Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
No countries, operating sytems and http servers
ntop at gnw
Jan 15, 2018, 5:15 AM
Post #1 of 4 (795 views)
Permalink
Hi!

We're unable to display countries, operating systems and http servers.
Don't know, if related but geomap show only current location ( API
installed ).Running latest ntop/nprobe Enterprise.

Nprobe:

15/Jan/2018 12:22:15 [nprobe.c:3812] Valid nProbe Pro license found
15/Jan/2018 12:22:15 [util.c:440] GeoIP: loaded AS config file
/usr/local/nprobe/GeoIPASNum.dat
15/Jan/2018 12:22:15 [util.c:451] GeoIP: loaded AS IPv6 config file
/usr/local/nprobe/GeoIPASNumv6.dat
15/Jan/2018 12:22:15 [util.c:480] GeoIP: loaded cities config file
/usr/local/nprobe/GeoLiteCity.dat
15/Jan/2018 12:22:15 [util.c:490] GeoIP: loaded IPv6 cities config file
/usr/local/nprobe/GeoLiteCityv6.dat
15/Jan/2018 12:22:15 [nprobe.c:5767] WARNING: The output interfaceId is
set to 0: did you forget to use -Q perhaps ?
15/Jan/2018 12:22:15 [nprobe.c:5770] WARNING: The input interfaceId is
set to 0: did you forget to use -u perhaps ?
15/Jan/2018 12:22:15 [nprobe.c:5871] Welcome to nProbe Pro v.8.3.180104
($Revision: 6022 $) for x86_64-pc-linux-gnu with native PF_RING
acceleration
15/Jan/2018 12:22:15 [nprobe.c:5881] Running on Debian GNU/Linux 9.1
(stretch)
15/Jan/2018 12:22:15 [nprobe.c:5892] [LICENSE] nProbe SystemId:
78CB2DFBB206AB13
15/Jan/2018 12:22:15 [nprobe.c:6005] Sample rate [packet: 1][flow
collection/export: 1/1]
15/Jan/2018 12:22:15 [nprobe.c:8456] Welcome to nProbe v.8.3.180104 for
x86_64-pc-linux-gnu
15/Jan/2018 12:22:15 [nprobe.c:7356] GEO-533LITE 20180102 Build 1
Copyright (c) 2018 MaxMind Inc All Rights Reser
15/Jan/2018 12:22:15 [nprobe.c:7358] GEO-117 20171230 Build 1 Copyright
(c) 2017 MaxMind Inc All Rights Reser
15/Jan/2018 12:22:15 [nprobe.c:7482] Using NetFlow Packet Payload Len:
1472
15/Jan/2018 12:22:15 [nprobe.c:7378] WARNING: Adding
%EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector
15/Jan/2018 12:22:15 [plugin.c:1155] 0 plugin(s) enabled
15/Jan/2018 12:22:15 [nprobe.c:7921] Each flow is 106 bytes long
15/Jan/2018 12:22:15 [nprobe.c:7922] The # flows per packet has been set
to 12
15/Jan/2018 12:22:15 [nprobe.c:7925] IP TOS is accounted
15/Jan/2018 12:22:15 [nprobe.c:7951] Non IPv4/v6 traffic is discarded
according to the template
15/Jan/2018 12:22:15 [nprobe.c:8788] Not capturing packet from interface
(collector mode)
15/Jan/2018 12:22:15 [util.c:4513] Initializing ZMQ as server
15/Jan/2018 12:22:15 [util.c:4556] Succesfully created ZMQ endpoint
tcp://127.0.0.1:5556
15/Jan/2018 12:22:15 [util.c:3591] nProbe changed user to 'nobody'
15/Jan/2018 12:22:15 [collect.c:144] Flow collector listening on port
2055 (IPv4/v6)
15/Jan/2018 12:22:15 [nprobe.c:9005] nProbe started successfully

Ntopng:

ntopng --max-num-hosts "100000" --https-port "3001" --local-networks
"X.X.X.X/X" --dump-flows "mysql;localhost;ntopng;flows;ntopng;XXXX"
--interface "tcp://127.0.0.1:5556" --interface "eno1"

Thanks in advance,
A.


_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: No countries, operating sytems and http servers [ In reply to ]
ntop at gnw
Jan 15, 2018, 11:29 PM
Post #2 of 4 (794 views)
Permalink
Well, seem like stable is working ok - execept operating systems and
http servers.

A.

2018-01-15 15:15 kirjutas support-nt:
> Hi!
>
> We're unable to display countries, operating systems and http servers.
> Don't know, if related but geomap show only current location ( API
> installed ).Running latest ntop/nprobe Enterprise.
>
> Nprobe:
>
> 15/Jan/2018 12:22:15 [nprobe.c:3812] Valid nProbe Pro license found
> 15/Jan/2018 12:22:15 [util.c:440] GeoIP: loaded AS config file
> /usr/local/nprobe/GeoIPASNum.dat
> 15/Jan/2018 12:22:15 [util.c:451] GeoIP: loaded AS IPv6 config file
> /usr/local/nprobe/GeoIPASNumv6.dat
> 15/Jan/2018 12:22:15 [util.c:480] GeoIP: loaded cities config file
> /usr/local/nprobe/GeoLiteCity.dat
> 15/Jan/2018 12:22:15 [util.c:490] GeoIP: loaded IPv6 cities config
> file /usr/local/nprobe/GeoLiteCityv6.dat
> 15/Jan/2018 12:22:15 [nprobe.c:5767] WARNING: The output interfaceId
> is set to 0: did you forget to use -Q perhaps ?
> 15/Jan/2018 12:22:15 [nprobe.c:5770] WARNING: The input interfaceId is
> set to 0: did you forget to use -u perhaps ?
> 15/Jan/2018 12:22:15 [nprobe.c:5871] Welcome to nProbe Pro
> v.8.3.180104 ($Revision: 6022 $) for x86_64-pc-linux-gnu with native
> PF_RING acceleration
> 15/Jan/2018 12:22:15 [nprobe.c:5881] Running on Debian GNU/Linux 9.1
> (stretch)
> 15/Jan/2018 12:22:15 [nprobe.c:5892] [LICENSE] nProbe SystemId:
> 78CB2DFBB206AB13
> 15/Jan/2018 12:22:15 [nprobe.c:6005] Sample rate [packet: 1][flow
> collection/export: 1/1]
> 15/Jan/2018 12:22:15 [nprobe.c:8456] Welcome to nProbe v.8.3.180104
> for x86_64-pc-linux-gnu
> 15/Jan/2018 12:22:15 [nprobe.c:7356] GEO-533LITE 20180102 Build 1
> Copyright (c) 2018 MaxMind Inc All Rights Reser
> 15/Jan/2018 12:22:15 [nprobe.c:7358] GEO-117 20171230 Build 1
> Copyright (c) 2017 MaxMind Inc All Rights Reser
> 15/Jan/2018 12:22:15 [nprobe.c:7482] Using NetFlow Packet Payload Len:
> 1472
> 15/Jan/2018 12:22:15 [nprobe.c:7378] WARNING: Adding
> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as
> collector
> 15/Jan/2018 12:22:15 [plugin.c:1155] 0 plugin(s) enabled
> 15/Jan/2018 12:22:15 [nprobe.c:7921] Each flow is 106 bytes long
> 15/Jan/2018 12:22:15 [nprobe.c:7922] The # flows per packet has been
> set to 12
> 15/Jan/2018 12:22:15 [nprobe.c:7925] IP TOS is accounted
> 15/Jan/2018 12:22:15 [nprobe.c:7951] Non IPv4/v6 traffic is discarded
> according to the template
> 15/Jan/2018 12:22:15 [nprobe.c:8788] Not capturing packet from
> interface (collector mode)
> 15/Jan/2018 12:22:15 [util.c:4513] Initializing ZMQ as server
> 15/Jan/2018 12:22:15 [util.c:4556] Succesfully created ZMQ endpoint
> tcp://127.0.0.1:5556
> 15/Jan/2018 12:22:15 [util.c:3591] nProbe changed user to 'nobody'
> 15/Jan/2018 12:22:15 [collect.c:144] Flow collector listening on port
> 2055 (IPv4/v6)
> 15/Jan/2018 12:22:15 [nprobe.c:9005] nProbe started successfully
>
> Ntopng:
>
> ntopng --max-num-hosts "100000" --https-port "3001" --local-networks
> "X.X.X.X/X" --dump-flows "mysql;localhost;ntopng;flows;ntopng;XXXX"
> --interface "tcp://127.0.0.1:5556" --interface "eno1"
>
> Thanks in advance,
> A.
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: No countries, operating sytems and http servers [ In reply to ]
faranda at ntop
Jan 17, 2018, 1:35 AM
Post #3 of 4 (792 views)
Permalink
Hi,

You are receiving flows from nprobe so ntopng cannot figure out the
operating system of your hosts.

We currently do not have a report for http servers. Regarding the top
countries issue, if you go into the Hosts -> Countries menu, can you
see the countries for your active hosts or you get a "No Results Found"?

What ntopng version are you using? If possible, please open an issue on
our github page https://github.com/ntop/ntopng so that we can keep
track of it.

Regards,
Emanuele

On Tue, Jan 16, 2018 at 8:29 AM, support-nt <ntop@gnw.ee> wrote:
> Well, seem like stable is working ok - execept operating systems and
> http servers.
>
> A.
>
> 2018-01-15 15:15 kirjutas support-nt:
>> Hi!
>>
>> We're unable to display countries, operating systems and http
>> servers.
>> Don't know, if related but geomap show only current location ( API
>> installed ).Running latest ntop/nprobe Enterprise.
>>
>> Nprobe:
>>
>> 15/Jan/2018 12:22:15 [nprobe.c:3812] Valid nProbe Pro license found
>> 15/Jan/2018 12:22:15 [util.c:440] GeoIP: loaded AS config file
>> /usr/local/nprobe/GeoIPASNum.dat
>> 15/Jan/2018 12:22:15 [util.c:451] GeoIP: loaded AS IPv6 config file
>> /usr/local/nprobe/GeoIPASNumv6.dat
>> 15/Jan/2018 12:22:15 [util.c:480] GeoIP: loaded cities config file
>> /usr/local/nprobe/GeoLiteCity.dat
>> 15/Jan/2018 12:22:15 [util.c:490] GeoIP: loaded IPv6 cities config
>> file /usr/local/nprobe/GeoLiteCityv6.dat
>> 15/Jan/2018 12:22:15 [nprobe.c:5767] WARNING: The output interfaceId
>> is set to 0: did you forget to use -Q perhaps ?
>> 15/Jan/2018 12:22:15 [nprobe.c:5770] WARNING: The input interfaceId
>> is
>> set to 0: did you forget to use -u perhaps ?
>> 15/Jan/2018 12:22:15 [nprobe.c:5871] Welcome to nProbe Pro
>> v.8.3.180104 ($Revision: 6022 $) for x86_64-pc-linux-gnu with native
>> PF_RING acceleration
>> 15/Jan/2018 12:22:15 [nprobe.c:5881] Running on Debian GNU/Linux 9.1
>> (stretch)
>> 15/Jan/2018 12:22:15 [nprobe.c:5892] [LICENSE] nProbe SystemId:
>> 78CB2DFBB206AB13
>> 15/Jan/2018 12:22:15 [nprobe.c:6005] Sample rate [packet: 1][flow
>> collection/export: 1/1]
>> 15/Jan/2018 12:22:15 [nprobe.c:8456] Welcome to nProbe v.8.3.180104
>> for x86_64-pc-linux-gnu
>> 15/Jan/2018 12:22:15 [nprobe.c:7356] GEO-533LITE 20180102 Build 1
>> Copyright (c) 2018 MaxMind Inc All Rights Reser
>> 15/Jan/2018 12:22:15 [nprobe.c:7358] GEO-117 20171230 Build 1
>> Copyright (c) 2017 MaxMind Inc All Rights Reser
>> 15/Jan/2018 12:22:15 [nprobe.c:7482] Using NetFlow Packet Payload
>> Len: 1472
>> 15/Jan/2018 12:22:15 [nprobe.c:7378] WARNING: Adding
>> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as
>> collector
>> 15/Jan/2018 12:22:15 [plugin.c:1155] 0 plugin(s) enabled
>> 15/Jan/2018 12:22:15 [nprobe.c:7921] Each flow is 106 bytes long
>> 15/Jan/2018 12:22:15 [nprobe.c:7922] The # flows per packet has been
>> set to 12
>> 15/Jan/2018 12:22:15 [nprobe.c:7925] IP TOS is accounted
>> 15/Jan/2018 12:22:15 [nprobe.c:7951] Non IPv4/v6 traffic is discarded
>> according to the template
>> 15/Jan/2018 12:22:15 [nprobe.c:8788] Not capturing packet from
>> interface (collector mode)
>> 15/Jan/2018 12:22:15 [util.c:4513] Initializing ZMQ as server
>> 15/Jan/2018 12:22:15 [util.c:4556] Succesfully created ZMQ endpoint
>> tcp://127.0.0.1:5556
>> 15/Jan/2018 12:22:15 [util.c:3591] nProbe changed user to 'nobody'
>> 15/Jan/2018 12:22:15 [collect.c:144] Flow collector listening on port
>> 2055 (IPv4/v6)
>> 15/Jan/2018 12:22:15 [nprobe.c:9005] nProbe started successfully
>>
>> Ntopng:
>>
>> ntopng --max-num-hosts "100000" --https-port "3001" --local-networks
>> "X.X.X.X/X" --dump-flows "mysql;localhost;ntopng;flows;ntopng;XXXX"
>> --interface "tcp://127.0.0.1:5556" --interface "eno1"
>>
>> Thanks in advance,
>> A.
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: No countries, operating sytems and http servers [ In reply to ]
faranda at ntop
Jan 17, 2018, 1:35 AM
Post #4 of 4 (792 views)
Permalink
Hi,

You are receiving flows from nprobe so ntopng cannot figure out the
operating system of your hosts.

We currently do not have a report for http servers. Regarding the top
countries issue, if you go into the Hosts -> Countries menu, can you
see the countries for your active hosts or you get a "No Results Found"?

What ntopng version are you using? If possible, please open an issue on
our github page https://github.com/ntop/ntopng so that we can keep
track of it.

Regards,
Emanuele

On Tue, Jan 16, 2018 at 8:29 AM, support-nt <ntop@gnw.ee> wrote:
> Well, seem like stable is working ok - execept operating systems and
> http servers.
>
> A.
>
> 2018-01-15 15:15 kirjutas support-nt:
>> Hi!
>>
>> We're unable to display countries, operating systems and http
>> servers.
>> Don't know, if related but geomap show only current location ( API
>> installed ).Running latest ntop/nprobe Enterprise.
>>
>> Nprobe:
>>
>> 15/Jan/2018 12:22:15 [nprobe.c:3812] Valid nProbe Pro license found
>> 15/Jan/2018 12:22:15 [util.c:440] GeoIP: loaded AS config file
>> /usr/local/nprobe/GeoIPASNum.dat
>> 15/Jan/2018 12:22:15 [util.c:451] GeoIP: loaded AS IPv6 config file
>> /usr/local/nprobe/GeoIPASNumv6.dat
>> 15/Jan/2018 12:22:15 [util.c:480] GeoIP: loaded cities config file
>> /usr/local/nprobe/GeoLiteCity.dat
>> 15/Jan/2018 12:22:15 [util.c:490] GeoIP: loaded IPv6 cities config
>> file /usr/local/nprobe/GeoLiteCityv6.dat
>> 15/Jan/2018 12:22:15 [nprobe.c:5767] WARNING: The output interfaceId
>> is set to 0: did you forget to use -Q perhaps ?
>> 15/Jan/2018 12:22:15 [nprobe.c:5770] WARNING: The input interfaceId
>> is
>> set to 0: did you forget to use -u perhaps ?
>> 15/Jan/2018 12:22:15 [nprobe.c:5871] Welcome to nProbe Pro
>> v.8.3.180104 ($Revision: 6022 $) for x86_64-pc-linux-gnu with native
>> PF_RING acceleration
>> 15/Jan/2018 12:22:15 [nprobe.c:5881] Running on Debian GNU/Linux 9.1
>> (stretch)
>> 15/Jan/2018 12:22:15 [nprobe.c:5892] [LICENSE] nProbe SystemId:
>> 78CB2DFBB206AB13
>> 15/Jan/2018 12:22:15 [nprobe.c:6005] Sample rate [packet: 1][flow
>> collection/export: 1/1]
>> 15/Jan/2018 12:22:15 [nprobe.c:8456] Welcome to nProbe v.8.3.180104
>> for x86_64-pc-linux-gnu
>> 15/Jan/2018 12:22:15 [nprobe.c:7356] GEO-533LITE 20180102 Build 1
>> Copyright (c) 2018 MaxMind Inc All Rights Reser
>> 15/Jan/2018 12:22:15 [nprobe.c:7358] GEO-117 20171230 Build 1
>> Copyright (c) 2017 MaxMind Inc All Rights Reser
>> 15/Jan/2018 12:22:15 [nprobe.c:7482] Using NetFlow Packet Payload
>> Len: 1472
>> 15/Jan/2018 12:22:15 [nprobe.c:7378] WARNING: Adding
>> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as
>> collector
>> 15/Jan/2018 12:22:15 [plugin.c:1155] 0 plugin(s) enabled
>> 15/Jan/2018 12:22:15 [nprobe.c:7921] Each flow is 106 bytes long
>> 15/Jan/2018 12:22:15 [nprobe.c:7922] The # flows per packet has been
>> set to 12
>> 15/Jan/2018 12:22:15 [nprobe.c:7925] IP TOS is accounted
>> 15/Jan/2018 12:22:15 [nprobe.c:7951] Non IPv4/v6 traffic is discarded
>> according to the template
>> 15/Jan/2018 12:22:15 [nprobe.c:8788] Not capturing packet from
>> interface (collector mode)
>> 15/Jan/2018 12:22:15 [util.c:4513] Initializing ZMQ as server
>> 15/Jan/2018 12:22:15 [util.c:4556] Succesfully created ZMQ endpoint
>> tcp://127.0.0.1:5556
>> 15/Jan/2018 12:22:15 [util.c:3591] nProbe changed user to 'nobody'
>> 15/Jan/2018 12:22:15 [collect.c:144] Flow collector listening on port
>> 2055 (IPv4/v6)
>> 15/Jan/2018 12:22:15 [nprobe.c:9005] nProbe started successfully
>>
>> Ntopng:
>>
>> ntopng --max-num-hosts "100000" --https-port "3001" --local-networks
>> "X.X.X.X/X" --dump-flows "mysql;localhost;ntopng;flows;ntopng;XXXX"
>> --interface "tcp://127.0.0.1:5556" --interface "eno1"
>>
>> Thanks in advance,
>> A.
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal