Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
nprobe and ntopng ipfix configuration
j.kirk at ecc
Sep 3, 2017, 7:00 PM
Post #1 of 3 (416 views)
Permalink
Hi,

I have nprobe running on a centos server which is our internet gateway. 
It is currently sending netflow v5 (the default) using ZMQ to ntopng
which is running on a windows 7 workstation.

When I change the nprobe configuration to use IPFIX with a simple
template, I don't get any data collected at ntopng.

Can anyone share a sample config file for nprobe and ntopng to send /
recv IPFIX data?

Thanks.

*Jon Kirk

*

--

Emerald Christian College


*PO BOX 1993 Emerald Qld 4720 Phone: 07 4982 0977 Fax: 07 4982 0244 *
*Email: office@ecc.qld.edu.au
<office@ecc.qld.edu.au>Website: http://www.ecc.qld.edu.au
<http://www.ecc.qld.edu.au/>*
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: nprobe and ntopng ipfix configuration [ In reply to ]
mainardi at ntop
Sep 4, 2017, 12:29 AM
Post #2 of 3 (415 views)
Permalink
Dear Jon,


> On 4 Sep 2017, at 04:00, Jon Kirk <j.kirk@ecc.qld.edu.au> wrote:
>
> Hi,
>
> I have nprobe running on a centos server which is our internet gateway. It is currently sending netflow v5 (the default) using ZMQ to ntopng which is running on a windows 7 workstation.

ZMQ carries standardised JSON-based messages, so there's no need to either specify v5, v9 or ipfix. Flow version specification is only necessary when nProbe is used as a proxy to export flows to downstream Netflow collectors.

In your case, just use --zmq with the proper endpoint and specify all the fields of interest in the template.

Regards,
Simone

>
> When I change the nprobe configuration to use IPFIX with a simple template, I don't get any data collected at ntopng.
>
> Can anyone share a sample config file for nprobe and ntopng to send / recv IPFIX data?
>
> Thanks.
>
> *Jon Kirk
>
> *
>
> --
>
> Emerald Christian College
>
>
> *PO BOX 1993 Emerald Qld 4720 Phone: 07 4982 0977 Fax: 07 4982 0244 * *Email: office@ecc.qld.edu.au <office@ecc.qld.edu.au>Website: http://www.ecc.qld.edu.au <http://www.ecc.qld.edu.au/>*
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: nprobe and ntopng ipfix configuration [ In reply to ]
mainardi at ntop
Sep 4, 2017, 12:29 AM
Post #3 of 3 (415 views)
Permalink
Dear Jon,


> On 4 Sep 2017, at 04:00, Jon Kirk <j.kirk@ecc.qld.edu.au> wrote:
>
> Hi,
>
> I have nprobe running on a centos server which is our internet gateway. It is currently sending netflow v5 (the default) using ZMQ to ntopng which is running on a windows 7 workstation.

ZMQ carries standardised JSON-based messages, so there's no need to either specify v5, v9 or ipfix. Flow version specification is only necessary when nProbe is used as a proxy to export flows to downstream Netflow collectors.

In your case, just use --zmq with the proper endpoint and specify all the fields of interest in the template.

Regards,
Simone

>
> When I change the nprobe configuration to use IPFIX with a simple template, I don't get any data collected at ntopng.
>
> Can anyone share a sample config file for nprobe and ntopng to send / recv IPFIX data?
>
> Thanks.
>
> *Jon Kirk
>
> *
>
> --
>
> Emerald Christian College
>
>
> *PO BOX 1993 Emerald Qld 4720 Phone: 07 4982 0977 Fax: 07 4982 0244 * *Email: office@ecc.qld.edu.au <office@ecc.qld.edu.au>Website: http://www.ecc.qld.edu.au <http://www.ecc.qld.edu.au/>*
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal