Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
Need some conceptual guidance with sending flows to ntopng
boyan.biandov at ikipple
Apr 15, 2017, 11:56 AM
Post #1 of 8 (1080 views)
Permalink
Hi everyone,


I'm running ntopng 2.4.170215 - Pro Small Business Edition; all is well and I'm very impressed. My question becomes relevant when I send flows from other devices to ntopng. By other devices I mean physical devices which collect flows locally via their physical interfaces and then export flows to ntopng over the network.

Currently ntopng listens to 2 interfaces which are physically local to the VM where ntopng runs on: one is the localhost and the other is en Ethernet ens32 interface. When I send flows from remote devices the flows data gets "merged" into the ens32 interface as if the flow data was captured there. That of course isn't accurate.

How do I configure more interfaces (and those will all be remote interfaces) show up in the list box (shown below) so that I know where the flow was captured -- by where I mean which physical device reported to flow to ntopng?

Attached Files:

Re: Need some conceptual guidance with sending flows to ntopng [ In reply to ]
deri at ntop
Apr 15, 2017, 12:47 PM
Post #2 of 8 (1080 views)
Permalink
Hi Boyan
you will be even more impressed if you use the development version of ntopng that implements many more features.

In order to configure new interfaces you can do that using the -i command line flag

Regards Luca

> On 15 Apr 2017, at 20:56, Boyan Biandov <boyan.biandov@ikipple.com> wrote:
>
> Hi everyone,
>
> I'm running ntopng 2.4.170215 - Pro Small Business Edition; all is well and I'm very impressed. My question becomes relevant when I send flows from other devices to ntopng. By other devices I mean physical devices which collect flows locally via their physical interfaces and then export flows to ntopng over the network.
>
> Currently ntopng listens to 2 interfaces which are physically local to the VM where ntopng runs on: one is the localhost and the other is en Ethernet ens32 interface. When I send flows from remote devices the flows data gets "merged" into the ens32 interface as if the flow data was captured there. That of course isn't accurate.
>
> How do I configure more interfaces (and those will all be remote interfaces) show up in the list box (shown below) so that I know where the flow was captured -- by where I mean which physical device reported to flow to ntopng?
>
> <ntopng.png>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Need some conceptual guidance with sending flows to ntopng [ In reply to ]
boyan.biandov at ikipple
Apr 17, 2017, 10:11 AM
Post #3 of 8 (1076 views)
Permalink
Thanks Luca,

Actually adding a new interface wouldn&#39;t do it for me; I am looking for a way to tell which device reported a specific flow. Since I have multiple devices exporting flows to ntopng all of the flow data gets aggregated by ntopng since it arrives at the same interface - the eth0 of the VM where ntopng is running.

However that doesn&#39;t mean that most of the flows were captured at that interface -- the flows were reported by other devices and the traffic just arrive at the same interface of ntopng. So is there way to tell who reported a flow by looking at the flow record on the dashboard?

I can&#39;t find a place which shows that? Certainly ntopng has that information somewhere?


Thank you

~B


On April 15, 2017 at 12:47 PM Luca Deri &#60;deri@ntop.org&#62; wrote:

Hi Boyanyou will be even more impressed if you use the development version of ntopng that implements many more features.
In order to configure new interfaces you can do that using the -i command line flag
Regards Luca
On 15 Apr 2017, at 20:56, Boyan Biandov &#60;boyan.biandov@ikipple.com&#62; wrote:


Hi everyone,


I&#39;m running ntopng&#160;2.4.170215 - Pro Small Business Edition; all is well and I&#39;m very impressed. My question becomes relevant when I send flows from other devices to ntopng. By other devices I mean physical devices which collect flows locally via their physical interfaces and then export flows to ntopng over the network.

Currently ntopng listens to 2 interfaces which are physically local to the VM where ntopng runs on: one is the localhost and the other is en Ethernet ens32 interface. When I send flows from remote devices the flows data gets &#34;merged&#34; into the ens32 interface as if the flow data was&#160;captured&#160;there. That of course isn&#39;t accurate.

How do I configure more interfaces (and those will all be remote interfaces) show up in the list box (shown below) so that I know where the flow was captured -- by where I mean which physical device reported to flow to ntopng?

&#60;ntopng.png&#62;
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop




&#160;
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Need some conceptual guidance with sending flows to ntopng [ In reply to ]
faranda at ntop
Apr 18, 2017, 2:22 AM
Post #4 of 8 (1073 views)
Permalink
Hi Boyan,
please check out the "Dynamic Flow Collection Interfaces" option into
the ntopng advanced preferences.

If you set the preference to "Probe IP Address", ntopng will create
virtual interfaces to match the remote devices.

Regards,
Emanuele


On 04/17/2017 07:11 PM, Boyan Biandov wrote:
>
> Thanks Luca,
>
> Actually adding a new interface wouldn't do it for me; I am looking
> for a way to tell which device reported a specific flow. Since I have
> multiple devices exporting flows to ntopng all of the flow data gets
> aggregated by ntopng since it arrives at the same interface - the eth0
> of the VM where ntopng is running.
>
> However that doesn't mean that most of the flows were captured at that
> interface -- the flows were reported by other devices and the traffic
> just arrive at the same interface of ntopng. So is there way to tell
> who reported a flow by looking at the flow record on the dashboard?
>
> I can't find a place which shows that? Certainly ntopng has that
> information somewhere?
>
> Thank you
>
> ~B
>
>
>> On April 15, 2017 at 12:47 PM Luca Deri <deri@ntop.org> wrote:
>>
>> Hi Boyan
>> you will be even more impressed if you use the development version of
>> ntopng that implements many more features.
>>
>> In order to configure new interfaces you can do that using the -i
>> command line flag
>>
>> Regards Luca
>>
>>> On 15 Apr 2017, at 20:56, Boyan Biandov <boyan.biandov@ikipple.com
>>> <mailto:boyan.biandov@ikipple.com>> wrote:
>>>
>>> Hi everyone,
>>>
>>> I'm running ntopng 2.4.170215 - Pro Small Business Edition; all is
>>> well and I'm very impressed. My question becomes relevant when I
>>> send flows from other devices to ntopng. By other devices I mean
>>> physical devices which collect flows locally via their physical
>>> interfaces and then export flows to ntopng over the network.
>>>
>>> Currently ntopng listens to 2 interfaces which are physically local
>>> to the VM where ntopng runs on: one is the localhost and the other
>>> is en Ethernet ens32 interface. When I send flows from remote
>>> devices the flows data gets "merged" into the ens32 interface as if
>>> the flow data was captured there. That of course isn't accurate.
>>>
>>> How do I configure more interfaces (and those will all be remote
>>> interfaces) show up in the list box (shown below) so that I know
>>> where the flow was captured -- by where I mean which physical device
>>> reported to flow to ntopng?
>>>
>>> <ntopng.png>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Need some conceptual guidance with sending flows to ntopng [ In reply to ]
boyan.biandov at ikipple
Apr 18, 2017, 6:47 AM
Post #5 of 8 (1073 views)
Permalink
Hi&#160;Emanuele, I can&#39;t find &#34;ntopng advanced preferences&#34;? I&#39;m using nBox. I looked at configuration both in nBox and in ntopng and all I see is &#34;run-time preferences&#34;. Do I need to add cli parameters to the ntopng command line for the &#34;probe IP address&#34; that you suggested?&#160;Thank you
On April 18, 2017 at 2:22 AM Emanuele Faranda &#60;faranda@ntop.org&#62; wrote:



Hi Boyan,
please check out the &#34;Dynamic Flow Collection Interfaces&#34; option into the ntopng advanced preferences.

If you set the preference to &#34;Probe IP Address&#34;, ntopng will create virtual interfaces to match the remote devices.


Regards,
Emanuele
Re: Need some conceptual guidance with sending flows to ntopng [ In reply to ]
mainardi at ntop
Apr 19, 2017, 2:26 AM
Post #6 of 8 (1073 views)
Permalink
Boyan,

The dynamic interfaces creation feature is only available in the latest dev
version. Please, move to ntopng 2.5.

Regards,
Simone

On Tue, Apr 18, 2017 at 3:47 PM, Boyan Biandov <boyan.biandov@ikipple.com>
wrote:

> Hi Emanuele, I can't find "ntopng advanced preferences"? I'm using nBox. I
> looked at configuration both in nBox and in ntopng and all I see is
> "run-time preferences". Do I need to add cli parameters to the ntopng
> command line for the "probe IP address" that you suggested? Thank you
>
> On April 18, 2017 at 2:22 AM Emanuele Faranda <faranda@ntop.org> wrote:
>
> Hi Boyan,
> please check out the "Dynamic Flow Collection Interfaces" option into the
> ntopng advanced preferences.
>
> If you set the preference to "Probe IP Address", ntopng will create
> virtual interfaces to match the remote devices.
>
> Regards,
> Emanuele
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
Re: Need some conceptual guidance with sending flows to ntopng [ In reply to ]
boyan.biandov at ikipple
Apr 30, 2017, 10:05 AM
Post #7 of 8 (1068 views)
Permalink
Thanks Simone,




I just upgraded using the apt-get repo (running LTS 16.04) but when I changed following the upgrade ntopng still says&#160;2.4.170215

My OS is Debian stretch/sid [x86_64][Ubuntu 16.04.1 LTS] - 64 bit




Thanks

~b



On April 19, 2017 at 2:26 AM Simone Mainardi &#60;mainardi@ntop.org&#62; wrote:

Boyan,&#160;
The dynamic interfaces creation feature is only available in the latest dev version. Please, move to ntopng 2.5.
Regards,Simone
Re: Need some conceptual guidance with sending flows to ntopng [ In reply to ]
mainardi at ntop
May 1, 2017, 1:35 AM
Post #8 of 8 (1068 views)
Permalink
Boyan,

You should uninstall package apt-ntop-stable and then follow the
instructions at http://packages.ntop.org/apt/ to move to the dev release.

On Sun, Apr 30, 2017 at 7:05 PM, Boyan Biandov <boyan.biandov@ikipple.com>
wrote:

> Thanks Simone,
>
>
> I just upgraded using the apt-get repo (running LTS 16.04) but when I
> changed following the upgrade ntopng still says 2.4.170215
>
> My OS is Debian stretch/sid [x86_64][Ubuntu 16.04.1 LTS] - 64 bit
>
>
> Thanks
>
> ~b
>
>
>
> On April 19, 2017 at 2:26 AM Simone Mainardi <mainardi@ntop.org> wrote:
>
> Boyan,
>
> The dynamic interfaces creation feature is only available in the latest
> dev version. Please, move to ntopng 2.5.
>
> Regards,
> Simone
>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal