Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
nprobe config question
david at rocketmail
Aug 16, 2017, 8:45 AM
Post #1 of 5 (572 views)
Permalink
Hi All,
I have ntopng v3 running on Ubuntu 16 and I believe I have nprobe running as expected on a remote box, which is sending netflow to ntopng.  As a sanity check, could someone tell me the command line to start nprobe assuming I'm running it on a separate server and only using it as a remote feed for my ntopng server?  nprobe being fed by a switch span port and then sending the corresponding netflow to my central ntopng server. 
Also, when installing nprobe in this remote feed scenario, can I just run "apt-get install nprobe" or is it best practice to run >
- apt-get install pfring nprobe ntopng ntopng-data n2disk cento nbox
Thanks,
David
Re: nprobe config question [ In reply to ]
deri at ntop
Aug 16, 2017, 9:12 AM
Post #2 of 5 (572 views)
Permalink
David,
you can just do apt-get install nprobe

Something like this should work:

bigserver $ nprobe -i <interface> -n none --zmq "tcp://*:1234 <tcp://*:1234>"

ntopng $ ntopng -i tcp://<bigserver>:1234


Luca

> On 16 Aug 2017, at 17:45, David Kraut <David@rocketmail.com> wrote:
>
> Hi All,
>
> I have ntopng v3 running on Ubuntu 16 and I believe I have nprobe running as expected on a remote box, which is sending netflow to ntopng. As a sanity check, could someone tell me the command line to start nprobe assuming I'm running it on a separate server and only using it as a remote feed for my ntopng server? nprobe being fed by a switch span port and then sending the corresponding netflow to my central ntopng server.
>
> Also, when installing nprobe in this remote feed scenario, can I just run "apt-get install nprobe" or is it best practice to run >
> apt-get install pfring nprobe ntopng ntopng-data n2disk cento nbox
> Thanks,
>
> David
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: nprobe config question [ In reply to ]
deri at ntop
Aug 16, 2017, 9:12 AM
Post #3 of 5 (572 views)
Permalink
David,
you can just do apt-get install nprobe

Something like this should work:

bigserver $ nprobe -i <interface> -n none --zmq "tcp://*:1234 <tcp://*:1234>"

ntopng $ ntopng -i tcp://<bigserver>:1234


Luca

> On 16 Aug 2017, at 17:45, David Kraut <David@rocketmail.com> wrote:
>
> Hi All,
>
> I have ntopng v3 running on Ubuntu 16 and I believe I have nprobe running as expected on a remote box, which is sending netflow to ntopng. As a sanity check, could someone tell me the command line to start nprobe assuming I'm running it on a separate server and only using it as a remote feed for my ntopng server? nprobe being fed by a switch span port and then sending the corresponding netflow to my central ntopng server.
>
> Also, when installing nprobe in this remote feed scenario, can I just run "apt-get install nprobe" or is it best practice to run >
> apt-get install pfring nprobe ntopng ntopng-data n2disk cento nbox
> Thanks,
>
> David
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: nprobe config question [ In reply to ]
mainardi at ntop
Aug 16, 2017, 9:45 AM
Post #4 of 5 (572 views)
Permalink
Hi David,

Please, see below inserted replies,


> On 16 Aug 2017, at 17:45, David Kraut <david@rocketmail.com> wrote:
>
> Hi All,
>
> I have ntopng v3 running on Ubuntu 16 and I believe I have nprobe running as expected on a remote box, which is sending netflow to ntopng. As a sanity check, could someone tell me the command line to start nprobe assuming I'm running it on a separate server and only using it as a remote feed for my ntopng server? nprobe being fed by a switch span port and then sending the corresponding netflow to my central ntopng server.

./nprobe -i your_input_span_port -n none --zmq tcp://*:5556 <tcp://*:5556>
./ntopng -i tcp://<nprobe_host_ip_address <tcp://<nprobe_host_ip_address>>:5556

>
> Also, when installing nprobe in this remote feed scenario, can I just run "apt-get install nprobe"

you can just run this

> or is it best practice to run >
> apt-get install pfring nprobe ntopng ntopng-data n2disk cento nbox
> Thanks,
>
> David
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: nprobe config question [ In reply to ]
mainardi at ntop
Aug 16, 2017, 9:45 AM
Post #5 of 5 (572 views)
Permalink
Hi David,

Please, see below inserted replies,


> On 16 Aug 2017, at 17:45, David Kraut <david@rocketmail.com> wrote:
>
> Hi All,
>
> I have ntopng v3 running on Ubuntu 16 and I believe I have nprobe running as expected on a remote box, which is sending netflow to ntopng. As a sanity check, could someone tell me the command line to start nprobe assuming I'm running it on a separate server and only using it as a remote feed for my ntopng server? nprobe being fed by a switch span port and then sending the corresponding netflow to my central ntopng server.

./nprobe -i your_input_span_port -n none --zmq tcp://*:5556 <tcp://*:5556>
./ntopng -i tcp://<nprobe_host_ip_address <tcp://<nprobe_host_ip_address>>:5556

>
> Also, when installing nprobe in this remote feed scenario, can I just run "apt-get install nprobe"

you can just run this

> or is it best practice to run >
> apt-get install pfring nprobe ntopng ntopng-data n2disk cento nbox
> Thanks,
>
> David
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal