Mailing List Archive

nprobe starts and stops - no log to trouble shoot
when starting nprobe from ntop applications the status light turns green
then red

when run ps aux | grep nprobe right after issuing sudo service nprobe start

nobody 12778 14.1 0.3 343712 14740 ? Ssl 17:09 0:00
/usr/local/bin/nprobe /run/nprobe.conf
root 13045 0.0 0.0 26168 1340 ? S 17:09 0:00 systemctl
stop nprobe.service

I can run from console which will start but I get
sudo /usr/local/bin/nprobe /run/nprobe-ens18.conf
04/Jan/2018 17:19:31 [plugin.c:187] No plugins found in ./plugins
04/Jan/2018 17:19:31 [plugin.c:195] Loading 23 plugins [.so] from
/usr/local/lib/nprobe/plugins
04/Jan/2018 17:19:31 [nprobe.c:3784] ERROR: Invalid nProbe license
(/etc/nprobe.license) [Missing license file]
04/Jan/2018 17:19:31 [nprobe.c:3791] ERROR:
*****************************************************
04/Jan/2018 17:19:31 [nprobe.c:3792] ERROR: **
**
04/Jan/2018 17:19:31 [nprobe.c:3793] ERROR: ** Switching to DEMO MODE
(missing valid license) **
04/Jan/2018 17:19:31 [nprobe.c:3794] ERROR: **
**
04/Jan/2018 17:19:31 [nprobe.c:3795] ERROR: ** Purchase your nProbe
license at **
04/Jan/2018 17:19:31 [nprobe.c:3796] ERROR: ** https://shop.ntop.org/
**
04/Jan/2018 17:19:31 [nprobe.c:3797] ERROR: **
**
04/Jan/2018 17:19:31 [nprobe.c:3798] ERROR:
*****************************************************
04/Jan/2018 17:19:31 [nprobe.c:4809] WARNING: If you want to preserve the
-M value, please specify -w before -M
04/Jan/2018 17:19:31 [nprobe.c:4727] WARNING: Unable to parse sampling
option: discarded
04/Jan/2018 17:19:31 [nprobe.c:5755] WARNING: The output interfaceId is set
to 0: did you forget to use -Q perhaps ?
04/Jan/2018 17:19:31 [nprobe.c:5758] WARNING: The input interfaceId is set
to 0: did you forget to use -u perhaps ?
04/Jan/2018 17:19:31 [nprobe.c:5859] Welcome to nProbe v.8.2.171206
($Revision: 5975 $) for x86_64-pc-linux-gnu with native PF_RING acceleration
04/Jan/2018 17:19:31 [nprobe.c:5869] Running on Ubuntu 16.04.3 LTS
04/Jan/2018 17:19:31 [nprobe.c:5880] [LICENSE] nProbe SystemId:
9FB0563B0C001090
04/Jan/2018 17:19:31 [nprobe.c:5993] Sample rate [packet: 1][flow
collection/export: 1/1]
04/Jan/2018 17:19:31 [nprobe.c:8432] ERROR:
***************************************************************
04/Jan/2018 17:19:31 [nprobe.c:8433] ERROR: * NOTE: This is a DEMO version
limited to 25000 flows export. *
04/Jan/2018 17:19:31 [nprobe.c:8434] ERROR:
***************************************************************
04/Jan/2018 17:19:31 [nprobe.c:8440] Welcome to nProbe v.8.2.171206 for
x86_64-pc-linux-gnu
04/Jan/2018 17:19:31 [nprobe.c:7462] You selected v9/IPFIX without
specifying a template (-T).
04/Jan/2018 17:19:31 [nprobe.c:7463] The default template will be used
04/Jan/2018 17:19:31 [nprobe.c:7468] Using NetFlow Packet Payload Len: 1472
04/Jan/2018 17:19:31 [plugin.c:1155] 0 plugin(s) enabled
04/Jan/2018 17:19:31 [nprobe.c:7907] Each flow is 89 bytes long
04/Jan/2018 17:19:31 [nprobe.c:7908] The # flows per packet has been set to
15
04/Jan/2018 17:19:31 [nprobe.c:7911] IP TOS is accounted
04/Jan/2018 17:19:31 [nprobe.c:7937] Non IPv4/v6 traffic is discarded
according to the template
04/Jan/2018 17:19:31 [util.c:440] GeoIP: loaded AS config file
/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
04/Jan/2018 17:19:31 [util.c:451] GeoIP: loaded AS IPv6 config file
/usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
04/Jan/2018 17:19:31 [nprobe.c:6487] Using packet capture length 128
04/Jan/2018 17:19:31 [pro/pf_ring.c:356] Initializing PF_RING socket on
device ens18..
04/Jan/2018 17:19:31 [pro/pf_ring.c:398] Dumping traffic statistics on
/proc/net/pf_ring/stats/17022-ens18.15
04/Jan/2018 17:19:31 [pro/pf_ring.c:463] PF_RING enabled on ens18
04/Jan/2018 17:19:31 [util.c:3591] nProbe changed user to 'nobody'
04/Jan/2018 17:19:31 [nprobe.c:8989] nProbe started successfully
04/Jan/2018 17:19:32 [nprobe.c:3024] WARNING: Unable to create file
/var/log/nprobe/ens18-0_flows_stats.txt
04/Jan/2018 17:20:32 [nprobe.c:3024] WARNING: Unable to create file
/var/log/nprobe/ens18-0_flows_stats.txt

but none of the netflow v9 flows directed at the interface from my BGP
router show up.

ntop nBox 2.4
Linux kernel 4.4.0-87-generic x86_64
2x Common KVM processor
CPU 0 0 1 2 3
CPU 1 4 5 6 7
1x Red Hat, Inc Virtio network device

ntopng Version 3.2.171206 - Community Edition
Built on Ubuntu 16.04.3 LTS

sudo nprobe -v
Welcome to nProbe v.8.2.171206 (r5975) for x86_64-pc-linux-gnu
with native PF_RING acceleration.
Copyright 2002-17 ntop.org

sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Thanks
--
Arthur Stephens
Senior Network Administrator
Ptera Inc.
PO Box 135
24001 E Mission Suite 50
Liberty Lake, WA 99019
509-927-7837
ptera.com |
facebook.com/PteraInc | twitter.com/Ptera
-----------------------------------------------------------------------------
"This message may contain confidential and/or propriety information, and is
intended for the person/entity to whom it was originally addressed.
Any use by others is strictly prohibited. Please note that any views or
opinions presented in this email are solely those of the author and are not
intended to represent those of the company."
Re: nprobe starts and stops - no log to trouble shoot [ In reply to ]
Art,

It looks like there's a systemctl command that is trying to stop a running nprobe instance (see pid 13045), while you are also running nprobe from the command line (see pid 12778). Make sure all the nprobe processes are stopped (possibly terminate them manually) and then try to re-start them from the nBox instance.


Simone

> On 5 Jan 2018, at 02:26, Art Stephens <astephens@ptera.com> wrote:
>
> when starting nprobe from ntop applications the status light turns green then red
>
> when run ps aux | grep nprobe right after issuing sudo service nprobe start
>
> nobody 12778 14.1 0.3 343712 14740 ? Ssl 17:09 0:00 /usr/local/bin/nprobe /run/nprobe.conf
> root 13045 0.0 0.0 26168 1340 ? S 17:09 0:00 systemctl stop nprobe.service
>
> I can run from console which will start but I get
> sudo /usr/local/bin/nprobe /run/nprobe-ens18.conf
> 04/Jan/2018 17:19:31 [plugin.c:187] No plugins found in ./plugins
> 04/Jan/2018 17:19:31 [plugin.c:195] Loading 23 plugins [.so] from /usr/local/lib/nprobe/plugins
> 04/Jan/2018 17:19:31 [nprobe.c:3784] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
> 04/Jan/2018 17:19:31 [nprobe.c:3791] ERROR: *****************************************************
> 04/Jan/2018 17:19:31 [nprobe.c:3792] ERROR: ** **
> 04/Jan/2018 17:19:31 [nprobe.c:3793] ERROR: ** Switching to DEMO MODE (missing valid license) **
> 04/Jan/2018 17:19:31 [nprobe.c:3794] ERROR: ** **
> 04/Jan/2018 17:19:31 [nprobe.c:3795] ERROR: ** Purchase your nProbe license at **
> 04/Jan/2018 17:19:31 [nprobe.c:3796] ERROR: ** https://shop.ntop.org/ <https://shop.ntop.org/> **
> 04/Jan/2018 17:19:31 [nprobe.c:3797] ERROR: ** **
> 04/Jan/2018 17:19:31 [nprobe.c:3798] ERROR: *****************************************************
> 04/Jan/2018 17:19:31 [nprobe.c:4809] WARNING: If you want to preserve the -M value, please specify -w before -M
> 04/Jan/2018 17:19:31 [nprobe.c:4727] WARNING: Unable to parse sampling option: discarded
> 04/Jan/2018 17:19:31 [nprobe.c:5755] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5758] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5859] Welcome to nProbe v.8.2.171206 ($Revision: 5975 $) for x86_64-pc-linux-gnu with native PF_RING acceleration
> 04/Jan/2018 17:19:31 [nprobe.c:5869] Running on Ubuntu 16.04.3 LTS
> 04/Jan/2018 17:19:31 [nprobe.c:5880] [LICENSE] nProbe SystemId: 9FB0563B0C001090
> 04/Jan/2018 17:19:31 [nprobe.c:5993] Sample rate [packet: 1][flow collection/export: 1/1]
> 04/Jan/2018 17:19:31 [nprobe.c:8432] ERROR: ***************************************************************
> 04/Jan/2018 17:19:31 [nprobe.c:8433] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
> 04/Jan/2018 17:19:31 [nprobe.c:8434] ERROR: ***************************************************************
> 04/Jan/2018 17:19:31 [nprobe.c:8440] Welcome to nProbe v.8.2.171206 for x86_64-pc-linux-gnu
> 04/Jan/2018 17:19:31 [nprobe.c:7462] You selected v9/IPFIX without specifying a template (-T).
> 04/Jan/2018 17:19:31 [nprobe.c:7463] The default template will be used
> 04/Jan/2018 17:19:31 [nprobe.c:7468] Using NetFlow Packet Payload Len: 1472
> 04/Jan/2018 17:19:31 [plugin.c:1155] 0 plugin(s) enabled
> 04/Jan/2018 17:19:31 [nprobe.c:7907] Each flow is 89 bytes long
> 04/Jan/2018 17:19:31 [nprobe.c:7908] The # flows per packet has been set to 15
> 04/Jan/2018 17:19:31 [nprobe.c:7911] IP TOS is accounted
> 04/Jan/2018 17:19:31 [nprobe.c:7937] Non IPv4/v6 traffic is discarded according to the template
> 04/Jan/2018 17:19:31 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 04/Jan/2018 17:19:31 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 04/Jan/2018 17:19:31 [nprobe.c:6487] Using packet capture length 128
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:356] Initializing PF_RING socket on device ens18..
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:398] Dumping traffic statistics on /proc/net/pf_ring/stats/17022-ens18.15
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:463] PF_RING enabled on ens18
> 04/Jan/2018 17:19:31 [util.c:3591] nProbe changed user to 'nobody'
> 04/Jan/2018 17:19:31 [nprobe.c:8989] nProbe started successfully
> 04/Jan/2018 17:19:32 [nprobe.c:3024] WARNING: Unable to create file /var/log/nprobe/ens18-0_flows_stats.txt
> 04/Jan/2018 17:20:32 [nprobe.c:3024] WARNING: Unable to create file /var/log/nprobe/ens18-0_flows_stats.txt
>
> but none of the netflow v9 flows directed at the interface from my BGP router show up.
>
> ntop nBox 2.4
> Linux kernel 4.4.0-87-generic x86_64
> 2x Common KVM processor
> CPU 0 0 1 2 3
> CPU 1 4 5 6 7
> 1x Red Hat, Inc Virtio network device
>
> ntopng Version 3.2.171206 - Community Edition
> Built on Ubuntu 16.04.3 LTS
>
> sudo nprobe -v
> Welcome to nProbe v.8.2.171206 (r5975) for x86_64-pc-linux-gnu
> with native PF_RING acceleration.
> Copyright 2002-17 ntop.org <http://ntop.org/>
>
> sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Thanks
> --
> Arthur Stephens
> Senior Network Administrator
> Ptera Inc.
> PO Box 135
> 24001 E Mission Suite 50
> Liberty Lake, WA 99019
> 509-927-7837
> ptera.com <http://ptera.com/> |
> facebook.com/PteraInc <http://facebook.com/PteraInc> | twitter.com/Ptera <http://twitter.com/Ptera> -----------------------------------------------------------------------------
> "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed.
> Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company."
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: nprobe starts and stops - no log to trouble shoot [ In reply to ]
Art,

It looks like there's a systemctl command that is trying to stop a running nprobe instance (see pid 13045), while you are also running nprobe from the command line (see pid 12778). Make sure all the nprobe processes are stopped (possibly terminate them manually) and then try to re-start them from the nBox instance.


Simone

> On 5 Jan 2018, at 02:26, Art Stephens <astephens@ptera.com> wrote:
>
> when starting nprobe from ntop applications the status light turns green then red
>
> when run ps aux | grep nprobe right after issuing sudo service nprobe start
>
> nobody 12778 14.1 0.3 343712 14740 ? Ssl 17:09 0:00 /usr/local/bin/nprobe /run/nprobe.conf
> root 13045 0.0 0.0 26168 1340 ? S 17:09 0:00 systemctl stop nprobe.service
>
> I can run from console which will start but I get
> sudo /usr/local/bin/nprobe /run/nprobe-ens18.conf
> 04/Jan/2018 17:19:31 [plugin.c:187] No plugins found in ./plugins
> 04/Jan/2018 17:19:31 [plugin.c:195] Loading 23 plugins [.so] from /usr/local/lib/nprobe/plugins
> 04/Jan/2018 17:19:31 [nprobe.c:3784] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
> 04/Jan/2018 17:19:31 [nprobe.c:3791] ERROR: *****************************************************
> 04/Jan/2018 17:19:31 [nprobe.c:3792] ERROR: ** **
> 04/Jan/2018 17:19:31 [nprobe.c:3793] ERROR: ** Switching to DEMO MODE (missing valid license) **
> 04/Jan/2018 17:19:31 [nprobe.c:3794] ERROR: ** **
> 04/Jan/2018 17:19:31 [nprobe.c:3795] ERROR: ** Purchase your nProbe license at **
> 04/Jan/2018 17:19:31 [nprobe.c:3796] ERROR: ** https://shop.ntop.org/ <https://shop.ntop.org/> **
> 04/Jan/2018 17:19:31 [nprobe.c:3797] ERROR: ** **
> 04/Jan/2018 17:19:31 [nprobe.c:3798] ERROR: *****************************************************
> 04/Jan/2018 17:19:31 [nprobe.c:4809] WARNING: If you want to preserve the -M value, please specify -w before -M
> 04/Jan/2018 17:19:31 [nprobe.c:4727] WARNING: Unable to parse sampling option: discarded
> 04/Jan/2018 17:19:31 [nprobe.c:5755] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5758] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5859] Welcome to nProbe v.8.2.171206 ($Revision: 5975 $) for x86_64-pc-linux-gnu with native PF_RING acceleration
> 04/Jan/2018 17:19:31 [nprobe.c:5869] Running on Ubuntu 16.04.3 LTS
> 04/Jan/2018 17:19:31 [nprobe.c:5880] [LICENSE] nProbe SystemId: 9FB0563B0C001090
> 04/Jan/2018 17:19:31 [nprobe.c:5993] Sample rate [packet: 1][flow collection/export: 1/1]
> 04/Jan/2018 17:19:31 [nprobe.c:8432] ERROR: ***************************************************************
> 04/Jan/2018 17:19:31 [nprobe.c:8433] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
> 04/Jan/2018 17:19:31 [nprobe.c:8434] ERROR: ***************************************************************
> 04/Jan/2018 17:19:31 [nprobe.c:8440] Welcome to nProbe v.8.2.171206 for x86_64-pc-linux-gnu
> 04/Jan/2018 17:19:31 [nprobe.c:7462] You selected v9/IPFIX without specifying a template (-T).
> 04/Jan/2018 17:19:31 [nprobe.c:7463] The default template will be used
> 04/Jan/2018 17:19:31 [nprobe.c:7468] Using NetFlow Packet Payload Len: 1472
> 04/Jan/2018 17:19:31 [plugin.c:1155] 0 plugin(s) enabled
> 04/Jan/2018 17:19:31 [nprobe.c:7907] Each flow is 89 bytes long
> 04/Jan/2018 17:19:31 [nprobe.c:7908] The # flows per packet has been set to 15
> 04/Jan/2018 17:19:31 [nprobe.c:7911] IP TOS is accounted
> 04/Jan/2018 17:19:31 [nprobe.c:7937] Non IPv4/v6 traffic is discarded according to the template
> 04/Jan/2018 17:19:31 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 04/Jan/2018 17:19:31 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 04/Jan/2018 17:19:31 [nprobe.c:6487] Using packet capture length 128
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:356] Initializing PF_RING socket on device ens18..
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:398] Dumping traffic statistics on /proc/net/pf_ring/stats/17022-ens18.15
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:463] PF_RING enabled on ens18
> 04/Jan/2018 17:19:31 [util.c:3591] nProbe changed user to 'nobody'
> 04/Jan/2018 17:19:31 [nprobe.c:8989] nProbe started successfully
> 04/Jan/2018 17:19:32 [nprobe.c:3024] WARNING: Unable to create file /var/log/nprobe/ens18-0_flows_stats.txt
> 04/Jan/2018 17:20:32 [nprobe.c:3024] WARNING: Unable to create file /var/log/nprobe/ens18-0_flows_stats.txt
>
> but none of the netflow v9 flows directed at the interface from my BGP router show up.
>
> ntop nBox 2.4
> Linux kernel 4.4.0-87-generic x86_64
> 2x Common KVM processor
> CPU 0 0 1 2 3
> CPU 1 4 5 6 7
> 1x Red Hat, Inc Virtio network device
>
> ntopng Version 3.2.171206 - Community Edition
> Built on Ubuntu 16.04.3 LTS
>
> sudo nprobe -v
> Welcome to nProbe v.8.2.171206 (r5975) for x86_64-pc-linux-gnu
> with native PF_RING acceleration.
> Copyright 2002-17 ntop.org <http://ntop.org/>
>
> sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Thanks
> --
> Arthur Stephens
> Senior Network Administrator
> Ptera Inc.
> PO Box 135
> 24001 E Mission Suite 50
> Liberty Lake, WA 99019
> 509-927-7837
> ptera.com <http://ptera.com/> |
> facebook.com/PteraInc <http://facebook.com/PteraInc> | twitter.com/Ptera <http://twitter.com/Ptera> -----------------------------------------------------------------------------
> "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed.
> Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company."
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: nprobe starts and stops - no log to trouble shoot [ In reply to ]
Ah yes I did do that also - with no instance running that is when I saw the
systemctl stop nprobe.service.
I also verified with webmin running processes that no nprobe was running
and then tried to start it from nbox but same thing happens.
And with no logging I have no clue.The status light turns green and then
turns red.

On Fri, Jan 5, 2018 at 12:42 AM, Simone Mainardi <mainardi@ntop.org> wrote:

> Art,
>
> It looks like there's a systemctl command that is trying to stop a running
> nprobe instance (see pid 13045), while you are also running nprobe from the
> command line (see pid 12778). Make sure all the nprobe processes are
> stopped (possibly terminate them manually) and then try to re-start them
> from the nBox instance.
>
>
> Simone
>
> On 5 Jan 2018, at 02:26, Art Stephens <astephens@ptera.com> wrote:
>
> when starting nprobe from ntop applications the status light turns green
> then red
>
> when run ps aux | grep nprobe right after issuing sudo service nprobe start
>
> nobody 12778 14.1 0.3 343712 14740 ? Ssl 17:09 0:00
> /usr/local/bin/nprobe /run/nprobe.conf
> root 13045 0.0 0.0 26168 1340 ? S 17:09 0:00 systemctl
> stop nprobe.service
>
> I can run from console which will start but I get
> sudo /usr/local/bin/nprobe /run/nprobe-ens18.conf
> 04/Jan/2018 17:19:31 [plugin.c:187] No plugins found in ./plugins
> 04/Jan/2018 17:19:31 [plugin.c:195] Loading 23 plugins [.so] from
> /usr/local/lib/nprobe/plugins
> 04/Jan/2018 17:19:31 [nprobe.c:3784] ERROR: Invalid nProbe license
> (/etc/nprobe.license) [Missing license file]
> 04/Jan/2018 17:19:31 [nprobe.c:3791] ERROR: ******************************
> ***********************
> 04/Jan/2018 17:19:31 [nprobe.c:3792] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3793] ERROR: ** Switching to DEMO MODE
> (missing valid license) **
> 04/Jan/2018 17:19:31 [nprobe.c:3794] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3795] ERROR: ** Purchase your nProbe
> license at **
> 04/Jan/2018 17:19:31 [nprobe.c:3796] ERROR: **
> https://shop.ntop.org/ **
> 04/Jan/2018 17:19:31 [nprobe.c:3797] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3798] ERROR: ******************************
> ***********************
> 04/Jan/2018 17:19:31 [nprobe.c:4809] WARNING: If you want to preserve the
> -M value, please specify -w before -M
> 04/Jan/2018 17:19:31 [nprobe.c:4727] WARNING: Unable to parse sampling
> option: discarded
> 04/Jan/2018 17:19:31 [nprobe.c:5755] WARNING: The output interfaceId is
> set to 0: did you forget to use -Q perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5758] WARNING: The input interfaceId is set
> to 0: did you forget to use -u perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5859] Welcome to nProbe v.8.2.171206
> ($Revision: 5975 $) for x86_64-pc-linux-gnu with native PF_RING acceleration
> 04/Jan/2018 17:19:31 [nprobe.c:5869] Running on Ubuntu 16.04.3 LTS
> 04/Jan/2018 17:19:31 [nprobe.c:5880] [LICENSE] nProbe SystemId:
> 9FB0563B0C001090
> 04/Jan/2018 17:19:31 [nprobe.c:5993] Sample rate [packet: 1][flow
> collection/export: 1/1]
> 04/Jan/2018 17:19:31 [nprobe.c:8432] ERROR: ******************************
> *********************************
> 04/Jan/2018 17:19:31 [nprobe.c:8433] ERROR: * NOTE: This is a DEMO version
> limited to 25000 flows export. *
> 04/Jan/2018 17:19:31 [nprobe.c:8434] ERROR: ******************************
> *********************************
> 04/Jan/2018 17:19:31 [nprobe.c:8440] Welcome to nProbe v.8.2.171206 for
> x86_64-pc-linux-gnu
> 04/Jan/2018 17:19:31 [nprobe.c:7462] You selected v9/IPFIX without
> specifying a template (-T).
> 04/Jan/2018 17:19:31 [nprobe.c:7463] The default template will be used
> 04/Jan/2018 17:19:31 [nprobe.c:7468] Using NetFlow Packet Payload Len: 1472
> 04/Jan/2018 17:19:31 [plugin.c:1155] 0 plugin(s) enabled
> 04/Jan/2018 17:19:31 [nprobe.c:7907] Each flow is 89 bytes long
> 04/Jan/2018 17:19:31 [nprobe.c:7908] The # flows per packet has been set
> to 15
> 04/Jan/2018 17:19:31 [nprobe.c:7911] IP TOS is accounted
> 04/Jan/2018 17:19:31 [nprobe.c:7937] Non IPv4/v6 traffic is discarded
> according to the template
> 04/Jan/2018 17:19:31 [util.c:440] GeoIP: loaded AS config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 04/Jan/2018 17:19:31 [util.c:451] GeoIP: loaded AS IPv6 config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 04/Jan/2018 17:19:31 [nprobe.c:6487] Using packet capture length 128
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:356] Initializing PF_RING socket on
> device ens18..
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:398] Dumping traffic statistics on
> /proc/net/pf_ring/stats/17022-ens18.15
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:463] PF_RING enabled on ens18
> 04/Jan/2018 17:19:31 [util.c:3591] nProbe changed user to 'nobody'
> 04/Jan/2018 17:19:31 [nprobe.c:8989] nProbe started successfully
> 04/Jan/2018 17:19:32 [nprobe.c:3024] WARNING: Unable to create file
> /var/log/nprobe/ens18-0_flows_stats.txt
> 04/Jan/2018 17:20:32 [nprobe.c:3024] WARNING: Unable to create file
> /var/log/nprobe/ens18-0_flows_stats.txt
>
> but none of the netflow v9 flows directed at the interface from my BGP
> router show up.
>
> ntop nBox 2.4
> Linux kernel 4.4.0-87-generic x86_64
> 2x Common KVM processor
> CPU 0 0 1 2 3
> CPU 1 4 5 6 7
> 1x Red Hat, Inc Virtio network device
>
> ntopng Version 3.2.171206 - Community Edition
> Built on Ubuntu 16.04.3 LTS
>
> sudo nprobe -v
> Welcome to nProbe v.8.2.171206 (r5975) for x86_64-pc-linux-gnu
> with native PF_RING acceleration.
> Copyright 2002-17 ntop.org
>
> sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Thanks
> --
> Arthur Stephens
> Senior Network Administrator
> Ptera Inc.
> PO Box 135
> 24001 E Mission Suite 50
> Liberty Lake, WA 99019
> 509-927-7837 <(509)%20927-7837>
> ptera.com |
> facebook.com/PteraInc | twitter.com/Ptera
> -----------------------------------------------------------
> ------------------
> "This message may contain confidential and/or propriety information, and
> is intended for the person/entity to whom it was originally addressed.
> Any use by others is strictly prohibited. Please note that any views or
> opinions presented in this email are solely those of the author and are not
> intended to represent those of the company."
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>



--
Arthur Stephens
Senior Network Administrator
Ptera Inc.
PO Box 135
24001 E Mission Suite 50
Liberty Lake, WA 99019
509-927-7837
ptera.com |
facebook.com/PteraInc | twitter.com/Ptera
-----------------------------------------------------------------------------
"This message may contain confidential and/or propriety information, and is
intended for the person/entity to whom it was originally addressed.
Any use by others is strictly prohibited. Please note that any views or
opinions presented in this email are solely those of the author and are not
intended to represent those of the company."
Re: nprobe starts and stops - no log to trouble shoot [ In reply to ]
I am so confused - this is not making sence to me.

I started /usr/local/bin/nprobe -V 9 -i ens18 --collector 127.0.0.1:2055
on exit it says
05/Jan/2018 14:37:19 [nprobe.c:3061] Flow export stats: [33989323
bytes/35440 pkts][1934 flows/155 pkts sent]
05/Jan/2018 14:37:19 [nprobe.c:3071] Flow drop stats: [0 bytes/0 pkts][0
flows]
05/Jan/2018 14:37:19 [nprobe.c:3076] Total flow stats: [33989323
bytes/35440 pkts][1934 flows/155 pkts sent]

but there is nothing in ntopng but what is coming from the network that the
physical interface is on.



On Fri, Jan 5, 2018 at 12:42 AM, Simone Mainardi <mainardi@ntop.org> wrote:

> Art,
>
> It looks like there's a systemctl command that is trying to stop a running
> nprobe instance (see pid 13045), while you are also running nprobe from the
> command line (see pid 12778). Make sure all the nprobe processes are
> stopped (possibly terminate them manually) and then try to re-start them
> from the nBox instance.
>
>
> Simone
>
> On 5 Jan 2018, at 02:26, Art Stephens <astephens@ptera.com> wrote:
>
> when starting nprobe from ntop applications the status light turns green
> then red
>
> when run ps aux | grep nprobe right after issuing sudo service nprobe start
>
> nobody 12778 14.1 0.3 343712 14740 ? Ssl 17:09 0:00
> /usr/local/bin/nprobe /run/nprobe.conf
> root 13045 0.0 0.0 26168 1340 ? S 17:09 0:00 systemctl
> stop nprobe.service
>
> I can run from console which will start but I get
> sudo /usr/local/bin/nprobe /run/nprobe-ens18.conf
> 04/Jan/2018 17:19:31 [plugin.c:187] No plugins found in ./plugins
> 04/Jan/2018 17:19:31 [plugin.c:195] Loading 23 plugins [.so] from
> /usr/local/lib/nprobe/plugins
> 04/Jan/2018 17:19:31 [nprobe.c:3784] ERROR: Invalid nProbe license
> (/etc/nprobe.license) [Missing license file]
> 04/Jan/2018 17:19:31 [nprobe.c:3791] ERROR: ******************************
> ***********************
> 04/Jan/2018 17:19:31 [nprobe.c:3792] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3793] ERROR: ** Switching to DEMO MODE
> (missing valid license) **
> 04/Jan/2018 17:19:31 [nprobe.c:3794] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3795] ERROR: ** Purchase your nProbe
> license at **
> 04/Jan/2018 17:19:31 [nprobe.c:3796] ERROR: **
> https://shop.ntop.org/ **
> 04/Jan/2018 17:19:31 [nprobe.c:3797] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3798] ERROR: ******************************
> ***********************
> 04/Jan/2018 17:19:31 [nprobe.c:4809] WARNING: If you want to preserve the
> -M value, please specify -w before -M
> 04/Jan/2018 17:19:31 [nprobe.c:4727] WARNING: Unable to parse sampling
> option: discarded
> 04/Jan/2018 17:19:31 [nprobe.c:5755] WARNING: The output interfaceId is
> set to 0: did you forget to use -Q perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5758] WARNING: The input interfaceId is set
> to 0: did you forget to use -u perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5859] Welcome to nProbe v.8.2.171206
> ($Revision: 5975 $) for x86_64-pc-linux-gnu with native PF_RING acceleration
> 04/Jan/2018 17:19:31 [nprobe.c:5869] Running on Ubuntu 16.04.3 LTS
> 04/Jan/2018 17:19:31 [nprobe.c:5880] [LICENSE] nProbe SystemId:
> 9FB0563B0C001090
> 04/Jan/2018 17:19:31 [nprobe.c:5993] Sample rate [packet: 1][flow
> collection/export: 1/1]
> 04/Jan/2018 17:19:31 [nprobe.c:8432] ERROR: ******************************
> *********************************
> 04/Jan/2018 17:19:31 [nprobe.c:8433] ERROR: * NOTE: This is a DEMO version
> limited to 25000 flows export. *
> 04/Jan/2018 17:19:31 [nprobe.c:8434] ERROR: ******************************
> *********************************
> 04/Jan/2018 17:19:31 [nprobe.c:8440] Welcome to nProbe v.8.2.171206 for
> x86_64-pc-linux-gnu
> 04/Jan/2018 17:19:31 [nprobe.c:7462] You selected v9/IPFIX without
> specifying a template (-T).
> 04/Jan/2018 17:19:31 [nprobe.c:7463] The default template will be used
> 04/Jan/2018 17:19:31 [nprobe.c:7468] Using NetFlow Packet Payload Len: 1472
> 04/Jan/2018 17:19:31 [plugin.c:1155] 0 plugin(s) enabled
> 04/Jan/2018 17:19:31 [nprobe.c:7907] Each flow is 89 bytes long
> 04/Jan/2018 17:19:31 [nprobe.c:7908] The # flows per packet has been set
> to 15
> 04/Jan/2018 17:19:31 [nprobe.c:7911] IP TOS is accounted
> 04/Jan/2018 17:19:31 [nprobe.c:7937] Non IPv4/v6 traffic is discarded
> according to the template
> 04/Jan/2018 17:19:31 [util.c:440] GeoIP: loaded AS config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 04/Jan/2018 17:19:31 [util.c:451] GeoIP: loaded AS IPv6 config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 04/Jan/2018 17:19:31 [nprobe.c:6487] Using packet capture length 128
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:356] Initializing PF_RING socket on
> device ens18..
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:398] Dumping traffic statistics on
> /proc/net/pf_ring/stats/17022-ens18.15
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:463] PF_RING enabled on ens18
> 04/Jan/2018 17:19:31 [util.c:3591] nProbe changed user to 'nobody'
> 04/Jan/2018 17:19:31 [nprobe.c:8989] nProbe started successfully
> 04/Jan/2018 17:19:32 [nprobe.c:3024] WARNING: Unable to create file
> /var/log/nprobe/ens18-0_flows_stats.txt
> 04/Jan/2018 17:20:32 [nprobe.c:3024] WARNING: Unable to create file
> /var/log/nprobe/ens18-0_flows_stats.txt
>
> but none of the netflow v9 flows directed at the interface from my BGP
> router show up.
>
> ntop nBox 2.4
> Linux kernel 4.4.0-87-generic x86_64
> 2x Common KVM processor
> CPU 0 0 1 2 3
> CPU 1 4 5 6 7
> 1x Red Hat, Inc Virtio network device
>
> ntopng Version 3.2.171206 - Community Edition
> Built on Ubuntu 16.04.3 LTS
>
> sudo nprobe -v
> Welcome to nProbe v.8.2.171206 (r5975) for x86_64-pc-linux-gnu
> with native PF_RING acceleration.
> Copyright 2002-17 ntop.org
>
> sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Thanks
> --
> Arthur Stephens
> Senior Network Administrator
> Ptera Inc.
> PO Box 135
> 24001 E Mission Suite 50
> Liberty Lake, WA 99019
> 509-927-7837 <(509)%20927-7837>
> ptera.com |
> facebook.com/PteraInc | twitter.com/Ptera
> -----------------------------------------------------------
> ------------------
> "This message may contain confidential and/or propriety information, and
> is intended for the person/entity to whom it was originally addressed.
> Any use by others is strictly prohibited. Please note that any views or
> opinions presented in this email are solely those of the author and are not
> intended to represent those of the company."
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>



--
Arthur Stephens
Senior Network Administrator
Ptera Inc.
PO Box 135
24001 E Mission Suite 50
Liberty Lake, WA 99019
509-927-7837
ptera.com |
facebook.com/PteraInc | twitter.com/Ptera
-----------------------------------------------------------------------------
"This message may contain confidential and/or propriety information, and is
intended for the person/entity to whom it was originally addressed.
Any use by others is strictly prohibited. Please note that any views or
opinions presented in this email are solely those of the author and are not
intended to represent those of the company."
Re: nprobe starts and stops - no log to trouble shoot [ In reply to ]
My syslog is full of these going on continuously..

Jan 5 15:33:03 ntop systemd[1]: Stopped nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.
Jan 5 15:33:14 ntop systemd[1]: Stopped nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.
Jan 5 15:33:24 ntop systemd[1]: Stopped nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.
Jan 5 15:33:34 ntop systemd[1]: Stopped nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.
Jan 5 15:33:44 ntop systemd[1]: Stopped nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.
Jan 5 15:33:55 ntop systemd[1]: Stopped nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.
Jan 5 15:34:01 ntop CRON[22570]: (root) CMD (python
/var/ntop/utils/scheduler.py > /dev/null 2>&1)
Jan 5 15:34:05 ntop systemd[1]: Stopped nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.

On Thu, Jan 4, 2018 at 5:26 PM, Art Stephens <astephens@ptera.com> wrote:

> when starting nprobe from ntop applications the status light turns green
> then red
>
> when run ps aux | grep nprobe right after issuing sudo service nprobe start
>
> nobody 12778 14.1 0.3 343712 14740 ? Ssl 17:09 0:00
> /usr/local/bin/nprobe /run/nprobe.conf
> root 13045 0.0 0.0 26168 1340 ? S 17:09 0:00 systemctl
> stop nprobe.service
>
> I can run from console which will start but I get
> sudo /usr/local/bin/nprobe /run/nprobe-ens18.conf
> 04/Jan/2018 17:19:31 [plugin.c:187] No plugins found in ./plugins
> 04/Jan/2018 17:19:31 [plugin.c:195] Loading 23 plugins [.so] from
> /usr/local/lib/nprobe/plugins
> 04/Jan/2018 17:19:31 [nprobe.c:3784] ERROR: Invalid nProbe license
> (/etc/nprobe.license) [Missing license file]
> 04/Jan/2018 17:19:31 [nprobe.c:3791] ERROR: ******************************
> ***********************
> 04/Jan/2018 17:19:31 [nprobe.c:3792] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3793] ERROR: ** Switching to DEMO MODE
> (missing valid license) **
> 04/Jan/2018 17:19:31 [nprobe.c:3794] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3795] ERROR: ** Purchase your nProbe
> license at **
> 04/Jan/2018 17:19:31 [nprobe.c:3796] ERROR: **
> https://shop.ntop.org/ **
> 04/Jan/2018 17:19:31 [nprobe.c:3797] ERROR: **
> **
> 04/Jan/2018 17:19:31 [nprobe.c:3798] ERROR: ******************************
> ***********************
> 04/Jan/2018 17:19:31 [nprobe.c:4809] WARNING: If you want to preserve the
> -M value, please specify -w before -M
> 04/Jan/2018 17:19:31 [nprobe.c:4727] WARNING: Unable to parse sampling
> option: discarded
> 04/Jan/2018 17:19:31 [nprobe.c:5755] WARNING: The output interfaceId is
> set to 0: did you forget to use -Q perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5758] WARNING: The input interfaceId is set
> to 0: did you forget to use -u perhaps ?
> 04/Jan/2018 17:19:31 [nprobe.c:5859] Welcome to nProbe v.8.2.171206
> ($Revision: 5975 $) for x86_64-pc-linux-gnu with native PF_RING acceleration
> 04/Jan/2018 17:19:31 [nprobe.c:5869] Running on Ubuntu 16.04.3 LTS
> 04/Jan/2018 17:19:31 [nprobe.c:5880] [LICENSE] nProbe SystemId:
> 9FB0563B0C001090
> 04/Jan/2018 17:19:31 [nprobe.c:5993] Sample rate [packet: 1][flow
> collection/export: 1/1]
> 04/Jan/2018 17:19:31 [nprobe.c:8432] ERROR: ******************************
> *********************************
> 04/Jan/2018 17:19:31 [nprobe.c:8433] ERROR: * NOTE: This is a DEMO version
> limited to 25000 flows export. *
> 04/Jan/2018 17:19:31 [nprobe.c:8434] ERROR: ******************************
> *********************************
> 04/Jan/2018 17:19:31 [nprobe.c:8440] Welcome to nProbe v.8.2.171206 for
> x86_64-pc-linux-gnu
> 04/Jan/2018 17:19:31 [nprobe.c:7462] You selected v9/IPFIX without
> specifying a template (-T).
> 04/Jan/2018 17:19:31 [nprobe.c:7463] The default template will be used
> 04/Jan/2018 17:19:31 [nprobe.c:7468] Using NetFlow Packet Payload Len: 1472
> 04/Jan/2018 17:19:31 [plugin.c:1155] 0 plugin(s) enabled
> 04/Jan/2018 17:19:31 [nprobe.c:7907] Each flow is 89 bytes long
> 04/Jan/2018 17:19:31 [nprobe.c:7908] The # flows per packet has been set
> to 15
> 04/Jan/2018 17:19:31 [nprobe.c:7911] IP TOS is accounted
> 04/Jan/2018 17:19:31 [nprobe.c:7937] Non IPv4/v6 traffic is discarded
> according to the template
> 04/Jan/2018 17:19:31 [util.c:440] GeoIP: loaded AS config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 04/Jan/2018 17:19:31 [util.c:451] GeoIP: loaded AS IPv6 config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 04/Jan/2018 17:19:31 [nprobe.c:6487] Using packet capture length 128
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:356] Initializing PF_RING socket on
> device ens18..
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:398] Dumping traffic statistics on
> /proc/net/pf_ring/stats/17022-ens18.15
> 04/Jan/2018 17:19:31 [pro/pf_ring.c:463] PF_RING enabled on ens18
> 04/Jan/2018 17:19:31 [util.c:3591] nProbe changed user to 'nobody'
> 04/Jan/2018 17:19:31 [nprobe.c:8989] nProbe started successfully
> 04/Jan/2018 17:19:32 [nprobe.c:3024] WARNING: Unable to create file
> /var/log/nprobe/ens18-0_flows_stats.txt
> 04/Jan/2018 17:20:32 [nprobe.c:3024] WARNING: Unable to create file
> /var/log/nprobe/ens18-0_flows_stats.txt
>
> but none of the netflow v9 flows directed at the interface from my BGP
> router show up.
>
> ntop nBox 2.4
> Linux kernel 4.4.0-87-generic x86_64
> 2x Common KVM processor
> CPU 0 0 1 2 3
> CPU 1 4 5 6 7
> 1x Red Hat, Inc Virtio network device
>
> ntopng Version 3.2.171206 - Community Edition
> Built on Ubuntu 16.04.3 LTS
>
> sudo nprobe -v
> Welcome to nProbe v.8.2.171206 (r5975) for x86_64-pc-linux-gnu
> with native PF_RING acceleration.
> Copyright 2002-17 ntop.org
>
> sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Thanks
> --
> Arthur Stephens
> Senior Network Administrator
> Ptera Inc.
> PO Box 135
> 24001 E Mission Suite 50
> Liberty Lake, WA 99019
> 509-927-7837 <(509)%20927-7837>
> ptera.com |
> facebook.com/PteraInc | twitter.com/Ptera
> -----------------------------------------------------------
> ------------------
> "This message may contain confidential and/or propriety information, and
> is intended for the person/entity to whom it was originally addressed.
> Any use by others is strictly prohibited. Please note that any views or
> opinions presented in this email are solely those of the author and are not
> intended to represent those of the company."
>



--
Arthur Stephens
Senior Network Administrator
Ptera Inc.
PO Box 135
24001 E Mission Suite 50
Liberty Lake, WA 99019
509-927-7837
ptera.com |
facebook.com/PteraInc | twitter.com/Ptera
-----------------------------------------------------------------------------
"This message may contain confidential and/or propriety information, and is
intended for the person/entity to whom it was originally addressed.
Any use by others is strictly prohibited. Please note that any views or
opinions presented in this email are solely those of the author and are not
intended to represent those of the company."
Re: nprobe starts and stops - no log to trouble shoot [ In reply to ]
Art
for talking to ntopng you need something different

nprobe -V 9 -i ens18 --collector 127.0.0.1:2055 <http://127.0.0.1:2055/> --zmq tcp://127.0.0.1:1234 <tcp://127.0.0.1:1234>

(note that if you just need to send flows to ntopng without exporting them to the collector running at http://127.0.0.1:2055 <http://127.0.0.1:2055/>, please do nprobe -i ens18 --zmq tcp://127.0.0.1:1234 <tcp://127.0.0.1:1234>)
and

ntopng -i tcp://127.0.0.1:1234 <tcp://127.0.0.1:1234>

Regards Luca

> On 5 Jan 2018, at 23:45, Art Stephens <astephens@ptera.com> wrote:
>
> I am so confused - this is not making sence to me.
>
> I started /usr/local/bin/nprobe -V 9 -i ens18 --collector 127.0.0.1:2055 <http://127.0.0.1:2055/>
> on exit it says
> 05/Jan/2018 14:37:19 [nprobe.c:3061] Flow export stats: [33989323 bytes/35440 pkts][1934 flows/155 pkts sent]
> 05/Jan/2018 14:37:19 [nprobe.c:3071] Flow drop stats: [0 bytes/0 pkts][0 flows]
> 05/Jan/2018 14:37:19 [nprobe.c:3076] Total flow stats: [33989323 bytes/35440 pkts][1934 flows/155 pkts sent]
>
> but there is nothing in ntopng but what is coming from the network that the physical interface is on.
>
>
>
> On Fri, Jan 5, 2018 at 12:42 AM, Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>> wrote:
> Art,
>
> It looks like there's a systemctl command that is trying to stop a running nprobe instance (see pid 13045), while you are also running nprobe from the command line (see pid 12778). Make sure all the nprobe processes are stopped (possibly terminate them manually) and then try to re-start them from the nBox instance.
>
>
> Simone
>
>> On 5 Jan 2018, at 02:26, Art Stephens <astephens@ptera.com <mailto:astephens@ptera.com>> wrote:
>>
>> when starting nprobe from ntop applications the status light turns green then red
>>
>> when run ps aux | grep nprobe right after issuing sudo service nprobe start
>>
>> nobody 12778 14.1 0.3 343712 14740 ? Ssl 17:09 0:00 /usr/local/bin/nprobe /run/nprobe.conf
>> root 13045 0.0 0.0 26168 1340 ? S 17:09 0:00 systemctl stop nprobe.service
>>
>> I can run from console which will start but I get
>> sudo /usr/local/bin/nprobe /run/nprobe-ens18.conf
>> 04/Jan/2018 17:19:31 [plugin.c:187] No plugins found in ./plugins
>> 04/Jan/2018 17:19:31 [plugin.c:195] Loading 23 plugins [.so] from /usr/local/lib/nprobe/plugins
>> 04/Jan/2018 17:19:31 [nprobe.c:3784] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file]
>> 04/Jan/2018 17:19:31 [nprobe.c:3791] ERROR: *****************************************************
>> 04/Jan/2018 17:19:31 [nprobe.c:3792] ERROR: ** **
>> 04/Jan/2018 17:19:31 [nprobe.c:3793] ERROR: ** Switching to DEMO MODE (missing valid license) **
>> 04/Jan/2018 17:19:31 [nprobe.c:3794] ERROR: ** **
>> 04/Jan/2018 17:19:31 [nprobe.c:3795] ERROR: ** Purchase your nProbe license at **
>> 04/Jan/2018 17:19:31 [nprobe.c:3796] ERROR: ** https://shop.ntop.org/ <https://shop.ntop.org/> **
>> 04/Jan/2018 17:19:31 [nprobe.c:3797] ERROR: ** **
>> 04/Jan/2018 17:19:31 [nprobe.c:3798] ERROR: *****************************************************
>> 04/Jan/2018 17:19:31 [nprobe.c:4809] WARNING: If you want to preserve the -M value, please specify -w before -M
>> 04/Jan/2018 17:19:31 [nprobe.c:4727] WARNING: Unable to parse sampling option: discarded
>> 04/Jan/2018 17:19:31 [nprobe.c:5755] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
>> 04/Jan/2018 17:19:31 [nprobe.c:5758] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
>> 04/Jan/2018 17:19:31 [nprobe.c:5859] Welcome to nProbe v.8.2.171206 ($Revision: 5975 $) for x86_64-pc-linux-gnu with native PF_RING acceleration
>> 04/Jan/2018 17:19:31 [nprobe.c:5869] Running on Ubuntu 16.04.3 LTS
>> 04/Jan/2018 17:19:31 [nprobe.c:5880] [LICENSE] nProbe SystemId: 9FB0563B0C001090
>> 04/Jan/2018 17:19:31 [nprobe.c:5993] Sample rate [packet: 1][flow collection/export: 1/1]
>> 04/Jan/2018 17:19:31 [nprobe.c:8432] ERROR: ***************************************************************
>> 04/Jan/2018 17:19:31 [nprobe.c:8433] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
>> 04/Jan/2018 17:19:31 [nprobe.c:8434] ERROR: ***************************************************************
>> 04/Jan/2018 17:19:31 [nprobe.c:8440] Welcome to nProbe v.8.2.171206 for x86_64-pc-linux-gnu
>> 04/Jan/2018 17:19:31 [nprobe.c:7462] You selected v9/IPFIX without specifying a template (-T).
>> 04/Jan/2018 17:19:31 [nprobe.c:7463] The default template will be used
>> 04/Jan/2018 17:19:31 [nprobe.c:7468] Using NetFlow Packet Payload Len: 1472
>> 04/Jan/2018 17:19:31 [plugin.c:1155] 0 plugin(s) enabled
>> 04/Jan/2018 17:19:31 [nprobe.c:7907] Each flow is 89 bytes long
>> 04/Jan/2018 17:19:31 [nprobe.c:7908] The # flows per packet has been set to 15
>> 04/Jan/2018 17:19:31 [nprobe.c:7911] IP TOS is accounted
>> 04/Jan/2018 17:19:31 [nprobe.c:7937] Non IPv4/v6 traffic is discarded according to the template
>> 04/Jan/2018 17:19:31 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>> 04/Jan/2018 17:19:31 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
>> 04/Jan/2018 17:19:31 [nprobe.c:6487] Using packet capture length 128
>> 04/Jan/2018 17:19:31 [pro/pf_ring.c:356] Initializing PF_RING socket on device ens18..
>> 04/Jan/2018 17:19:31 [pro/pf_ring.c:398] Dumping traffic statistics on /proc/net/pf_ring/stats/17022-ens18.15
>> 04/Jan/2018 17:19:31 [pro/pf_ring.c:463] PF_RING enabled on ens18
>> 04/Jan/2018 17:19:31 [util.c:3591] nProbe changed user to 'nobody'
>> 04/Jan/2018 17:19:31 [nprobe.c:8989] nProbe started successfully
>> 04/Jan/2018 17:19:32 [nprobe.c:3024] WARNING: Unable to create file /var/log/nprobe/ens18-0_flows_stats.txt
>> 04/Jan/2018 17:20:32 [nprobe.c:3024] WARNING: Unable to create file /var/log/nprobe/ens18-0_flows_stats.txt
>>
>> but none of the netflow v9 flows directed at the interface from my BGP router show up.
>>
>> ntop nBox 2.4
>> Linux kernel 4.4.0-87-generic x86_64
>> 2x Common KVM processor
>> CPU 0 0 1 2 3
>> CPU 1 4 5 6 7
>> 1x Red Hat, Inc Virtio network device
>>
>> ntopng Version 3.2.171206 - Community Edition
>> Built on Ubuntu 16.04.3 LTS
>>
>> sudo nprobe -v
>> Welcome to nProbe v.8.2.171206 (r5975) for x86_64-pc-linux-gnu
>> with native PF_RING acceleration.
>> Copyright 2002-17 ntop.org <http://ntop.org/>
>>
>> sudo iptables -L
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> Thanks
>> --
>> Arthur Stephens
>> Senior Network Administrator
>> Ptera Inc.
>> PO Box 135
>> 24001 E Mission Suite 50
>> Liberty Lake, WA 99019
>> 509-927-7837 <tel:(509)%20927-7837>
>> ptera.com <http://ptera.com/> |
>> facebook.com/PteraInc <http://facebook.com/PteraInc> | twitter.com/Ptera <http://twitter.com/Ptera> -----------------------------------------------------------------------------
>> "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed.
>> Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company."
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
>
>
> --
> Arthur Stephens
> Senior Network Administrator
> Ptera Inc.
> PO Box 135
> 24001 E Mission Suite 50
> Liberty Lake, WA 99019
> 509-927-7837
> ptera.com <http://ptera.com/> |
> facebook.com/PteraInc <http://facebook.com/PteraInc> | twitter.com/Ptera <http://twitter.com/Ptera> -----------------------------------------------------------------------------
> "This message may contain confidential and/or propriety information, and is intended for the person/entity to whom it was originally addressed.
> Any use by others is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company."
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop