Matt,
On Tue, Mar 7, 2017 at 11:29 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:
> Using the latest dev build isn’t a viable option until the zmq hosts issue
> is fixed.
>
>
>
> I tried updating before I went back to stable.. it is most definitely NOT
> fixed.
>
Our latest tests confirm the issue is fixed. If you think there's still
something that is not working properly in the latest dev version, please,
feel free to open an issue on our github so we can track and solve it
quickly.
Thanks,
>
>
> *From:* ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@
> listgateway.unipi.it] *On Behalf Of *Simone Mainardi
> *Sent:* Tuesday, March 07, 2017 4:45 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - now all times =
> asa reboot time.
>
>
>
> Matt,
>
>
>
>
>
> On Mon, Mar 6, 2017 at 4:48 AM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> ?I take that back, the stable version demonstrates a different problem:
>
>
>
> It thinks that the current flows, as well as the hosts, are all quite old
> (over 1 month). In fact, they're all first and last seen on the exact same
> date and time, down to the second. Every flow, every host...
>
>
>
> In fact, the date of all these seems to be the exact date and time that I
> last rebooted the ASA.
>
>
>
> This is weird, since the development branch was tracking the time of flows
> pretty accurately, it just wasn't tracking hosts at all.
>
>
>
> That issue has been fixed. You should get proper handling of time and host
> tracking if you use the latest dev build.
>
>
>
> And both the ASA and host running nprobe/ntopng are very closely
> syncrhonized in time via ntp.
>
>
>
> Is this some kind of configuration issue? or data issue resulting from
> rolling back versions? (I tried very hard to wipe out everything from the
> old install, other than the .conf files starting nprobe/ntopng).
>
>
>
> Is ASA netflow not really used/supported well? I know it has issues, due
> to the lack of mid-flow updates and other quirks of the ASA. Would I be
> better off doing flexible netflow from a Cisco switch? I have sufficient
> licensing and hardware to support FNF on it, but is switch-based FNF any
> better than ASA netflow?
>
>
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Sunday, March 5, 2017 8:29 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> All seems to be working correctly now that I'm running the stable version.
>
>
>
> I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis
> before it worked correctly, but at least it is up and behaving.
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Saturday, March 4, 2017 11:12 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> I updated, now running:
>
>
>
> four@it:~$ ntopng --version
>
> v.2.5.170304 [Enterprise/Professional Edition]
>
> GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
>
> Pro rev: r975
>
>
> The hosts issue is not resolved.
>
>
>
> Perhaps I should tear-down my install and set up using the repo from
> apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the
> un-tagged version was a development branch when I first set up.
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Saturday, March 4, 2017 8:13 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Matt, the issue is now fixed, please update.
>
>
>
> Stable and dev packages are available at: http://packages.ntop.org/
>
>
>
> On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> Thanks,
>
>
>
> In the meantime, is there a binary repository out there with stable
> versions in it?
>
>
>
> It seems like the existing repositories at http://packages.ntop.org/
> apt/16.04/? are nightly builds, not stable releases.
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 1:06 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Matt,
>
>
>
> I was able to reproduce your issue. I've filed an issue that is already
> being processed. Please follow up here https://github.com/ntop/
> ntopng/issues/1015
>
>
>
> Simone
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
On Tue, Mar 7, 2017 at 11:29 PM, Matt Kettler <matt.kettler@fourthdim.com>
wrote:
> Using the latest dev build isn’t a viable option until the zmq hosts issue
> is fixed.
>
>
>
> I tried updating before I went back to stable.. it is most definitely NOT
> fixed.
>
Our latest tests confirm the issue is fixed. If you think there's still
something that is not working properly in the latest dev version, please,
feel free to open an issue on our github so we can track and solve it
quickly.
Thanks,
>
>
> *From:* ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@
> listgateway.unipi.it] *On Behalf Of *Simone Mainardi
> *Sent:* Tuesday, March 07, 2017 4:45 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - now all times =
> asa reboot time.
>
>
>
> Matt,
>
>
>
>
>
> On Mon, Mar 6, 2017 at 4:48 AM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> ?I take that back, the stable version demonstrates a different problem:
>
>
>
> It thinks that the current flows, as well as the hosts, are all quite old
> (over 1 month). In fact, they're all first and last seen on the exact same
> date and time, down to the second. Every flow, every host...
>
>
>
> In fact, the date of all these seems to be the exact date and time that I
> last rebooted the ASA.
>
>
>
> This is weird, since the development branch was tracking the time of flows
> pretty accurately, it just wasn't tracking hosts at all.
>
>
>
> That issue has been fixed. You should get proper handling of time and host
> tracking if you use the latest dev build.
>
>
>
> And both the ASA and host running nprobe/ntopng are very closely
> syncrhonized in time via ntp.
>
>
>
> Is this some kind of configuration issue? or data issue resulting from
> rolling back versions? (I tried very hard to wipe out everything from the
> old install, other than the .conf files starting nprobe/ntopng).
>
>
>
> Is ASA netflow not really used/supported well? I know it has issues, due
> to the lack of mid-flow updates and other quirks of the ASA. Would I be
> better off doing flexible netflow from a Cisco switch? I have sufficient
> licensing and hardware to support FNF on it, but is switch-based FNF any
> better than ASA netflow?
>
>
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Sunday, March 5, 2017 8:29 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> All seems to be working correctly now that I'm running the stable version.
>
>
>
> I had to rm -rf /var/tmp/ntopng, wack the mysql database, and flush redis
> before it worked correctly, but at least it is up and behaving.
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Matt Kettler <matt.kettler@fourthdim.com>
> *Sent:* Saturday, March 4, 2017 11:12 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> I updated, now running:
>
>
>
> four@it:~$ ntopng --version
>
> v.2.5.170304 [Enterprise/Professional Edition]
>
> GIT rev: dev:e5e6ff6cd851dc6a3abf16e7dda27306b64177c7:20170304
>
> Pro rev: r975
>
>
> The hosts issue is not resolved.
>
>
>
> Perhaps I should tear-down my install and set up using the repo from
> apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the
> un-tagged version was a development branch when I first set up.
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Saturday, March 4, 2017 8:13 AM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Matt, the issue is now fixed, please update.
>
>
>
> Stable and dev packages are available at: http://packages.ntop.org/
>
>
>
> On Fri, Mar 3, 2017 at 10:03 PM, Matt Kettler <matt.kettler@fourthdim.com>
> wrote:
>
> Thanks,
>
>
>
> In the meantime, is there a binary repository out there with stable
> versions in it?
>
>
>
> It seems like the existing repositories at http://packages.ntop.org/
> apt/16.04/? are nightly builds, not stable releases.
>
>
>
>
> ------------------------------
>
> *From:* ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.
> unipi.it> on behalf of Simone Mainardi <mainardi@ntop.org>
> *Sent:* Friday, March 3, 2017 1:06 PM
> *To:* ntop@unipi.it
> *Cc:* ntop@listgateway.unipi.it
> *Subject:* Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..
>
>
>
> Matt,
>
>
>
> I was able to reproduce your issue. I've filed an issue that is already
> being processed. Please follow up here https://github.com/ntop/
> ntopng/issues/1015
>
>
>
> Simone
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> *This e-mail is intended solely for the addressee. Access to this email by
> anyone else is unauthorized. If you have received this e-mail in error,
> please notify the sender immediately, delete the e-mail from your computer
> and do not copy or disclose it to anyone else.* *THE INFORMATION IN THIS
> EMAIL AND ANY ATTACHMENTS CONSTITUTE THE PROPRIETARY INFORMATION OF FOURTH
> DIMENSION ENGINEERING, LLC.* Any disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it, is prohibited and
> may be unlawful. Fourth Dimension is not responsible for any damages caused
> by your unauthorized use of the materials in this e-mail.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>