populate, and they stayed for a while as I was using sticky locals, but I realized no remotes were ever being added, so I tried restarting it with sticky-hosts=none, and now nothing is populated.

I've also tried updating a few times, currently I am running:
ntopng --version
v.2.5.170301 [Enterprise/Professional Edition]

and was running:
v.2.5.170228 [Enterprise/Professional Edition]

and prior to that I was running whatever was current on the apt repo last friday.

Have I misconfigured something? Failing to understand a limit of the demo versions?

I'm using this sending netflows from a Cisco ASA to nprobe, which then zmq's them to ntopng, so these are my conf files: (minor censoring of bits with xxx's)

nprobe:
--collector=none
--interface=none
--zmq="tcp://*:5556"
--collector-port=2055
--lifetime-timeout=180
--idle-timeout=60
-g=/var/run/nprobe-none.pid
--vlanid-as-iface-idx=none
--as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
--daemon-mode
--dump-stats=/var/log/nprobe/none-0_flows_stats.txt
--city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
-V=5

ntopng:
-G=/var/run/ntopng.pid
--interface="tcp://127.0.0.1:5556<http://127.0.0.1:5556>"
--local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx<http://192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx>"
--daemon
--http-port=3000
--sticky-hosts=none
--dump-hosts=none
-F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

Hi,

On Fri, Mar 3, 2017 at 1:48 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> I don't think it is time. Both have more-or-less the same offset relative
> to one particular local NTP server and are both in the same timezone. The
> offsets suggests a less than 0.3 millisecond time difference.
>
>
> Also, wouldn't the same time problem apply to flows, which time out after
> 1 minute? And wouldn't that also cause the "hosts" counter to read "0
> hosts" rather than "584 hosts"?
>
no. The bottom-right counter show the number of hosts in cache, while the
Hosts page gives only the currently active hosts. So it can be that the
bottom counter is > of the current number of active hosts.

>
> If I go into a flow, and click on a client IP, I can see the first/last
> seen line suggest host was seen very recently:
>
>
> 03/03/2017 07:22:46 [17 min, 56 sec ago] 03/03/2017 07:39:46 [44 sec
> ago]
>
>
> ?It is also identifying the host as being local and belonging in one of
> the host pools I created. It's a shame it doesn't show up in the all hosts
> page.
>
>
> Regardless, I jacked up the local host timeout to 1 hour, which is as high
> as it will go.
>
>
> I am not using "delay flow-create" at all on my asa, and my template
> timeout is set to 15 minutes (which I think I may drop to 1-2 minutes
> soon). The above "last seen" of 44 seconds suggests they're being exported
> often.
>
Please, start ntopng in foreground and inspect the console for any error
that may occur when visiting the hosts page. Also use your browser to
search for any possible JS errors (right-click and inspect element before
visiting the empty hosts page).

>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 5:45 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
> Hi,
>
> Is the clock of the ASA set properly? How often flows are exported? My
> guess is that timestamps of received flows are not in sync with the ntopng
> clock and thus hosts are considered idle and not shown in the web UI.
>
> You may also want to increase idle timeouts from the ntopng preferences
> web page.
>
> Regards,
> Simone
>
> On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
>> I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS
>> 16.04 to evaluate if it is worth purchasing.
>>
>>
>>
>> This seems to work partially, I can see flows, protocol breakdowns etc.
>> However, the population of hosts doesn’t seem to be working so well.
>>
>>
>>
>> I generally see that there are hosts in the status block in the lower
>> right, but when I go to "hosts" from the top menu, there are no hosts found.
>>
>>
>>
>> Flows on the other hand populate correctly, and I can even click on a
>> host IP in there and get a summary of the host.
>>
>>
>>
>> I've tried tinkering with various things, like changing the idle
>> timeouts, and adding local hosts as sticky, but that doesn't seem to help.
>> At one point I got some local hosts to populate, and they stayed for a
>> while as I was using sticky locals, but I realized no remotes were ever
>> being added, so I tried restarting it with sticky-hosts=none, and now
>> nothing is populated.
>>
>>
>>
>> I've also tried updating a few times, currently I am running:
>>
>> ntopng --version
>>
>> v.2.5.170301 [Enterprise/Professional Edition]
>>
>>
>>
>> and was running:
>>
>> v.2.5.170228 [Enterprise/Professional Edition]
>>
>>
>>
>> and prior to that I was running whatever was current on the apt repo last
>> friday.
>>
>>
>>
>> Have I misconfigured something? Failing to understand a limit of the demo
>> versions?
>>
>>
>>
>> I'm using this sending netflows from a Cisco ASA to nprobe, which then
>> zmq's them to ntopng, so these are my conf files: (minor censoring of bits
>> with xxx's)
>>
>>
>>
>> nprobe:
>>
>> --collector=none
>>
>> --interface=none
>>
>> --zmq="tcp://*:5556"
>>
>> --collector-port=2055
>>
>> --lifetime-timeout=180
>>
>> --idle-timeout=60
>>
>> -g=/var/run/nprobe-none.pid
>>
>> --vlanid-as-iface-idx=none
>>
>> --as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>>
>> --daemon-mode
>>
>> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt
>>
>> --city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
>>
>> -V=5
>>
>>
>>
>> ntopng:
>>
>> -G=/var/run/ntopng.pid
>>
>> --interface="tcp://127.0.0.1:5556"
>>
>> --local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx"
>>
>> --daemon
>>
>> --http-port=3000
>>
>> --sticky-hosts=none
>>
>> --dump-hosts=none
>>
>> -F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
>> *This e-mail is intended solely for the addressee. Access to this email
>> by anyone else is unauthorized. If you have received this e-mail in error,
>> please notify the sender immediately, delete the e-mail from your computer
>> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
>> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
>> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
>> action taken or omitted to be taken in reliance on it, is prohibited and
>> may be unlawful. Fourth Dimension is not responsible for any damages caused
>> by your unauthorized use of the materials in this e-mail.
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi,

On Fri, Mar 3, 2017 at 1:48 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> I don't think it is time. Both have more-or-less the same offset relative
> to one particular local NTP server and are both in the same timezone. The
> offsets suggests a less than 0.3 millisecond time difference.
>
>
> Also, wouldn't the same time problem apply to flows, which time out after
> 1 minute? And wouldn't that also cause the "hosts" counter to read "0
> hosts" rather than "584 hosts"?
>
no. The bottom-right counter show the number of hosts in cache, while the
Hosts page gives only the currently active hosts. So it can be that the
bottom counter is > of the current number of active hosts.

>
> If I go into a flow, and click on a client IP, I can see the first/last
> seen line suggest host was seen very recently:
>
>
> 03/03/2017 07:22:46 [17 min, 56 sec ago] 03/03/2017 07:39:46 [44 sec
> ago]
>
>
> ?It is also identifying the host as being local and belonging in one of
> the host pools I created. It's a shame it doesn't show up in the all hosts
> page.
>
>
> Regardless, I jacked up the local host timeout to 1 hour, which is as high
> as it will go.
>
>
> I am not using "delay flow-create" at all on my asa, and my template
> timeout is set to 15 minutes (which I think I may drop to 1-2 minutes
> soon). The above "last seen" of 44 seconds suggests they're being exported
> often.
>
Please, start ntopng in foreground and inspect the console for any error
that may occur when visiting the hosts page. Also use your browser to
search for any possible JS errors (right-click and inspect element before
visiting the empty hosts page).

>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 5:45 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
> Hi,
>
> Is the clock of the ASA set properly? How often flows are exported? My
> guess is that timestamps of received flows are not in sync with the ntopng
> clock and thus hosts are considered idle and not shown in the web UI.
>
> You may also want to increase idle timeouts from the ntopng preferences
> web page.
>
> Regards,
> Simone
>
> On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
>> I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS
>> 16.04 to evaluate if it is worth purchasing.
>>
>>
>>
>> This seems to work partially, I can see flows, protocol breakdowns etc.
>> However, the population of hosts doesn’t seem to be working so well.
>>
>>
>>
>> I generally see that there are hosts in the status block in the lower
>> right, but when I go to "hosts" from the top menu, there are no hosts found.
>>
>>
>>
>> Flows on the other hand populate correctly, and I can even click on a
>> host IP in there and get a summary of the host.
>>
>>
>>
>> I've tried tinkering with various things, like changing the idle
>> timeouts, and adding local hosts as sticky, but that doesn't seem to help.
>> At one point I got some local hosts to populate, and they stayed for a
>> while as I was using sticky locals, but I realized no remotes were ever
>> being added, so I tried restarting it with sticky-hosts=none, and now
>> nothing is populated.
>>
>>
>>
>> I've also tried updating a few times, currently I am running:
>>
>> ntopng --version
>>
>> v.2.5.170301 [Enterprise/Professional Edition]
>>
>>
>>
>> and was running:
>>
>> v.2.5.170228 [Enterprise/Professional Edition]
>>
>>
>>
>> and prior to that I was running whatever was current on the apt repo last
>> friday.
>>
>>
>>
>> Have I misconfigured something? Failing to understand a limit of the demo
>> versions?
>>
>>
>>
>> I'm using this sending netflows from a Cisco ASA to nprobe, which then
>> zmq's them to ntopng, so these are my conf files: (minor censoring of bits
>> with xxx's)
>>
>>
>>
>> nprobe:
>>
>> --collector=none
>>
>> --interface=none
>>
>> --zmq="tcp://*:5556"
>>
>> --collector-port=2055
>>
>> --lifetime-timeout=180
>>
>> --idle-timeout=60
>>
>> -g=/var/run/nprobe-none.pid
>>
>> --vlanid-as-iface-idx=none
>>
>> --as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>>
>> --daemon-mode
>>
>> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt
>>
>> --city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
>>
>> -V=5
>>
>>
>>
>> ntopng:
>>
>> -G=/var/run/ntopng.pid
>>
>> --interface="tcp://127.0.0.1:5556"
>>
>> --local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx"
>>
>> --daemon
>>
>> --http-port=3000
>>
>> --sticky-hosts=none
>>
>> --dump-hosts=none
>>
>> -F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
>> *This e-mail is intended solely for the addressee. Access to this email
>> by anyone else is unauthorized. If you have received this e-mail in error,
>> please notify the sender immediately, delete the e-mail from your computer
>> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
>> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
>> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
>> action taken or omitted to be taken in reliance on it, is prohibited and
>> may be unlawful. Fourth Dimension is not responsible for any damages caused
>> by your unauthorized use of the materials in this e-mail.
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Ok, so my first run generated nothing, but that’s with the log level at the default of “normal”.

Cranking up the log level to debug, I see a few bits that are interesting (stripping out all the logs that a function got called):

03/Mar/2017 10:16:17 [HTTPserver.cpp:620] [HTTP] /lua/hosts_stats.lua [/usr/share/ntopng/scripts/lua/hosts_stats.lua]
03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule 0.0.0.0/0
03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule ::/0
03/Mar/2017 10:16:17 [Lua.cpp:112] NULL interface: did you restart ntopng in the meantime?
03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file /usr/share/ntopng/httpdocs/inc/header.inc
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file /usr/share/ntopng/httpdocs/inc/hosts_stats_id.inc
03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file /usr/share/ntopng/httpdocs/inc/hosts_stats_top.inc
03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file /usr/share/ntopng/httpdocs/inc/hosts_stats_bottom.inc

Not sure if the “null interface” and “no allowed interface” bits are the issue.

My browser-inspect isn’t showing any obvious errors.

From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Simone Mainardi
Sent: Friday, March 03, 2017 8:55 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Hi,

On Fri, Mar 3, 2017 at 1:48 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

I don't think it is time. Both have more-or-less the same offset relative to one particular local NTP server and are both in the same timezone. The offsets suggests a less than 0.3 millisecond time difference.



Also, wouldn't the same time problem apply to flows, which time out after 1 minute? And wouldn't that also cause the "hosts" counter to read "0 hosts" rather than "584 hosts"?
no. The bottom-right counter show the number of hosts in cache, while the Hosts page gives only the currently active hosts. So it can be that the bottom counter is > of the current number of active hosts.



If I go into a flow, and click on a client IP, I can see the first/last seen line suggest host was seen very recently:



03/03/2017 07:22:46 [17 min, 56 sec ago] 03/03/2017 07:39:46 [44 sec ago]



?It is also identifying the host as being local and belonging in one of the host pools I created. It's a shame it doesn't show up in the all hosts page.



Regardless, I jacked up the local host timeout to 1 hour, which is as high as it will go.



I am not using "delay flow-create" at all on my asa, and my template timeout is set to 15 minutes (which I think I may drop to 1-2 minutes soon). The above "last seen" of 44 seconds suggests they're being exported often.
Please, start ntopng in foreground and inspect the console for any error that may occur when visiting the hosts page. Also use your browser to search for any possible JS errors (right-click and inspect element before visiting the empty hosts page).



________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 5:45 AM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Hi,

Is the clock of the ASA set properly? How often flows are exported? My guess is that timestamps of received flows are not in sync with the ntopng clock and thus hosts are considered idle and not shown in the web UI.

You may also want to increase idle timeouts from the ntopng preferences web page.

Regards,
Simone

On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:
I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS 16.04 to evaluate if it is worth purchasing.

This seems to work partially, I can see flows, protocol breakdowns etc. However, the population of hosts doesn’t seem to be working so well.

I generally see that there are hosts in the status block in the lower right, but when I go to "hosts" from the top menu, there are no hosts found.

Flows on the other hand populate correctly, and I can even click on a host IP in there and get a summary of the host.

I've tried tinkering with various things, like changing the idle timeouts, and adding local hosts as sticky, but that doesn't seem to help. At one point I got some local hosts to populate, and they stayed for a while as I was using sticky locals, but I realized no remotes were ever being added, so I tried restarting it with sticky-hosts=none, and now nothing is populated.

I've also tried updating a few times, currently I am running:
ntopng --version
v.2.5.170301 [Enterprise/Professional Edition]

and was running:
v.2.5.170228 [Enterprise/Professional Edition]

and prior to that I was running whatever was current on the apt repo last friday.

Have I misconfigured something? Failing to understand a limit of the demo versions?

I'm using this sending netflows from a Cisco ASA to nprobe, which then zmq's them to ntopng, so these are my conf files: (minor censoring of bits with xxx's)

nprobe:
--collector=none
--interface=none
--zmq="tcp://*:5556"
--collector-port=2055
--lifetime-timeout=180
--idle-timeout=60
-g=/var/run/nprobe-none.pid
--vlanid-as-iface-idx=none
--as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
--daemon-mode
--dump-stats=/var/log/nprobe/none-0_flows_stats.txt
--city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
-V=5

ntopng:
-G=/var/run/ntopng.pid
--interface="tcp://127.0.0.1:5556<http://127.0.0.1:5556>"
--local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx<http://192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx>"
--daemon
--http-port=3000
--sticky-hosts=none
--dump-hosts=none
-F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

Ok, so my first run generated nothing, but that’s with the log level at the default of “normal”.

Cranking up the log level to debug, I see a few bits that are interesting (stripping out all the logs that a function got called):

03/Mar/2017 10:16:17 [HTTPserver.cpp:620] [HTTP] /lua/hosts_stats.lua [/usr/share/ntopng/scripts/lua/hosts_stats.lua]
03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule 0.0.0.0/0
03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule ::/0
03/Mar/2017 10:16:17 [Lua.cpp:112] NULL interface: did you restart ntopng in the meantime?
03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file /usr/share/ntopng/httpdocs/inc/header.inc
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://127.0.0.1:5556
03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file /usr/share/ntopng/httpdocs/inc/hosts_stats_id.inc
03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file /usr/share/ntopng/httpdocs/inc/hosts_stats_top.inc
03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file /usr/share/ntopng/httpdocs/inc/hosts_stats_bottom.inc

Not sure if the “null interface” and “no allowed interface” bits are the issue.

My browser-inspect isn’t showing any obvious errors.

From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Simone Mainardi
Sent: Friday, March 03, 2017 8:55 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Hi,

On Fri, Mar 3, 2017 at 1:48 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

I don't think it is time. Both have more-or-less the same offset relative to one particular local NTP server and are both in the same timezone. The offsets suggests a less than 0.3 millisecond time difference.



Also, wouldn't the same time problem apply to flows, which time out after 1 minute? And wouldn't that also cause the "hosts" counter to read "0 hosts" rather than "584 hosts"?
no. The bottom-right counter show the number of hosts in cache, while the Hosts page gives only the currently active hosts. So it can be that the bottom counter is > of the current number of active hosts.



If I go into a flow, and click on a client IP, I can see the first/last seen line suggest host was seen very recently:



03/03/2017 07:22:46 [17 min, 56 sec ago] 03/03/2017 07:39:46 [44 sec ago]



?It is also identifying the host as being local and belonging in one of the host pools I created. It's a shame it doesn't show up in the all hosts page.



Regardless, I jacked up the local host timeout to 1 hour, which is as high as it will go.



I am not using "delay flow-create" at all on my asa, and my template timeout is set to 15 minutes (which I think I may drop to 1-2 minutes soon). The above "last seen" of 44 seconds suggests they're being exported often.
Please, start ntopng in foreground and inspect the console for any error that may occur when visiting the hosts page. Also use your browser to search for any possible JS errors (right-click and inspect element before visiting the empty hosts page).



________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 5:45 AM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Hi,

Is the clock of the ASA set properly? How often flows are exported? My guess is that timestamps of received flows are not in sync with the ntopng clock and thus hosts are considered idle and not shown in the web UI.

You may also want to increase idle timeouts from the ntopng preferences web page.

Regards,
Simone

On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:
I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS 16.04 to evaluate if it is worth purchasing.

This seems to work partially, I can see flows, protocol breakdowns etc. However, the population of hosts doesn’t seem to be working so well.

I generally see that there are hosts in the status block in the lower right, but when I go to "hosts" from the top menu, there are no hosts found.

Flows on the other hand populate correctly, and I can even click on a host IP in there and get a summary of the host.

I've tried tinkering with various things, like changing the idle timeouts, and adding local hosts as sticky, but that doesn't seem to help. At one point I got some local hosts to populate, and they stayed for a while as I was using sticky locals, but I realized no remotes were ever being added, so I tried restarting it with sticky-hosts=none, and now nothing is populated.

I've also tried updating a few times, currently I am running:
ntopng --version
v.2.5.170301 [Enterprise/Professional Edition]

and was running:
v.2.5.170228 [Enterprise/Professional Edition]

and prior to that I was running whatever was current on the apt repo last friday.

Have I misconfigured something? Failing to understand a limit of the demo versions?

I'm using this sending netflows from a Cisco ASA to nprobe, which then zmq's them to ntopng, so these are my conf files: (minor censoring of bits with xxx's)

nprobe:
--collector=none
--interface=none
--zmq="tcp://*:5556"
--collector-port=2055
--lifetime-timeout=180
--idle-timeout=60
-g=/var/run/nprobe-none.pid
--vlanid-as-iface-idx=none
--as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
--daemon-mode
--dump-stats=/var/log/nprobe/none-0_flows_stats.txt
--city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
-V=5

ntopng:
-G=/var/run/ntopng.pid
--interface="tcp://127.0.0.1:5556<http://127.0.0.1:5556>"
--local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx<http://192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx>"
--daemon
--http-port=3000
--sticky-hosts=none
--dump-hosts=none
-F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

Matt,

I was able to reproduce your issue. I've filed an issue that is already
being processed. Please follow up here
https://github.com/ntop/ntopng/issues/1015

Simone

On Fri, 3 Mar 2017 at 17:28, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> Ok, so my first run generated nothing, but that’s with the log level at
> the default of “normal”.
>
>
>
> Cranking up the log level to debug, I see a few bits that are interesting
> (stripping out all the logs that a function got called):
>
>
>
> 03/Mar/2017 10:16:17 [HTTPserver.cpp:620] [HTTP] /lua/hosts_stats.lua
> [/usr/share/ntopng/scripts/lua/hosts_stats.lua]
>
> 03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule 0.0.0.0/0
>
> 03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule ::/0
>
> 03/Mar/2017 10:16:17 [Lua.cpp:112] NULL interface: did you restart ntopng
> in the meantime?
>
> 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file
> /usr/share/ntopng/httpdocs/inc/header.inc
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file
> /usr/share/ntopng/httpdocs/inc/hosts_stats_id.inc
>
> 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file
> /usr/share/ntopng/httpdocs/inc/hosts_stats_top.inc
>
> 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file
> /usr/share/ntopng/httpdocs/inc/hosts_stats_bottom.inc
>
>
>
> Not sure if the “null interface” and “no allowed interface” bits are the
> issue.
>
>
>
> My browser-inspect isn’t showing any obvious errors.
>
>
>
> *From:* ntop-bounces@listgateway.unipi.it [mailto:
> ntop-bounces@listgateway.unipi.it] *On Behalf Of *Simone Mainardi
> *Sent:* Friday, March 03, 2017 8:55 AM
>
>
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Hi,
>
>
>
> On Fri, Mar 3, 2017 at 1:48 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> I don't think it is time. Both have more-or-less the same offset relative
> to one particular local NTP server and are both in the same timezone. The
> offsets suggests a less than 0.3 millisecond time difference.
>
>
>
> Also, wouldn't the same time problem apply to flows, which time out after
> 1 minute? And wouldn't that also cause the "hosts" counter to read "0
> hosts" rather than "584 hosts"?
>
> no. The bottom-right counter show the number of hosts in cache, while the
> Hosts page gives only the currently active hosts. So it can be that the
> bottom counter is > of the current number of active hosts.
>
>
>
> If I go into a flow, and click on a client IP, I can see the first/last
> seen line suggest host was seen very recently:
>
>
>
> 03/03/2017 07:22:46 [17 min, 56 sec ago] 03/03/2017 07:39:46 [44 sec
> ago]
>
>
>
> ?It is also identifying the host as being local and belonging in one of
> the host pools I created. It's a shame it doesn't show up in the all hosts
> page.
>
>
>
> Regardless, I jacked up the local host timeout to 1 hour, which is as high
> as it will go.
>
>
>
> I am not using "delay flow-create" at all on my asa, and my template
> timeout is set to 15 minutes (which I think I may drop to 1-2 minutes
> soon). The above "last seen" of 44 seconds suggests they're being exported
> often.
>
> Please, start ntopng in foreground and inspect the console for any error
> that may occur when visiting the hosts page. Also use your browser to
> search for any possible JS errors (right-click and inspect element before
> visiting the empty hosts page).
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <
> ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <
> mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 5:45 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Hi,
>
>
>
> Is the clock of the ASA set properly? How often flows are exported? My
> guess is that timestamps of received flows are not in sync with the ntopng
> clock and thus hosts are considered idle and not shown in the web UI.
>
>
>
> You may also want to increase idle timeouts from the ntopng preferences
> web page.
>
>
>
> Regards,
>
> Simone
>
>
>
> On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS
> 16.04 to evaluate if it is worth purchasing.
>
>
>
> This seems to work partially, I can see flows, protocol breakdowns etc.
> However, the population of hosts doesn’t seem to be working so well.
>
>
>
> I generally see that there are hosts in the status block in the lower
> right, but when I go to "hosts" from the top menu, there are no hosts found.
>
>
>
> Flows on the other hand populate correctly, and I can even click on a host
> IP in there and get a summary of the host.
>
>
>
> I've tried tinkering with various things, like changing the idle timeouts,
> and adding local hosts as sticky, but that doesn't seem to help. At one
> point I got some local hosts to populate, and they stayed for a while as I
> was using sticky locals, but I realized no remotes were ever being added,
> so I tried restarting it with sticky-hosts=none, and now nothing is
> populated.
>
>
>
> I've also tried updating a few times, currently I am running:
>
> ntopng --version
>
> v.2.5.170301 [Enterprise/Professional Edition]
>
>
>
> and was running:
>
> v.2.5.170228 [Enterprise/Professional Edition]
>
>
>
> and prior to that I was running whatever was current on the apt repo last
> friday.
>
>
>
> Have I misconfigured something? Failing to understand a limit of the demo
> versions?
>
>
>
> I'm using this sending netflows from a Cisco ASA to nprobe, which then
> zmq's them to ntopng, so these are my conf files: (minor censoring of bits
> with xxx's)
>
>
>
> nprobe:
>
> --collector=none
>
> --interface=none
>
> --zmq="tcp://*:5556"
>
> --collector-port=2055
>
> --lifetime-timeout=180
>
> --idle-timeout=60
>
> -g=/var/run/nprobe-none.pid
>
> --vlanid-as-iface-idx=none
>
> --as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>
> --daemon-mode
>
> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt
>
> --city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
>
> -V=5
>
>
>
> ntopng:
>
> -G=/var/run/ntopng.pid
>
> --interface="tcp://127.0.0.1:5556"
>
> --local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx"
>
> --daemon
>
> --http-port=3000
>
> --sticky-hosts=none
>
> --dump-hosts=none
>
> -F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

--
Sent from my iPad. Sorry for typos.

Matt,

I was able to reproduce your issue. I've filed an issue that is already
being processed. Please follow up here
https://github.com/ntop/ntopng/issues/1015

Simone

On Fri, 3 Mar 2017 at 17:28, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> Ok, so my first run generated nothing, but that’s with the log level at
> the default of “normal”.
>
>
>
> Cranking up the log level to debug, I see a few bits that are interesting
> (stripping out all the logs that a function got called):
>
>
>
> 03/Mar/2017 10:16:17 [HTTPserver.cpp:620] [HTTP] /lua/hosts_stats.lua
> [/usr/share/ntopng/scripts/lua/hosts_stats.lua]
>
> 03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule 0.0.0.0/0
>
> 03/Mar/2017 10:16:17 [Utils.cpp:1829] Rule ::/0
>
> 03/Mar/2017 10:16:17 [Lua.cpp:112] NULL interface: did you restart ntopng
> in the meantime?
>
> 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file
> /usr/share/ntopng/httpdocs/inc/header.inc
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Lua.cpp:232] Returning name tcp://127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Ntop.cpp:804] No allowed interface found for tcp://
> 127.0.0.1:5556
>
> 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file
> /usr/share/ntopng/httpdocs/inc/hosts_stats_id.inc
>
> 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file
> /usr/share/ntopng/httpdocs/inc/hosts_stats_top.inc
>
> 03/Mar/2017 10:16:17 [Lua.cpp:143] [HTTP] Serving file
> /usr/share/ntopng/httpdocs/inc/hosts_stats_bottom.inc
>
>
>
> Not sure if the “null interface” and “no allowed interface” bits are the
> issue.
>
>
>
> My browser-inspect isn’t showing any obvious errors.
>
>
>
> *From:* ntop-bounces@listgateway.unipi.it [mailto:
> ntop-bounces@listgateway.unipi.it] *On Behalf Of *Simone Mainardi
> *Sent:* Friday, March 03, 2017 8:55 AM
>
>
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Hi,
>
>
>
> On Fri, Mar 3, 2017 at 1:48 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> I don't think it is time. Both have more-or-less the same offset relative
> to one particular local NTP server and are both in the same timezone. The
> offsets suggests a less than 0.3 millisecond time difference.
>
>
>
> Also, wouldn't the same time problem apply to flows, which time out after
> 1 minute? And wouldn't that also cause the "hosts" counter to read "0
> hosts" rather than "584 hosts"?
>
> no. The bottom-right counter show the number of hosts in cache, while the
> Hosts page gives only the currently active hosts. So it can be that the
> bottom counter is > of the current number of active hosts.
>
>
>
> If I go into a flow, and click on a client IP, I can see the first/last
> seen line suggest host was seen very recently:
>
>
>
> 03/03/2017 07:22:46 [17 min, 56 sec ago] 03/03/2017 07:39:46 [44 sec
> ago]
>
>
>
> ?It is also identifying the host as being local and belonging in one of
> the host pools I created. It's a shame it doesn't show up in the all hosts
> page.
>
>
>
> Regardless, I jacked up the local host timeout to 1 hour, which is as high
> as it will go.
>
>
>
> I am not using "delay flow-create" at all on my asa, and my template
> timeout is set to 15 minutes (which I think I may drop to 1-2 minutes
> soon). The above "last seen" of 44 seconds suggests they're being exported
> often.
>
> Please, start ntopng in foreground and inspect the console for any error
> that may occur when visiting the hosts page. Also use your browser to
> search for any possible JS errors (right-click and inspect element before
> visiting the empty hosts page).
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <
> ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <
> mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 5:45 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Hi,
>
>
>
> Is the clock of the ASA set properly? How often flows are exported? My
> guess is that timestamps of received flows are not in sync with the ntopng
> clock and thus hosts are considered idle and not shown in the web UI.
>
>
>
> You may also want to increase idle timeouts from the ntopng preferences
> web page.
>
>
>
> Regards,
>
> Simone
>
>
>
> On Wed, Mar 1, 2017 at 6:46 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> I'm currently testing out a demo copy of nprobe/ntopng, on an Ubuntu LTS
> 16.04 to evaluate if it is worth purchasing.
>
>
>
> This seems to work partially, I can see flows, protocol breakdowns etc.
> However, the population of hosts doesn’t seem to be working so well.
>
>
>
> I generally see that there are hosts in the status block in the lower
> right, but when I go to "hosts" from the top menu, there are no hosts found.
>
>
>
> Flows on the other hand populate correctly, and I can even click on a host
> IP in there and get a summary of the host.
>
>
>
> I've tried tinkering with various things, like changing the idle timeouts,
> and adding local hosts as sticky, but that doesn't seem to help. At one
> point I got some local hosts to populate, and they stayed for a while as I
> was using sticky locals, but I realized no remotes were ever being added,
> so I tried restarting it with sticky-hosts=none, and now nothing is
> populated.
>
>
>
> I've also tried updating a few times, currently I am running:
>
> ntopng --version
>
> v.2.5.170301 [Enterprise/Professional Edition]
>
>
>
> and was running:
>
> v.2.5.170228 [Enterprise/Professional Edition]
>
>
>
> and prior to that I was running whatever was current on the apt repo last
> friday.
>
>
>
> Have I misconfigured something? Failing to understand a limit of the demo
> versions?
>
>
>
> I'm using this sending netflows from a Cisco ASA to nprobe, which then
> zmq's them to ntopng, so these are my conf files: (minor censoring of bits
> with xxx's)
>
>
>
> nprobe:
>
> --collector=none
>
> --interface=none
>
> --zmq="tcp://*:5556"
>
> --collector-port=2055
>
> --lifetime-timeout=180
>
> --idle-timeout=60
>
> -g=/var/run/nprobe-none.pid
>
> --vlanid-as-iface-idx=none
>
> --as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>
> --daemon-mode
>
> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt
>
> --city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
>
> -V=5
>
>
>
> ntopng:
>
> -G=/var/run/ntopng.pid
>
> --interface="tcp://127.0.0.1:5556"
>
> --local-networks="192.168.0.0/16,10.0.0.0/8,xx.xx.xx.xx/xx"
>
> --daemon
>
> --http-port=3000
>
> --sticky-hosts=none
>
> --dump-hosts=none
>
> -F "mysql;xxxx;ntopng;flows;xxxxx;xxxxx"
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

--
Sent from my iPad. Sorry for typos.

Thanks,


In the meantime, is there a binary repository out there with stable versions in it?


It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.



________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

Thanks,


In the meantime, is there a binary repository out there with stable versions in it?


It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.



________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> Thanks,
>
>
> In the meantime, is there a binary repository out there with stable
> versions in it?
>
>
> It seems like the existing repositories at http://packages.ntop.org/
> apt/16.04/? are nightly builds, not stable releases.
>
>
>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 1:06 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
> Matt,
>
> I was able to reproduce your issue. I've filed an issue that is already
> being processed. Please follow up here https://github.com/ntop/
> ntopng/issues/1015
>
> Simone
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> Thanks,
>
>
> In the meantime, is there a binary repository out there with stable
> versions in it?
>
>
> It seems like the existing repositories at http://packages.ntop.org/
> apt/16.04/? are nightly builds, not stable releases.
>
>
>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 1:06 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
> Matt,
>
> I was able to reproduce your issue. I've filed an issue that is already
> being processed. Please follow up here https://github.com/ntop/
> ntopng/issues/1015
>
> Simone
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

I updated, now running:

four@it:~$ ntopng --version
v.2.5.170304 [Enterprise/Professional Edition]
GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
Pro rev: r975

The hosts issue is not resolved.

Perhaps I should tear-down my install and set up using the repo from apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the un-tagged version was a development branch when I first set up.








________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Saturday, March 4, 2017 8:13 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

Thanks,


In the meantime, is there a binary repository out there with stable versions in it?


It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.



________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

I updated, now running:

four@it:~$ ntopng --version
v.2.5.170304 [Enterprise/Professional Edition]
GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
Pro rev: r975

The hosts issue is not resolved.

Perhaps I should tear-down my install and set up using the repo from apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the un-tagged version was a development branch when I first set up.








________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Saturday, March 4, 2017 8:13 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

Thanks,


In the meantime, is there a binary repository out there with stable versions in it?


It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.



________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

All seems to be working correctly now that I'm running the stable version.


I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis before it worked correctly, but at least it is up and behaving.




________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
Sent: Saturday, March 4, 2017 11:12 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..


I updated, now running:

four@it:~$ ntopng --version
v.2.5.170304 [Enterprise/Professional Edition]
GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
Pro rev: r975

The hosts issue is not resolved.

Perhaps I should tear-down my install and set up using the repo from apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the un-tagged version was a development branch when I first set up.








________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Saturday, March 4, 2017 8:13 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

Thanks,


In the meantime, is there a binary repository out there with stable versions in it?


It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.



________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

All seems to be working correctly now that I'm running the stable version.


I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis before it worked correctly, but at least it is up and behaving.




________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
Sent: Saturday, March 4, 2017 11:12 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..


I updated, now running:

four@it:~$ ntopng --version
v.2.5.170304 [Enterprise/Professional Edition]
GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
Pro rev: r975

The hosts issue is not resolved.

Perhaps I should tear-down my install and set up using the repo from apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the un-tagged version was a development branch when I first set up.








________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Saturday, March 4, 2017 8:13 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

Thanks,


In the meantime, is there a binary repository out there with stable versions in it?


It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.



________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

?I take that back, the stable version demonstrates a different problem:


It thinks that the current flows, as well as the hosts, are all quite old (over 1 month). In fact, they're all first and last seen on the exact same date and time, down to the second. Every flow, every host...


In fact, the date of all these seems to be the exact date and time that I last rebooted the ASA.


This is weird, since the development branch was tracking the time of flows pretty accurately, it just wasn't tracking hosts at all. And both the ASA and host running nprobe/ntopng are very closely syncrhonized in time via ntp.


Is this some kind of configuration issue? or data issue resulting from rolling back versions? (I tried very hard to wipe out everything from the old install, other than the .conf files starting nprobe/ntopng).


Is ASA netflow not really used/supported well? I know it has issues, due to the lack of mid-flow updates and other quirks of the ASA. Would I be better off doing flexible netflow from a Cisco switch? I have sufficient licensing and hardware to support FNF on it, but is switch-based FNF any better than ASA netflow?





________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
Sent: Sunday, March 5, 2017 8:29 PM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..


All seems to be working correctly now that I'm running the stable version.


I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis before it worked correctly, but at least it is up and behaving.




________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
Sent: Saturday, March 4, 2017 11:12 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..


I updated, now running:

four@it:~$ ntopng --version
v.2.5.170304 [Enterprise/Professional Edition]
GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
Pro rev: r975

The hosts issue is not resolved.

Perhaps I should tear-down my install and set up using the repo from apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the un-tagged version was a development branch when I first set up.








________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Saturday, March 4, 2017 8:13 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

Thanks,


In the meantime, is there a binary repository out there with stable versions in it?


It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.



________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

?I take that back, the stable version demonstrates a different problem:


It thinks that the current flows, as well as the hosts, are all quite old (over 1 month). In fact, they're all first and last seen on the exact same date and time, down to the second. Every flow, every host...


In fact, the date of all these seems to be the exact date and time that I last rebooted the ASA.


This is weird, since the development branch was tracking the time of flows pretty accurately, it just wasn't tracking hosts at all. And both the ASA and host running nprobe/ntopng are very closely syncrhonized in time via ntp.


Is this some kind of configuration issue? or data issue resulting from rolling back versions? (I tried very hard to wipe out everything from the old install, other than the .conf files starting nprobe/ntopng).


Is ASA netflow not really used/supported well? I know it has issues, due to the lack of mid-flow updates and other quirks of the ASA. Would I be better off doing flexible netflow from a Cisco switch? I have sufficient licensing and hardware to support FNF on it, but is switch-based FNF any better than ASA netflow?





________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
Sent: Sunday, March 5, 2017 8:29 PM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..


All seems to be working correctly now that I'm running the stable version.


I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis before it worked correctly, but at least it is up and behaving.




________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
Sent: Saturday, March 4, 2017 11:12 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..


I updated, now running:

four@it:~$ ntopng --version
v.2.5.170304 [Enterprise/Professional Edition]
GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
Pro rev: r975

The hosts issue is not resolved.

Perhaps I should tear-down my install and set up using the repo from apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the un-tagged version was a development branch when I first set up.








________________________________
From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
Sent: Saturday, March 4, 2017 8:13 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

Thanks,


In the meantime, is there a binary repository out there with stable versions in it?


It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.



________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

Matt,


On Mon, Mar 6, 2017 at 4:48 AM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> ?I take that back, the stable version demonstrates a different problem:
>
>
> It thinks that the current flows, as well as the hosts, are all quite old
> (over 1 month). In fact, they're all first and last seen on the exact same
> date and time, down to the second. Every flow, every host...
>
>
> In fact, the date of all these seems to be the exact date and time that I
> last rebooted the ASA.
>
>
> This is weird, since the development branch was tracking the time of flows
> pretty accurately, it just wasn't tracking hosts at all.
>

That issue has been fixed. You should get proper handling of time and host
tracking if you use the latest dev build.


> And both the ASA and host running nprobe/ntopng are very closely
> syncrhonized in time via ntp.
>
>
> Is this some kind of configuration issue? or data issue resulting from
> rolling back versions? (I tried very hard to wipe out everything from the
> old install, other than the .conf files starting nprobe/ntopng).
>
>
> Is ASA netflow not really used/supported well? I know it has issues, due
> to the lack of mid-flow updates and other quirks of the ASA. Would I be
> better off doing flexible netflow from a Cisco switch? I have sufficient
> licensing and hardware to support FNF on it, but is switch-based FNF any
> better than ASA netflow?
>
>
>
>
>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Sunday, March 5, 2017 8:29 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
> All seems to be working correctly now that I'm running the stable version.
>
>
> I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis
> before it worked correctly, but at least it is up and behaving.
>
>
>
>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Saturday, March 4, 2017 11:12 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
> I updated, now running:
>
> four@it:~$ ntopng --version
> v.2.5.170304 [Enterprise/Professional Edition]
> GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
> Pro rev: r975
>
> The hosts issue is not resolved.
>
> Perhaps I should tear-down my install and set up using the repo from
> apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the
> un-tagged version was a development branch when I first set up.
>
>
>
>
>
>
>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Saturday, March 4, 2017 8:13 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
> Matt, the issue is now fixed, please update.
>
> Stable and dev packages are available at: http://packages.ntop.org/
>
> On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
>> Thanks,
>>
>>
>> In the meantime, is there a binary repository out there with stable
>> versions in it?
>>
>>
>> It seems like the existing repositories at http://packages.ntop.org/ap
>> t/16.04/? are nightly builds, not stable releases.
>>
>>
>>
>> ------------------------------
>> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unip
>> i.it> on behalf of Simone Mainardi <mainardi@ntop.org>
>> *Sent:* Friday, March 3, 2017 1:06 PM
>> *To:* ntop@unipi.it
>> *Cc:* ntop@listgateway.unipi.it
>> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>>
>> Matt,
>>
>> I was able to reproduce your issue. I've filed an issue that is already
>> being processed. Please follow up here https://github.com/ntop/n
>> topng/issues/1015
>>
>> Simone
>> *This e-mail is intended solely for the addressee. Access to this email
>> by anyone else is unauthorized. If you have received this e-mail in error,
>> please notify the sender immediately, delete the e-mail from your computer
>> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
>> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
>> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
>> action taken or omitted to be taken in reliance on it, is prohibited and
>> may be unlawful. Fourth Dimension is not responsible for any damages caused
>> by your unauthorized use of the materials in this e-mail.
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Matt,


On Mon, Mar 6, 2017 at 4:48 AM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> ?I take that back, the stable version demonstrates a different problem:
>
>
> It thinks that the current flows, as well as the hosts, are all quite old
> (over 1 month). In fact, they're all first and last seen on the exact same
> date and time, down to the second. Every flow, every host...
>
>
> In fact, the date of all these seems to be the exact date and time that I
> last rebooted the ASA.
>
>
> This is weird, since the development branch was tracking the time of flows
> pretty accurately, it just wasn't tracking hosts at all.
>

That issue has been fixed. You should get proper handling of time and host
tracking if you use the latest dev build.


> And both the ASA and host running nprobe/ntopng are very closely
> syncrhonized in time via ntp.
>
>
> Is this some kind of configuration issue? or data issue resulting from
> rolling back versions? (I tried very hard to wipe out everything from the
> old install, other than the .conf files starting nprobe/ntopng).
>
>
> Is ASA netflow not really used/supported well? I know it has issues, due
> to the lack of mid-flow updates and other quirks of the ASA. Would I be
> better off doing flexible netflow from a Cisco switch? I have sufficient
> licensing and hardware to support FNF on it, but is switch-based FNF any
> better than ASA netflow?
>
>
>
>
>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Sunday, March 5, 2017 8:29 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
> All seems to be working correctly now that I'm running the stable version.
>
>
> I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis
> before it worked correctly, but at least it is up and behaving.
>
>
>
>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Saturday, March 4, 2017 11:12 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
> I updated, now running:
>
> four@it:~$ ntopng --version
> v.2.5.170304 [Enterprise/Professional Edition]
> GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
> Pro rev: r975
>
> The hosts issue is not resolved.
>
> Perhaps I should tear-down my install and set up using the repo from
> apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the
> un-tagged version was a development branch when I first set up.
>
>
>
>
>
>
>
> ------------------------------
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Saturday, March 4, 2017 8:13 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
> Matt, the issue is now fixed, please update.
>
> Stable and dev packages are available at: http://packages.ntop.org/
>
> On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
>> Thanks,
>>
>>
>> In the meantime, is there a binary repository out there with stable
>> versions in it?
>>
>>
>> It seems like the existing repositories at http://packages.ntop.org/ap
>> t/16.04/? are nightly builds, not stable releases.
>>
>>
>>
>> ------------------------------
>> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unip
>> i.it> on behalf of Simone Mainardi <mainardi@ntop.org>
>> *Sent:* Friday, March 3, 2017 1:06 PM
>> *To:* ntop@unipi.it
>> *Cc:* ntop@listgateway.unipi.it
>> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>>
>> Matt,
>>
>> I was able to reproduce your issue. I've filed an issue that is already
>> being processed. Please follow up here https://github.com/ntop/n
>> topng/issues/1015
>>
>> Simone
>> *This e-mail is intended solely for the addressee. Access to this email
>> by anyone else is unauthorized. If you have received this e-mail in error,
>> please notify the sender immediately, delete the e-mail from your computer
>> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
>> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
>> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
>> action taken or omitted to be taken in reliance on it, is prohibited and
>> may be unlawful. Fourth Dimension is not responsible for any damages caused
>> by your unauthorized use of the materials in this e-mail.
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Using the latest dev build isn’t a viable option until the zmq hosts issue is fixed.

I tried updating before I went back to stable.. it is most definitely NOT fixed.

From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Simone Mainardi
Sent: Tuesday, March 07, 2017 4:45 PM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - now all times = asa reboot time.

Matt,


On Mon, Mar 6, 2017 at 4:48 AM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

?I take that back, the stable version demonstrates a different problem:



It thinks that the current flows, as well as the hosts, are all quite old (over 1 month). In fact, they're all first and last seen on the exact same date and time, down to the second. Every flow, every host...



In fact, the date of all these seems to be the exact date and time that I last rebooted the ASA.



This is weird, since the development branch was tracking the time of flows pretty accurately, it just wasn't tracking hosts at all.

That issue has been fixed. You should get proper handling of time and host tracking if you use the latest dev build.


And both the ASA and host running nprobe/ntopng are very closely syncrhonized in time via ntp.



Is this some kind of configuration issue? or data issue resulting from rolling back versions? (I tried very hard to wipe out everything from the old install, other than the .conf files starting nprobe/ntopng).



Is ASA netflow not really used/supported well? I know it has issues, due to the lack of mid-flow updates and other quirks of the ASA. Would I be better off doing flexible netflow from a Cisco switch? I have sufficient licensing and hardware to support FNF on it, but is switch-based FNF any better than ASA netflow?









________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>>
Sent: Sunday, March 5, 2017 8:29 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..


All seems to be working correctly now that I'm running the stable version.



I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis before it worked correctly, but at least it is up and behaving.







________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>>
Sent: Saturday, March 4, 2017 11:12 AM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

I updated, now running:

four@it:~$ ntopng --version
v.2.5.170304 [Enterprise/Professional Edition]
GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
Pro rev: r975

The hosts issue is not resolved.

Perhaps I should tear-down my install and set up using the repo from apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the un-tagged version was a development branch when I first set up.








________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Saturday, March 4, 2017 8:13 AM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

Thanks,



In the meantime, is there a binary repository out there with stable versions in it?



It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.





________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

Using the latest dev build isn’t a viable option until the zmq hosts issue is fixed.

I tried updating before I went back to stable.. it is most definitely NOT fixed.

From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Simone Mainardi
Sent: Tuesday, March 07, 2017 4:45 PM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - now all times = asa reboot time.

Matt,


On Mon, Mar 6, 2017 at 4:48 AM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

?I take that back, the stable version demonstrates a different problem:



It thinks that the current flows, as well as the hosts, are all quite old (over 1 month). In fact, they're all first and last seen on the exact same date and time, down to the second. Every flow, every host...



In fact, the date of all these seems to be the exact date and time that I last rebooted the ASA.



This is weird, since the development branch was tracking the time of flows pretty accurately, it just wasn't tracking hosts at all.

That issue has been fixed. You should get proper handling of time and host tracking if you use the latest dev build.


And both the ASA and host running nprobe/ntopng are very closely syncrhonized in time via ntp.



Is this some kind of configuration issue? or data issue resulting from rolling back versions? (I tried very hard to wipe out everything from the old install, other than the .conf files starting nprobe/ntopng).



Is ASA netflow not really used/supported well? I know it has issues, due to the lack of mid-flow updates and other quirks of the ASA. Would I be better off doing flexible netflow from a Cisco switch? I have sufficient licensing and hardware to support FNF on it, but is switch-based FNF any better than ASA netflow?









________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>>
Sent: Sunday, March 5, 2017 8:29 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..


All seems to be working correctly now that I'm running the stable version.



I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis before it worked correctly, but at least it is up and behaving.







________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>>
Sent: Saturday, March 4, 2017 11:12 AM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

I updated, now running:

four@it:~$ ntopng --version
v.2.5.170304 [Enterprise/Professional Edition]
GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
Pro rev: r975

The hosts issue is not resolved.

Perhaps I should tear-down my install and set up using the repo from apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the un-tagged version was a development branch when I first set up.








________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Saturday, March 4, 2017 8:13 AM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt, the issue is now fixed, please update.

Stable and dev packages are available at: http://packages.ntop.org/

On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com<mailto:matt.kettler@fourthdim.com>> wrote:

Thanks,



In the meantime, is there a binary repository out there with stable versions in it?



It seems like the existing repositories at http://packages.ntop.org/apt/16.04/? are nightly builds, not stable releases.





________________________________
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> on behalf of Simone Mainardi <mainardi@ntop.org<mailto:mainardi@ntop.org>>
Sent: Friday, March 3, 2017 1:06 PM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Matt,

I was able to reproduce your issue. I've filed an issue that is already being processed. Please follow up here https://github.com/ntop/ntopng/issues/1015

Simone
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.
*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop

*This e-mail is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you have received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Fourth Dimension is not responsible for any damages caused by your unauthorized use of the materials in this e-mail.

Matt,

On Tue, Mar 7, 2017 at 11:29 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:

> Using the latest dev build isn’t a viable option until the zmq hosts issue
> is fixed.
>
>
>
> I tried updating before I went back to stable.. it is most definitely NOT
> fixed.
>

Our latest tests confirm the issue is fixed. If you think there's still
something that is not working properly in the latest dev version, please,
feel free to open an issue on our github so we can track and solve it
quickly.

Thanks,


>
>
> *From:* ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@
> listgateway.unipi.it] *On Behalf Of *Simone Mainardi
> *Sent:* Tuesday, March 07, 2017 4:45 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - now all times =
> asa reboot time.
>
>
>
> Matt,
>
>
>
>
>
> On Mon, Mar 6, 2017 at 4:48 AM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> ?I take that back, the stable version demonstrates a different problem:
>
>
>
> It thinks that the current flows, as well as the hosts, are all quite old
> (over 1 month). In fact, they're all first and last seen on the exact same
> date and time, down to the second. Every flow, every host...
>
>
>
> In fact, the date of all these seems to be the exact date and time that I
> last rebooted the ASA.
>
>
>
> This is weird, since the development branch was tracking the time of flows
> pretty accurately, it just wasn't tracking hosts at all.
>
>
>
> That issue has been fixed. You should get proper handling of time and host
> tracking if you use the latest dev build.
>
>
>
> And both the ASA and host running nprobe/ntopng are very closely
> syncrhonized in time via ntp.
>
>
>
> Is this some kind of configuration issue? or data issue resulting from
> rolling back versions? (I tried very hard to wipe out everything from the
> old install, other than the .conf files starting nprobe/ntopng).
>
>
>
> Is ASA netflow not really used/supported well? I know it has issues, due
> to the lack of mid-flow updates and other quirks of the ASA. Would I be
> better off doing flexible netflow from a Cisco switch? I have sufficient
> licensing and hardware to support FNF on it, but is switch-based FNF any
> better than ASA netflow?
>
>
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Sunday, March 5, 2017 8:29 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> All seems to be working correctly now that I'm running the stable version.
>
>
>
> I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis
> before it worked correctly, but at least it is up and behaving.
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Saturday, March 4, 2017 11:12 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> I updated, now running:
>
>
>
> four@it:~$ ntopng --version
>
> v.2.5.170304 [Enterprise/Professional Edition]
>
> GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
>
> Pro rev: r975
>
>
> The hosts issue is not resolved.
>
>
>
> Perhaps I should tear-down my install and set up using the repo from
> apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the
> un-tagged version was a development branch when I first set up.
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Saturday, March 4, 2017 8:13 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Matt, the issue is now fixed, please update.
>
>
>
> Stable and dev packages are available at: http://packages.ntop.org/
>
>
>
> On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> Thanks,
>
>
>
> In the meantime, is there a binary repository out there with stable
> versions in it?
>
>
>
> It seems like the existing repositories at http://packages.ntop.org/
> apt/16.04/? are nightly builds, not stable releases.
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 1:06 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Matt,
>
>
>
> I was able to reproduce your issue. I've filed an issue that is already
> being processed. Please follow up here https://github.com/ntop/
> ntopng/issues/1015
>
>
>
> Simone
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>