Hi Emanuele,
Thanks for your reply, after upgrade my install to the devel version and remove the data directory and the mysql tables, now ntopng don't shows traffic :(
Now in nprobe, I need to specify the flow version?
nprobe start log:
10/Apr/2017 09:22:02 [nprobe.c:3615] Valid nProbe license found
10/Apr/2017 09:22:02 [nprobe.c:5489] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
10/Apr/2017 09:22:02 [nprobe.c:5492] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
10/Apr/2017 09:22:02 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
10/Apr/2017 09:22:02 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 (jessie)
10/Apr/2017 09:22:02 [nprobe.c:5612] [LICENSE] nProbe SystemId:
10/Apr/2017 09:22:02 [nprobe.c:5726] Sample rate [packet: 1][flow: 1]
10/Apr/2017 09:22:02 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for x86_64-unknown-linux-gnu
10/Apr/2017 09:22:02 [nprobe.c:7046] WARNING: Adding %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector
10/Apr/2017 09:22:02 [plugin.c:1068] 0 plugin(s) enabled
10/Apr/2017 09:22:02 [nprobe.c:7575] Non IPv4/v6 traffic is discarded according to the template
10/Apr/2017 09:22:02 [util.c:430] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
10/Apr/2017 09:22:02 [util.c:441] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
10/Apr/2017 09:22:02 [nprobe.c:8224] IPv6 traffic will NOT be exported/accounted by this probe
10/Apr/2017 09:22:02 [nprobe.c:8225] due to configuration options (e.g. use NetFlow v9)
10/Apr/2017 09:22:02 [nprobe.c:8226] Please use -V to set the version to other than NetFlow V5
10/Apr/2017 09:22:02 [nprobe.c:8379] Not capturing packet from interface (collector mode)
10/Apr/2017 09:22:02 [util.c:4127] Initializing ZMQ as server
10/Apr/2017 09:22:02 [util.c:4170] Succesfully created ZMQ endpoint tcp://127.0.0.1:5556
10/Apr/2017 09:22:02 [util.c:3216] nProbe changed user to 'nobody'
10/Apr/2017 09:22:02 [collect.c:143] Flow collector listening on port 2055 (IPv4/v6)
10/Apr/2017 09:22:02 [nprobe.c:8605] nProbe started successfully
Ok, the same but with -V 9 for netflowv9 and ipfix:
10/Apr/2017 09:26:26 [nprobe.c:5591] Welcome to nProbe v.7.5.170410 ($Revision: 5721 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration
10/Apr/2017 09:26:26 [nprobe.c:5601] Running on Debian GNU/Linux 8.2 (jessie)
10/Apr/2017 09:26:26 [nprobe.c:5612] [LICENSE] nProbe SystemId:
10/Apr/2017 09:26:26 [nprobe.c:5726] Sample rate [packet: 1][flow: 1]
10/Apr/2017 09:26:26 [nprobe.c:8048] Welcome to nProbe v.7.5.170410 for x86_64-unknown-linux-gnu
10/Apr/2017 09:26:26 [nprobe.c:7118] You selected v9/IPFIX without specifying a template (-T).
10/Apr/2017 09:26:26 [nprobe.c:7119] The default template will be used
10/Apr/2017 09:26:26 [nprobe.c:7124] Using NetFlow Packet Payload Len: 1472
10/Apr/2017 09:26:26 [nprobe.c:7046] WARNING: Adding %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector
10/Apr/2017 09:26:26 [plugin.c:1068] 0 plugin(s) enabled
10/Apr/2017 09:26:26 [nprobe.c:7545] Each flow is 105 bytes long
10/Apr/2017 09:26:26 [nprobe.c:7546] The # flows per packet has been set to 13
10/Apr/2017 09:26:26 [nprobe.c:7549] IP TOS is accounted
10/Apr/2017 09:26:26 [nprobe.c:7575] Non IPv4/v6 traffic is discarded according to the template
10/Apr/2017 09:26:26 [util.c:430] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
10/Apr/2017 09:26:26 [util.c:441] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
10/Apr/2017 09:26:26 [nprobe.c:8379] Not capturing packet from interface (collector mode)
10/Apr/2017 09:26:26 [util.c:4127] Initializing ZMQ as server
10/Apr/2017 09:26:26 [util.c:4170] Succesfully created ZMQ endpoint tcp://127.0.0.1:5556
10/Apr/2017 09:26:26 [util.c:3216] nProbe changed user to 'nobody'
10/Apr/2017 09:26:26 [collect.c:143] Flow collector listening on port 2055 (IPv4/v6)
10/Apr/2017 09:26:26 [nprobe.c:8605] nProbe started successfully
ntopng dashboard… nothing:
https://i.dmtinc.cl/image/4uv <
https://i.dmtinc.cl/image/4uv>
Version 2.5.170410 - Pro Small Business Edition
Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 bit
Startup Line ntopng --pid "/var/tmp/ntopng.pid" --daemon "" --interface "tcp://127.0.0.1:5556" --data-dir "/data/ntopng" --http-port "3000" --max-num-hosts "300000" --local-networks "138.xxx.xx.0/xx" --dump-flows "mysql;localhost;ntop;flows;ntop;xxxxx"
Last Log Trace 10/Apr/2017 09:27:37 [MySQLDB.cpp:622] Successfully connected to MySQL [localhost:ntop] for interface tcp://127.0.0.1:5556
10/Apr/2017 09:27:37 [MySQLDB.cpp:582] Attempting to connect to MySQL for interface tcp://127.0.0.1:5556...
10/Apr/2017 09:27:37 [NetworkInterface.cpp:1931] Started packet polling on interface tcp://127.0.0.1:5556 [id: 0]...
10/Apr/2017 09:27:37 [AddressTree.cpp:171] [AddressTree] 138.xxx.xxx.0/xxx
10/Apr/2017 09:27:37 [Ntop.cpp:614] Local Networks
10/Apr/2017 09:27:37 [Ntop.cpp:612] Local Interface Addresses (System Host)
10/Apr/2017 09:27:37 [NtopPro.cpp:300] [LICENSE] Maintenance is available until Thu Mar 22 12:28:01 2018 [346 days left]
10/Apr/2017 09:27:37 [NtopPro.cpp:279] [LICENSE] ntopng license: xxxxxx
10/Apr/2017 09:27:37 [NtopPro.cpp:268] [LICENSE] ntopng systemId: xxxxxxxxxxx
10/Apr/2017 09:27:37 [PeriodicActivities.cpp:56] Started periodic activities loop...
10/Apr/2017 09:27:37 [Ntop.cpp:297] Built on Debian GNU/Linux 8.2 (jessie)
10/Apr/2017 09:27:37 [Ntop.cpp:292] Welcome to ntopng x86_64 v.2.5.170410 - (C) 1998-17 ntop.org
10/Apr/2017 09:27:37 [main.cpp:313] Scripts/HTML pages directory: /usr/share/ntopng
10/Apr/2017 09:27:37 [main.cpp:311] Working directory: /data/ntopng
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table flowsv6: changing OUT_BYTES data type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table flowsv6: changing IN_BYTES data type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table flowsv4: changing OUT_BYTES data type to unsigned int.
10/Apr/2017 09:27:37 [MySQLDB.cpp:370] MySQL schema update. Altering table flowsv4: changing IN_BYTES data type to unsigned int.
10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering table flowsv6: changing engine from InnoDB to MyISAM.
10/Apr/2017 09:27:36 [MySQLDB.cpp:342] MySQL schema update. Altering table flowsv4: changing engine from InnoDB to MyISAM.
10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering table flowsv6: renaming BYTES to IN_BYTES and adding OUT_BYTES
10/Apr/2017 09:27:36 [MySQLDB.cpp:314] MySQL schema update. Altering table flowsv4: renaming BYTES to IN_BYTES and adding OUT_BYTES
10/Apr/2017 09:27:34 [MySQLDB.cpp:622] Successfully connected to MySQL [localhost:ntop] for interface tcp://127.0.0.1:5556
10/Apr/2017 09:27:34 [MySQLDB.cpp:582] Attempting to connect to MySQL for interface tcp://127.0.0.1:5556...
10/Apr/2017 09:27:34 [HTTPserver.cpp:772] HTTP server listening on port(s) 3000
10/Apr/2017 09:27:34 [HTTPserver.cpp:769] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
10/Apr/2017 09:27:34 [Utils.cpp:368] User changed to nobody
10/Apr/2017 09:27:34 [HTTPserver.cpp:723] Please read
https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable S
nothing on mysql:
MariaDB [ntop]> select count(*) flowsv4;
+---------+
| flowsv4 |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
MariaDB [ntop]> select count(*) flowsv6;
+---------+
| flowsv6 |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
MariaDB [ntop]>
nprobe log on stop:
10/Apr/2017 09:32:04 [nprobe.c:2867] Processed packets: 0 (max bucket search: 0)
10/Apr/2017 09:32:04 [nprobe.c:2850] Fragment queue length: 0
10/Apr/2017 09:32:04 [nprobe.c:2876] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent]
10/Apr/2017 09:32:04 [nprobe.c:2883] Flow collection: [collected pkts: 5277][processed flows: 75120]
10/Apr/2017 09:32:04 [nprobe.c:2886] Flow drop stats: [0 bytes/0 pkts][0 flows]
10/Apr/2017 09:32:04 [nprobe.c:2891] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent]
nprobe config:
-i none
-n none
--daemon-mode
-V 9 (added this option after upgrade)
--no-promisc
--zmq tcp://127.0.0.1:5556
—collector-port 2055
and i dont know what to do now
Regards
Roberto
> On Apr 10, 2017, at 04:17, Emanuele Faranda <faranda@ntop.org> wrote:
>
> Hi Roberto,
>
> The issue is likely solved in the 2.5 version of ntopng.
>
> Since we are migrating towards the 2.6 release, if you can afford to lose your current ntopng collected data, I suggest you to install the 2.5 version of ntopng which, at the current time, should be stable enough for use.
>
> For the update to the 2.5 version, please be sure to:
>
> - flush redis with "redis-cli flushall"
>
> - remove the ntopng data directory "rm -rf /data/ntopng"
>
> - update nprobe too
>
> Regards,
> Emanuele
>
>
> On 04/10/2017 03:23 AM, Roberto Alvarado wrote:
>> Hi,
>>
>> I have this problem, when I open a host detail, the first and last seen date are from 1970:
>>
>> First / Last Seen 01/01/1970 18:07:04 [.47 years, 107 days, 15 hours, 10 min, 44 sec ago] 25/03/1970 03:33:32 [.47 years, 25 days, 5 hours, 44 min, 16 sec ago]
>>
>>
>> Do you know how to fix this???
>>
>> Debian Jessie
>>
>> root@mhost:~# date
>> Fri Apr 7 09:22:13 -03 2017
>> root@mhost:~#
>>
>> My config:
>>
>> ntopng:
>>
>>
>> Version 2.4.170215 - Pro Small Business Edition
>> Platform Debian 8.2 [x86_64][Debian GNU/Linux 8.2 (jessie)] - 64 bit
>> Startup Line ntopng —pid “/var/tmp/ntopng.pid" --daemon "" --interface "tcp://127.0.0.1:5556" --data-dir "/data/ntopng" --http-port "3000" --local-networks "138.xxx.xxxx.0/22" --dump-flows "mysql;localhost;ntop;flows;ntop;xxxxxxx"
>>
>> nprobe:
>>
>> -i none
>> -n none
>> --daemon-mode
>> --num-threads 1
>> --no-promisc
>> --zmq tcp://127.0.0.1:5556
>> --collector-port 2055
>>
>>
>> Thanks!
>>
>> Regards
>> Robertp
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop