Mailing List Archive

Simon,

On Thu, Mar 30, 2017 at 5:36 PM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi All,
>
>
>
> Running version
>
> *Version*
>
> 2.4.170215
> <https://github.com/ntop/ntopng/commit/2d9a5131d5fd1107e27c0f7c13acf98ad6fa4680>
> - Pro Small Business Edition
>
>
>
> ntopng --user "root" --pid "/var/run/ntopng.pid" --http-port "80"
> --interface "tcp://127.0.0.1:5000,tcp://127.0.0.1:5001,tcp://127.0.0.1:
> 5002,tcp://127.0.0.1:5003" --interface "tcp://127.0.0.1:5000" --interface
> "tcp://127.0.0.1:5001" --interface "tcp://127.0.0.1:5002" --interface
> "tcp://127.0.0.1:5003" --interface "tcp://127.0.0.1:5004" --interface
> "tcp://127.0.0.1:5005" --max-num-flows "800000" --max-num-hosts "750000"
> --dump-flows "mysql;localhost;ntopng;flows;xxxx;xxxx
>
>
>
> Can see addition to sql database and can see query’s:
>
>
>
> sudo tail /home/mysql/mysql-bin.000691
>
> #ntopngINSERT INTO `flowsv4` (VLAN_ID,L7_PROTO,IP_SRC_ADDR,
> L4_SRC_PORT,IP_DST_ADDR,L4_DST_PORT,PROTOCOL,IN_BYTES,
> OUT_BYTES,PACKETS,FIRST_SWITCHED,LAST_SWITCHED,INFO,
> JSON,NTOPNG_INSTANCE_NAME,INTERFACE_ID,PROFILE) VALUES
> ('0','7','1571720224','80','1367824450','49547','6','
> 165400','0','8320','0','0','',COMPRESS('{ "8": "93.174.140.32", "12":
> "81.135.88.66", "7": 80, "11": 49547, "4": 6, "57590": 7, "57591": "HTTP",
> "6": 16, "2": 8320, "1": 165400, "24": 0, "23": 0, "22": 0, "21": 0,
> "json": "{ \"15\": \"195.66.224.69\", \"10\": \"559\", \"14\": \"561\",
> \"152\": \"1490881913000\", \"153\": \"1490881913000\", \"5\": \"0\",
> \"16\": \"65001\", \"17\": \"2856\", \"9\": \"25\", \"13\": \"12\", \"42\":
> \"1289839\" }", "57595": 0.000000, "57596": 0.000000, "SRC_IP_COUNTRY":
> "GB", "SRC_IP_LOCATION": [ -0.600000, 51.483299 ], "DST_IP_COUNTRY": "GB",
> "DST_IP_LOCATION": [ -0.122400, 51.496399 ],
>
>
>
> However GUI refuses to show any data and behaves like a database isn’t
> connected. Flows doesn’t show under the interface (it disappears on page
> load)
>
>
>
> Running mariadb with innodb engine.
>
>
>
> Have been all the way up to the nightly builds, which then breaks other
> and doesn’t fix historical,
>

We have fixed several issues related to the historical in the nightly
builds. You should move to those versions as we can't support you on the
stable as this is not a security issue. Saying "breaks other and doesn't
fix historical" doesn't help much. Please explain. We should also see error
logs, exceptions, etc. Use our github issue tracker to report any issue and
the steps to reproduce.

this version shows everything we need, I just need some guidance on the
> historical data as, as far as I can see this should work.
>
>
>
> MariaDB [ntopng]> show tables;
>
> +------------------+
>
> | Tables_in_ntopng |
>
> +------------------+
>
> | flowsv4 |
>
> | flowsv6 |
>
>
>
>
>
> Ntopng created the tables once pointed at mysql. Mariadb data has been
> shifted from default location to a different drive.
>
>
>
> Cheers
>
>
>
> Simon
>
>
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Simon,

On Thu, Mar 30, 2017 at 5:36 PM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi All,
>
>
>
> Running version
>
> *Version*
>
> 2.4.170215
> <https://github.com/ntop/ntopng/commit/2d9a5131d5fd1107e27c0f7c13acf98ad6fa4680>
> - Pro Small Business Edition
>
>
>
> ntopng --user "root" --pid "/var/run/ntopng.pid" --http-port "80"
> --interface "tcp://127.0.0.1:5000,tcp://127.0.0.1:5001,tcp://127.0.0.1:
> 5002,tcp://127.0.0.1:5003" --interface "tcp://127.0.0.1:5000" --interface
> "tcp://127.0.0.1:5001" --interface "tcp://127.0.0.1:5002" --interface
> "tcp://127.0.0.1:5003" --interface "tcp://127.0.0.1:5004" --interface
> "tcp://127.0.0.1:5005" --max-num-flows "800000" --max-num-hosts "750000"
> --dump-flows "mysql;localhost;ntopng;flows;xxxx;xxxx
>
>
>
> Can see addition to sql database and can see query’s:
>
>
>
> sudo tail /home/mysql/mysql-bin.000691
>
> #ntopngINSERT INTO `flowsv4` (VLAN_ID,L7_PROTO,IP_SRC_ADDR,
> L4_SRC_PORT,IP_DST_ADDR,L4_DST_PORT,PROTOCOL,IN_BYTES,
> OUT_BYTES,PACKETS,FIRST_SWITCHED,LAST_SWITCHED,INFO,
> JSON,NTOPNG_INSTANCE_NAME,INTERFACE_ID,PROFILE) VALUES
> ('0','7','1571720224','80','1367824450','49547','6','
> 165400','0','8320','0','0','',COMPRESS('{ "8": "93.174.140.32", "12":
> "81.135.88.66", "7": 80, "11": 49547, "4": 6, "57590": 7, "57591": "HTTP",
> "6": 16, "2": 8320, "1": 165400, "24": 0, "23": 0, "22": 0, "21": 0,
> "json": "{ \"15\": \"195.66.224.69\", \"10\": \"559\", \"14\": \"561\",
> \"152\": \"1490881913000\", \"153\": \"1490881913000\", \"5\": \"0\",
> \"16\": \"65001\", \"17\": \"2856\", \"9\": \"25\", \"13\": \"12\", \"42\":
> \"1289839\" }", "57595": 0.000000, "57596": 0.000000, "SRC_IP_COUNTRY":
> "GB", "SRC_IP_LOCATION": [ -0.600000, 51.483299 ], "DST_IP_COUNTRY": "GB",
> "DST_IP_LOCATION": [ -0.122400, 51.496399 ],
>
>
>
> However GUI refuses to show any data and behaves like a database isn’t
> connected. Flows doesn’t show under the interface (it disappears on page
> load)
>
>
>
> Running mariadb with innodb engine.
>
>
>
> Have been all the way up to the nightly builds, which then breaks other
> and doesn’t fix historical,
>

We have fixed several issues related to the historical in the nightly
builds. You should move to those versions as we can't support you on the
stable as this is not a security issue. Saying "breaks other and doesn't
fix historical" doesn't help much. Please explain. We should also see error
logs, exceptions, etc. Use our github issue tracker to report any issue and
the steps to reproduce.

this version shows everything we need, I just need some guidance on the
> historical data as, as far as I can see this should work.
>
>
>
> MariaDB [ntopng]> show tables;
>
> +------------------+
>
> | Tables_in_ntopng |
>
> +------------------+
>
> | flowsv4 |
>
> | flowsv6 |
>
>
>
>
>
> Ntopng created the tables once pointed at mysql. Mariadb data has been
> shifted from default location to a different drive.
>
>
>
> Cheers
>
>
>
> Simon
>
>
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi Simon,

I’ve re-upped to the nightly builds still seeing the same issue, ignore the other issue’s for now it was just complaining about some scripts not being able to load.

I have this from the mysql query log

| 2017-03-31 11:36:02.280200 | root[root] @ localhost [] | 58 | 0 | Query | select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES) AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where FIRST_SWITCHED <= 1490956559 and FIRST_SWITCHED >= 1490952959 AND (NTOPNG_INSTANCE_NAME='n4-wkf-netflow-01.node4.co.uk'OR NTOPNG_INSTANCE_NAME IS NULL) AND (INTERFACE_ID='5') |


If I run this query I get:

+-----------+-----------+-------------+
| TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
+-----------+-----------+-------------+
| 436 | 3089612 | 96320 |

(minus the first switched as I wasn’t logging traffic so I could just capture the query ntop sends)

So there is data there, it just seems unable to pull it into ntopng, I gave it root user in case it was a permissions thing.

Logs within NTOP:

31/Mar/2017 11:29:11 [MySQLDB.cpp:582] Attempting to connect to MySQL for interface tcp://127.0.0.1:5000...
31/Mar/2017 11:29:11 [MySQLDB.cpp:569] Disconnected from MySQL for interface tcp://127.0.0.1:5000...
31/Mar/2017 11:29:11 [MySQLDB.cpp:622] Successfully connected to MySQL [localhost:root] for interface tcp://127.0.0.1:5005

Could it be because I’m running both individual interfaces, and a singular combined as I hope to be able to give customers access to the combined, whilst internally we still need to break down each individual link?

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Hi Simon,

I’ve re-upped to the nightly builds still seeing the same issue, ignore the other issue’s for now it was just complaining about some scripts not being able to load.

I have this from the mysql query log

| 2017-03-31 11:36:02.280200 | root[root] @ localhost [] | 58 | 0 | Query | select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES) AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where FIRST_SWITCHED <= 1490956559 and FIRST_SWITCHED >= 1490952959 AND (NTOPNG_INSTANCE_NAME='n4-wkf-netflow-01.node4.co.uk'OR NTOPNG_INSTANCE_NAME IS NULL) AND (INTERFACE_ID='5') |


If I run this query I get:

+-----------+-----------+-------------+
| TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
+-----------+-----------+-------------+
| 436 | 3089612 | 96320 |

(minus the first switched as I wasn’t logging traffic so I could just capture the query ntop sends)

So there is data there, it just seems unable to pull it into ntopng, I gave it root user in case it was a permissions thing.

Logs within NTOP:

31/Mar/2017 11:29:11 [MySQLDB.cpp:582] Attempting to connect to MySQL for interface tcp://127.0.0.1:5000...
31/Mar/2017 11:29:11 [MySQLDB.cpp:569] Disconnected from MySQL for interface tcp://127.0.0.1:5000...
31/Mar/2017 11:29:11 [MySQLDB.cpp:622] Successfully connected to MySQL [localhost:root] for interface tcp://127.0.0.1:5005

Could it be because I’m running both individual interfaces, and a singular combined as I hope to be able to give customers access to the combined, whilst internally we still need to break down each individual link?

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Simon,

Do you have a valid Pro license? Can you please explain what is the page
that doesn't pull in MySQL data?


Simone

On Fri, Mar 31, 2017 at 1:36 PM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi Simon,
>
>
>
> I’ve re-upped to the nightly builds still seeing the same issue, ignore
> the other issue’s for now it was just complaining about some scripts not
> being able to load.
>
>
>
> I have this from the mysql query log
>
>
>
> | 2017-03-31 11:36:02.280200 <02%20280200> | root[root] @ localhost []
> | 58 | 0 | Query | select COUNT(*) AS TOT_FLOWS,
> SUM(IN_BYTES + OUT_BYTES) AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM
> flowsv4 where FIRST_SWITCHED <= 1490956559 and FIRST_SWITCHED >= 1490952959
> AND (NTOPNG_INSTANCE_NAME='n4-wkf-netflow-01.node4.co.uk'OR
> NTOPNG_INSTANCE_NAME IS NULL) AND (INTERFACE_ID='5') |
>
>
>
>
>
> If I run this query I get:
>
>
>
> +-----------+-----------+-------------+
>
> | TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
>
> +-----------+-----------+-------------+
>
> | 436 | 3089612 | 96320 |
>
>
>
> (minus the first switched as I wasn’t logging traffic so I could just
> capture the query ntop sends)
>
>
>
> So there is data there, it just seems unable to pull it into ntopng, I
> gave it root user in case it was a permissions thing.
>
>
>
> Logs within NTOP:
>
>
>
> 31/Mar/2017 11:29:11 [MySQLDB.cpp:582] Attempting to connect to MySQL for
> interface tcp://127.0.0.1:5000...
> 31/Mar/2017 11:29:11 [MySQLDB.cpp:569] Disconnected from MySQL for
> interface tcp://127.0.0.1:5000...
> 31/Mar/2017 11:29:11 [MySQLDB.cpp:622] Successfully connected to MySQL
> [localhost:root] for interface tcp://127.0.0.1:5005
>
>
>
> Could it be because I’m running both individual interfaces, and a singular
> combined as I hope to be able to give customers access to the combined,
> whilst internally we still need to break down each individual link?
>
>
>
> Cheers
>
>
>
> Simon
>
>
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Simon,

Do you have a valid Pro license? Can you please explain what is the page
that doesn't pull in MySQL data?


Simone

On Fri, Mar 31, 2017 at 1:36 PM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi Simon,
>
>
>
> I’ve re-upped to the nightly builds still seeing the same issue, ignore
> the other issue’s for now it was just complaining about some scripts not
> being able to load.
>
>
>
> I have this from the mysql query log
>
>
>
> | 2017-03-31 11:36:02.280200 <02%20280200> | root[root] @ localhost []
> | 58 | 0 | Query | select COUNT(*) AS TOT_FLOWS,
> SUM(IN_BYTES + OUT_BYTES) AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM
> flowsv4 where FIRST_SWITCHED <= 1490956559 and FIRST_SWITCHED >= 1490952959
> AND (NTOPNG_INSTANCE_NAME='n4-wkf-netflow-01.node4.co.uk'OR
> NTOPNG_INSTANCE_NAME IS NULL) AND (INTERFACE_ID='5') |
>
>
>
>
>
> If I run this query I get:
>
>
>
> +-----------+-----------+-------------+
>
> | TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
>
> +-----------+-----------+-------------+
>
> | 436 | 3089612 | 96320 |
>
>
>
> (minus the first switched as I wasn’t logging traffic so I could just
> capture the query ntop sends)
>
>
>
> So there is data there, it just seems unable to pull it into ntopng, I
> gave it root user in case it was a permissions thing.
>
>
>
> Logs within NTOP:
>
>
>
> 31/Mar/2017 11:29:11 [MySQLDB.cpp:582] Attempting to connect to MySQL for
> interface tcp://127.0.0.1:5000...
> 31/Mar/2017 11:29:11 [MySQLDB.cpp:569] Disconnected from MySQL for
> interface tcp://127.0.0.1:5000...
> 31/Mar/2017 11:29:11 [MySQLDB.cpp:622] Successfully connected to MySQL
> [localhost:root] for interface tcp://127.0.0.1:5005
>
>
>
> Could it be because I’m running both individual interfaces, and a singular
> combined as I hope to be able to give customers access to the combined,
> whilst internally we still need to break down each individual link?
>
>
>
> Cheers
>
>
>
> Simon
>
>
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi Simon,

I believe so, I purchased it a few weeks ago:

Version

2.5.170331<https://github.com/ntop/ntopng/commit/ee2bee7a732c9a074ac1337b175d91a5ac8869fb> - Pro Small Business Edition


It never seems to revert to community, and no matter if I restart I don't get the flows or historical sections working for any period of time(no 10 minute grace).

The historical data explorer will not pull any data, or if I go onto interface, click on graph, then you would normally be able to click flows/ipv4 and get some information there, but neither exists.

It says querying database, then No results found. Please modify your search criteria.

I've grabbed the query from the mysql logs and it looks to be an issue possible with time:

I know the timeset that I put into historical data was logging data as I dropped the database and re-created it effectively:

MariaDB [(none)]> connect ntopng
Connection id: 69
Current database: ntopng

MariaDB [ntopng]> show tables;
Empty set (0.00 sec)

Then after restarting ntopng:

MariaDB [ntopng]> select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES) AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where (NTOPNG_INSTANCE_NAME='xxxxxx'OR NTOPNG_INSTANCE_NAME IS NULL) AND (INTERFACE_ID='4') AND (IP_SRC_ADDR='1403428868' OR IP_DST_ADDR='1403428868');
+-----------+-----------+-------------+
| TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
+-----------+-----------+-------------+
| 0 | NULL | NULL |
+-----------+-----------+-------------+
1 row in set (0.00 sec)

MariaDB [ntopng]> select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES) AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where (NTOPNG_INSTANCE_NAME='xxxxxxx'OR NTOPNG_INSTANCE_NAME IS NULL) AND (INTERFACE_ID='4') AND (IP_SRC_ADDR='1403428868' OR IP_DST_ADDR='1403428868');
+-----------+-----------+-------------+
| TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
+-----------+-----------+-------------+
| 33 | 514196 | 7152 |
+-----------+-----------+-------------+
1 row in set (0.05 sec)

I get nothing on the historical datapage and when I put the timeset(FIRST_SWITCHED <= 1490967005 and FIRST_SWITCHED) in the sql query I get NULL, which I know can't be correct as I dropped the database as above and ensured it was populated for at least 10 minutes (stopped and restarted nprobe as well). So the only data in the database must be from that time period.

Can this due to some timing issue? I had the 47 years old flows on 2.4 stable.

Thanks for your time

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Hi Simon,

I believe so, I purchased it a few weeks ago:

Version

2.5.170331<https://github.com/ntop/ntopng/commit/ee2bee7a732c9a074ac1337b175d91a5ac8869fb> - Pro Small Business Edition


It never seems to revert to community, and no matter if I restart I don't get the flows or historical sections working for any period of time(no 10 minute grace).

The historical data explorer will not pull any data, or if I go onto interface, click on graph, then you would normally be able to click flows/ipv4 and get some information there, but neither exists.

It says querying database, then No results found. Please modify your search criteria.

I've grabbed the query from the mysql logs and it looks to be an issue possible with time:

I know the timeset that I put into historical data was logging data as I dropped the database and re-created it effectively:

MariaDB [(none)]> connect ntopng
Connection id: 69
Current database: ntopng

MariaDB [ntopng]> show tables;
Empty set (0.00 sec)

Then after restarting ntopng:

MariaDB [ntopng]> select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES) AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where (NTOPNG_INSTANCE_NAME='xxxxxx'OR NTOPNG_INSTANCE_NAME IS NULL) AND (INTERFACE_ID='4') AND (IP_SRC_ADDR='1403428868' OR IP_DST_ADDR='1403428868');
+-----------+-----------+-------------+
| TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
+-----------+-----------+-------------+
| 0 | NULL | NULL |
+-----------+-----------+-------------+
1 row in set (0.00 sec)

MariaDB [ntopng]> select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES) AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where (NTOPNG_INSTANCE_NAME='xxxxxxx'OR NTOPNG_INSTANCE_NAME IS NULL) AND (INTERFACE_ID='4') AND (IP_SRC_ADDR='1403428868' OR IP_DST_ADDR='1403428868');
+-----------+-----------+-------------+
| TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
+-----------+-----------+-------------+
| 33 | 514196 | 7152 |
+-----------+-----------+-------------+
1 row in set (0.05 sec)

I get nothing on the historical datapage and when I put the timeset(FIRST_SWITCHED <= 1490967005 and FIRST_SWITCHED) in the sql query I get NULL, which I know can't be correct as I dropped the database as above and ensured it was populated for at least 10 minutes (stopped and restarted nprobe as well). So the only data in the database must be from that time period.

Can this due to some timing issue? I had the 47 years old flows on 2.4 stable.

Thanks for your time

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Hi Simon,


On Fri, Mar 31, 2017 at 4:33 PM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi Simon,
>
>
>
> I believe so, I purchased it a few weeks ago:
>
>
>
> *Version*
>
> 2.5.170331
> <https://github.com/ntop/ntopng/commit/ee2bee7a732c9a074ac1337b175d91a5ac8869fb> -
> Pro Small Business Edition
>
>
>
> It never seems to revert to community, and no matter if I restart I don’t
> get the flows or historical sections working for any period of time(no 10
> minute grace).
>
>
>
> The historical data explorer will not pull any data, or if I go onto
> interface, click on graph, then you would normally be able to click
> flows/ipv4 and get some information there, but neither exists.
>
>
>
> It says querying database, then No results found. Please modify your
> search criteria.
>
>
>
> I’ve grabbed the query from the mysql logs and it looks to be an issue
> possible with time:
>
>
>
> I know the timeset that I put into historical data was logging data as I
> dropped the database and re-created it effectively:
>
>
>
> MariaDB [(none)]> connect ntopng
>
> Connection id: 69
>
> Current database: ntopng
>
>
>
> MariaDB [ntopng]> show tables;
>
> Empty set (0.00 sec)
>
>
>
> Then after restarting ntopng:
>
>
>
> MariaDB [ntopng]> select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES)
> AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where
> (NTOPNG_INSTANCE_NAME='xxxxxx'OR NTOPNG_INSTANCE_NAME IS NULL) AND
> (INTERFACE_ID='4') AND (IP_SRC_ADDR='1403428868' OR
> IP_DST_ADDR='1403428868');
>
> +-----------+-----------+-------------+
>
> | TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
>
> +-----------+-----------+-------------+
>
> | 0 | NULL | NULL |
>
> +-----------+-----------+-------------+
>
> 1 row in set (0.00 sec)
>
>
>
> MariaDB [ntopng]> select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES)
> AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where
> (NTOPNG_INSTANCE_NAME='xxxxxxx'OR NTOPNG_INSTANCE_NAME IS NULL) AND
> (INTERFACE_ID='4') AND (IP_SRC_ADDR='1403428868' OR
> IP_DST_ADDR='1403428868');
>
> +-----------+-----------+-------------+
>
> | TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
>
> +-----------+-----------+-------------+
>
> | 33 | 514196 | 7152 |
>
> +-----------+-----------+-------------+
>
> 1 row in set (0.05 sec)
>
>
>
> I get nothing on the historical datapage and when I put the
> timeset(FIRST_SWITCHED <= 1490967005 and FIRST_SWITCHED) in the sql query I
> get NULL, which I know can’t be correct as I dropped the database as above
> and ensured it was populated for at least 10 minutes (stopped and restarted
> nprobe as well). So the only data in the database must be from that time
> period.
>
>
>
> Can this due to some timing issue? I had the 47 years old flows on 2.4
> stable.
>

Yes, that can be a possible explanation as ntopng uses first and last
switched to query flows in the selected time range. Having 47-years old
flows means that those values are at zero.
Can you please report the exact ntopng (and possibly nProbe) configurations
used?

Thanks

Simone


>
>
> Thanks for your time
>
>
>
> Cheers
>
>
>
> Simon
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi Simon,


On Fri, Mar 31, 2017 at 4:33 PM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi Simon,
>
>
>
> I believe so, I purchased it a few weeks ago:
>
>
>
> *Version*
>
> 2.5.170331
> <https://github.com/ntop/ntopng/commit/ee2bee7a732c9a074ac1337b175d91a5ac8869fb> -
> Pro Small Business Edition
>
>
>
> It never seems to revert to community, and no matter if I restart I don’t
> get the flows or historical sections working for any period of time(no 10
> minute grace).
>
>
>
> The historical data explorer will not pull any data, or if I go onto
> interface, click on graph, then you would normally be able to click
> flows/ipv4 and get some information there, but neither exists.
>
>
>
> It says querying database, then No results found. Please modify your
> search criteria.
>
>
>
> I’ve grabbed the query from the mysql logs and it looks to be an issue
> possible with time:
>
>
>
> I know the timeset that I put into historical data was logging data as I
> dropped the database and re-created it effectively:
>
>
>
> MariaDB [(none)]> connect ntopng
>
> Connection id: 69
>
> Current database: ntopng
>
>
>
> MariaDB [ntopng]> show tables;
>
> Empty set (0.00 sec)
>
>
>
> Then after restarting ntopng:
>
>
>
> MariaDB [ntopng]> select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES)
> AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where
> (NTOPNG_INSTANCE_NAME='xxxxxx'OR NTOPNG_INSTANCE_NAME IS NULL) AND
> (INTERFACE_ID='4') AND (IP_SRC_ADDR='1403428868' OR
> IP_DST_ADDR='1403428868');
>
> +-----------+-----------+-------------+
>
> | TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
>
> +-----------+-----------+-------------+
>
> | 0 | NULL | NULL |
>
> +-----------+-----------+-------------+
>
> 1 row in set (0.00 sec)
>
>
>
> MariaDB [ntopng]> select COUNT(*) AS TOT_FLOWS, SUM(IN_BYTES + OUT_BYTES)
> AS TOT_BYTES, SUM(PACKETS) AS TOT_PACKETS FROM flowsv4 where
> (NTOPNG_INSTANCE_NAME='xxxxxxx'OR NTOPNG_INSTANCE_NAME IS NULL) AND
> (INTERFACE_ID='4') AND (IP_SRC_ADDR='1403428868' OR
> IP_DST_ADDR='1403428868');
>
> +-----------+-----------+-------------+
>
> | TOT_FLOWS | TOT_BYTES | TOT_PACKETS |
>
> +-----------+-----------+-------------+
>
> | 33 | 514196 | 7152 |
>
> +-----------+-----------+-------------+
>
> 1 row in set (0.05 sec)
>
>
>
> I get nothing on the historical datapage and when I put the
> timeset(FIRST_SWITCHED <= 1490967005 and FIRST_SWITCHED) in the sql query I
> get NULL, which I know can’t be correct as I dropped the database as above
> and ensured it was populated for at least 10 minutes (stopped and restarted
> nprobe as well). So the only data in the database must be from that time
> period.
>
>
>
> Can this due to some timing issue? I had the 47 years old flows on 2.4
> stable.
>

Yes, that can be a possible explanation as ntopng uses first and last
switched to query flows in the selected time range. Having 47-years old
flows means that those values are at zero.
Can you please report the exact ntopng (and possibly nProbe) configurations
used?

Thanks

Simone


>
>
> Thanks for your time
>
>
>
> Cheers
>
>
>
> Simon
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi Simone,

Ntopng config:

ntopng --user "root" --pid "/var/run/ntopng.pid" --http-port "80" --interface "tcp://127.0.0.1:5000,tcp://127.0.0.1:5001,tcp://127.0.0.1:5002,tcp://127.0.0.1:5003" --interface "tcp://127.0.0.1:5000" --interface "tcp://127.0.0.1:5001" --interface "tcp://127.0.0.1:5002" --interface "tcp://127.0.0.1:5003" --interface "tcp://127.0.0.1:5004" --interface "tcp://127.0.0.1:5005" --max-num-flows "800000" --max-num-hosts "750000" --dump-flows "mysql;localhost;ntopng;flows;xxx:xxx"

I made it root In case it was a permisions thing, I’ll revert once working.

nProbe configs:

nprobe -G -i none -n none -3 9990 --zmq tcp://*:5004 -u 1 -Q 2 -V 9 --collector-sampling-rate 1000
nprobe -G -i none -n none -3 9991 --zmq tcp://*:5005 -u 1 -Q 2 -V 9 --collector-sampling-rate 1000
nprobe -G -i none -n none -3 9996 --zmq tcp://*:5000 -V 10 -u 1 -Q 2 --collector-sample-rate 10
nprobe -G -i none -n none -3 9997 --zmq tcp://*:5001 -V 10 -u 1 -Q 2 --collector-sample-rate 2000 --sample-rate @40:1
nprobe -G -i none -n none -3 9998 --zmq tcp://*:5002 -V 10 -u 1 -Q 2 --sample-rate @40:1 --collector-sample-rate 2000

On 2.4 we had the 47 years issue, but could see flows. On Dev we can’t see flows on the flows screen. Historic data didn’t work on either.

I’m combining multiple nprobe interfaces into 1 interface on ntopng, but as the sql query includes an interface ID I wouldn’t expect this to cause any issues?

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Hi Simone,

Ntopng config:

ntopng --user "root" --pid "/var/run/ntopng.pid" --http-port "80" --interface "tcp://127.0.0.1:5000,tcp://127.0.0.1:5001,tcp://127.0.0.1:5002,tcp://127.0.0.1:5003" --interface "tcp://127.0.0.1:5000" --interface "tcp://127.0.0.1:5001" --interface "tcp://127.0.0.1:5002" --interface "tcp://127.0.0.1:5003" --interface "tcp://127.0.0.1:5004" --interface "tcp://127.0.0.1:5005" --max-num-flows "800000" --max-num-hosts "750000" --dump-flows "mysql;localhost;ntopng;flows;xxx:xxx"

I made it root In case it was a permisions thing, I’ll revert once working.

nProbe configs:

nprobe -G -i none -n none -3 9990 --zmq tcp://*:5004 -u 1 -Q 2 -V 9 --collector-sampling-rate 1000
nprobe -G -i none -n none -3 9991 --zmq tcp://*:5005 -u 1 -Q 2 -V 9 --collector-sampling-rate 1000
nprobe -G -i none -n none -3 9996 --zmq tcp://*:5000 -V 10 -u 1 -Q 2 --collector-sample-rate 10
nprobe -G -i none -n none -3 9997 --zmq tcp://*:5001 -V 10 -u 1 -Q 2 --collector-sample-rate 2000 --sample-rate @40:1
nprobe -G -i none -n none -3 9998 --zmq tcp://*:5002 -V 10 -u 1 -Q 2 --sample-rate @40:1 --collector-sample-rate 2000

On 2.4 we had the 47 years issue, but could see flows. On Dev we can’t see flows on the flows screen. Historic data didn’t work on either.

I’m combining multiple nprobe interfaces into 1 interface on ntopng, but as the sql query includes an interface ID I wouldn’t expect this to cause any issues?

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Hi Simon,

On Mon, Apr 3, 2017 at 11:38 AM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi Simone,
>
>
>
> Ntopng config:
>
>
>
> ntopng --user "root" --pid "/var/run/ntopng.pid" --http-port "80"
> --interface "tcp://127.0.0.1:5000,tcp://127.0.0.1:5001,tcp://127.0.0.1:
> 5002,tcp://127.0.0.1:5003"
>

the above part of the configuration is not OK. If you want to combine
multiple interfaces into one, prepend a "view:" string, i.e.,

view:tcp://127.0.0.1:5000,tcp://127.0.0.1:5001,tcp://127.0.0.1:5002,tcp://
127.0.0.1:5003


> --interface "tcp://127.0.0.1:5000" --interface "tcp://127.0.0.1:5001"
> --interface "tcp://127.0.0.1:5002" --interface "tcp://127.0.0.1:5003"
> --interface "tcp://127.0.0.1:5004" --interface "tcp://127.0.0.1:5005"
> --max-num-flows "800000" --max-num-hosts "750000" --dump-flows
> "mysql;localhost;ntopng;flows;xxx:xxx"
>
>
>
> I made it root In case it was a permisions thing, I’ll revert once working.
>
>
>
> nProbe configs:
>
>
>
> nprobe -G -i none -n none -3 9990 --zmq tcp://*:5004 -u 1 -Q 2 -V 9
> --collector-sampling-rate 1000
>
> nprobe -G -i none -n none -3 9991 --zmq tcp://*:5005 -u 1 -Q 2 -V 9
> --collector-sampling-rate 1000
>
> nprobe -G -i none -n none -3 9996 --zmq tcp://*:5000 -V 10 -u 1 -Q 2
> --collector-sample-rate 10
>
> nprobe -G -i none -n none -3 9997 --zmq tcp://*:5001 -V 10 -u 1 -Q 2
> --collector-sample-rate 2000 --sample-rate @40:1
>
> nprobe -G -i none -n none -3 9998 --zmq tcp://*:5002 -V 10 -u 1 -Q 2
> --sample-rate @40:1 --collector-sample-rate 2000
>
>
>

you don't need -V here as the version is determined from the netflow
packets.


> On 2.4 we had the 47 years issue, but could see flows. On Dev we can’t see
> flows on the flows screen. Historic data didn’t work on either.
>
>
>
> I’m combining multiple nprobe interfaces into 1 interface on ntopng, but
> as the sql query includes an interface ID I wouldn’t expect this to cause
> any issues?
>

can you check if flows are properly stored for non-view interfaces?




>
>
> Cheers
>
>
>
> Simon
>
>
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi Simon,

On Mon, Apr 3, 2017 at 11:38 AM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi Simone,
>
>
>
> Ntopng config:
>
>
>
> ntopng --user "root" --pid "/var/run/ntopng.pid" --http-port "80"
> --interface "tcp://127.0.0.1:5000,tcp://127.0.0.1:5001,tcp://127.0.0.1:
> 5002,tcp://127.0.0.1:5003"
>

the above part of the configuration is not OK. If you want to combine
multiple interfaces into one, prepend a "view:" string, i.e.,

view:tcp://127.0.0.1:5000,tcp://127.0.0.1:5001,tcp://127.0.0.1:5002,tcp://
127.0.0.1:5003


> --interface "tcp://127.0.0.1:5000" --interface "tcp://127.0.0.1:5001"
> --interface "tcp://127.0.0.1:5002" --interface "tcp://127.0.0.1:5003"
> --interface "tcp://127.0.0.1:5004" --interface "tcp://127.0.0.1:5005"
> --max-num-flows "800000" --max-num-hosts "750000" --dump-flows
> "mysql;localhost;ntopng;flows;xxx:xxx"
>
>
>
> I made it root In case it was a permisions thing, I’ll revert once working.
>
>
>
> nProbe configs:
>
>
>
> nprobe -G -i none -n none -3 9990 --zmq tcp://*:5004 -u 1 -Q 2 -V 9
> --collector-sampling-rate 1000
>
> nprobe -G -i none -n none -3 9991 --zmq tcp://*:5005 -u 1 -Q 2 -V 9
> --collector-sampling-rate 1000
>
> nprobe -G -i none -n none -3 9996 --zmq tcp://*:5000 -V 10 -u 1 -Q 2
> --collector-sample-rate 10
>
> nprobe -G -i none -n none -3 9997 --zmq tcp://*:5001 -V 10 -u 1 -Q 2
> --collector-sample-rate 2000 --sample-rate @40:1
>
> nprobe -G -i none -n none -3 9998 --zmq tcp://*:5002 -V 10 -u 1 -Q 2
> --sample-rate @40:1 --collector-sample-rate 2000
>
>
>

you don't need -V here as the version is determined from the netflow
packets.


> On 2.4 we had the 47 years issue, but could see flows. On Dev we can’t see
> flows on the flows screen. Historic data didn’t work on either.
>
>
>
> I’m combining multiple nprobe interfaces into 1 interface on ntopng, but
> as the sql query includes an interface ID I wouldn’t expect this to cause
> any issues?
>

can you check if flows are properly stored for non-view interfaces?




>
>
> Cheers
>
>
>
> Simon
>
>
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi Simone,

Removing the –V from the nprobe configuration has fixed all the historical flows, I assumed it was needed because of (and 2.4 seemed to require it?):

05/Apr/2017 11:06:07 [nprobe.c:8197] Please use -V to set the version to other than NetFlow V5

And we are running IPFIX on some and netflow v9 on others.

Also an interesting change between 2.4 build and 2.5 is that our bandwidth util is way off. In 2.4 the commands:

--collector-sample-rate 2000 --sample-rate @40:1

Were enough to get the traffic levels to match SNMP bandwidth util. In 2.5 this isn’t the case and they are about 10% of 2.4 and real levels.

Any idea how I can rectify this?

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Hi Simone,

Removing the –V from the nprobe configuration has fixed all the historical flows, I assumed it was needed because of (and 2.4 seemed to require it?):

05/Apr/2017 11:06:07 [nprobe.c:8197] Please use -V to set the version to other than NetFlow V5

And we are running IPFIX on some and netflow v9 on others.

Also an interesting change between 2.4 build and 2.5 is that our bandwidth util is way off. In 2.4 the commands:

--collector-sample-rate 2000 --sample-rate @40:1

Were enough to get the traffic levels to match SNMP bandwidth util. In 2.5 this isn’t the case and they are about 10% of 2.4 and real levels.

Any idea how I can rectify this?

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Hi,

On Wed, Apr 5, 2017 at 12:55 PM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi Simone,
>
>
>
> Removing the –V from the nprobe configuration has fixed all the historical
> flows,
>

I'm glad the suggestion helped


> I assumed it was needed because of (and 2.4 seemed to require it?):
>
>
>
> 05/Apr/2017 11:06:07 [nprobe.c:8197] Please use -V to set the version to
> other than NetFlow V5
>
>
>
> And we are running IPFIX on some and netflow v9 on others.
>

nProbe is able to transparently harmonize the different versions


>
>
> Also an interesting change between 2.4 build and 2.5 is that our bandwidth
> util is way off. In 2.4 the commands:
>
>
>
> --collector-sample-rate 2000 --sample-rate @40:1
>
>
>
> Were enough to get the traffic levels to match SNMP bandwidth util. In 2.5
> this isn’t the case and they are about 10% of 2.4 and real levels.
>
>
>
> Any idea how I can rectify this?
>

--collector-sample-rate: scales up netflow sent/received bytes/packets. In
other words IN_BYTES, IN_PACKETS, OUT_BYTES, OUT_PACKETS will be multiplied
by collector-sample-rate

--sample-rate will sample packets (I don't think you need it as you are
receiving netflow) and flows (I don't think you need this either as you
want all the flows to be output)


>
>
> Cheers
>
>
>
> Simon
>
>
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi,

On Wed, Apr 5, 2017 at 12:55 PM, Simon Bell <S.Bell@node4.co.uk> wrote:

> Hi Simone,
>
>
>
> Removing the –V from the nprobe configuration has fixed all the historical
> flows,
>

I'm glad the suggestion helped


> I assumed it was needed because of (and 2.4 seemed to require it?):
>
>
>
> 05/Apr/2017 11:06:07 [nprobe.c:8197] Please use -V to set the version to
> other than NetFlow V5
>
>
>
> And we are running IPFIX on some and netflow v9 on others.
>

nProbe is able to transparently harmonize the different versions


>
>
> Also an interesting change between 2.4 build and 2.5 is that our bandwidth
> util is way off. In 2.4 the commands:
>
>
>
> --collector-sample-rate 2000 --sample-rate @40:1
>
>
>
> Were enough to get the traffic levels to match SNMP bandwidth util. In 2.5
> this isn’t the case and they are about 10% of 2.4 and real levels.
>
>
>
> Any idea how I can rectify this?
>

--collector-sample-rate: scales up netflow sent/received bytes/packets. In
other words IN_BYTES, IN_PACKETS, OUT_BYTES, OUT_PACKETS will be multiplied
by collector-sample-rate

--sample-rate will sample packets (I don't think you need it as you are
receiving netflow) and flows (I don't think you need this either as you
want all the flows to be output)


>
>
> Cheers
>
>
>
> Simon
>
>
>
>
> Simon Bell
> ------------------------------
> Core Network Architect
>
> ddi. *0845 123 2229*
> t. *0845 123 2222*
> e. *S.Bell@node4.co.uk <S.Bell@node4.co.uk>* *Wakefield Office*
> Node4 Ltd, Pope Street,
> Normanton, Wakefield, WF6 2TA
>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
>
> [image: Visit www.node4.co.uk] <http://www.node4.co.uk>
> [image: Visit Node4 on Twitter] <http://www.twitter.co.uk/Node4Ltd>
> [image: Visit Node4 on Linkedin]
> <https://www.linkedin.com/company/node4-ltd>
> [image: Visit Node4 on Facebook] <http://www.facebook.com/Node4>
>
>
>
>
> <http://www.node4.co.uk/blog/how-a-visit-to-cisco-inspired-the-node4-mobile-solution-centre/>
>
>
> Node4 Limited is registered in England No: 04759927 and has its registered
> office at Millennium Way, Pride Park, Derby, DE24 8HZ
> The information contained in this email is confidential and is intended
> for the exclusive use of the email addressee shown.
> If you are not the addressee, any disclosure, reproduction, distribution
> or other dissemination or use of this communication is strictly prohibited.
> If you have received this mail in error, please notify our mail manager at
> abuse@node4.co.uk and delete it from your system.
> Opinions expressed in this email are those of the individual not the
> company, unless specifically indicated to that effect.
> ------------------------------
> This email has been scanned by Node4's Email Security System.
> ------------------------------
> This email message has been delivered safely and archived online by
> Mimecast.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi Simon,

Is there a max limit on –collector-sample-rate?

I am sampling 1 in 2000 on my collector, but once I get to

--collector-sample-rate 1000

Anything above that makes little to no difference. Without it traffic shows about 2.5Mb/s, actual is about 2.5Gb/s. I’ve tried 1000,2000,20000, all seem to leave me maxed at around 50-100Mb.

Thanks for your time

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.

Hi Simon,

Is there a max limit on –collector-sample-rate?

I am sampling 1 in 2000 on my collector, but once I get to

--collector-sample-rate 1000

Anything above that makes little to no difference. Without it traffic shows about 2.5Mb/s, actual is about 2.5Gb/s. I’ve tried 1000,2000,20000, all seem to leave me maxed at around 50-100Mb.

Thanks for your time

Cheers

Simon

Simon Bell
Core Network Architect

Node4 Ltd. Pope Street, Normanton, Wakefield, WF6 2TA.
ddi. 0845 123 2229 | t. 0845 123 2222
e. S.Bell@node4.co.uk



Node4 Limited is registered in England No: 04759927 and has its registered office at Millennium Way, Pride Park, Derby, DE24 8HZ
The information contained in this email is confidential and is intended for the exclusive use of the email addressee shown.
If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited.
If you have received this mail in error, please notify our mail manager at abuse@node4.co.uk and delete it from your system.
Opinions expressed in this email are those of the individual not the company, unless specifically indicated to that effect.

This email has been scanned inbound by Node4's Email Security System.

This email message has been delivered safely and archived online by Mimecast.