Mailing List Archive

Hi,

Sure you can do that on the same machine.

This is a basic configuration of nProbe and ntopng is as follows:

./nprobe -i <mirrored interface> -n <ip address of elastiflow>:<port of elastiflow> -V <elastiflow netflow version> --zmq tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>
./ntopng -i tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556> -m <one or more subnets of interest>

<ip address of elastiflow>:<port of elastiflow> is where elastiflow is listening for incoming netflow
<elastiflow netflow version> is the netflow version elastiflow is expecting
<one or more subnets of interest> a comma separated list of networks, eg., "192.168.2.0/24, 192.168.3.0/24"

Regards,
Simone

> On 1 Aug 2018, at 10:47, Victor Hooi <victorhooi@yahoo.com> wrote:
>
> Hi,
>
> We have a small office network, and I'm hoping to use both nProbe and ntopng to analyse our traffic.
>
> The plan is to use our switch to mirror the outgoing WAN port to another port on the switch - and then connect this to the second NIC on the nProbe/ntopng machine. We can then use nProbe to send the traffic as Netflow data to Elastiflow (https://github.com/robcowart/elastiflow <https://github.com/robcowart/elastiflow>), and also analyse it on the box itself via ntopng.
>
> Is something like this possible on the same machine? What is the best way of setting this up?
>
> Regards,
> Victor
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Hi,

Sure you can do that on the same machine.

This is a basic configuration of nProbe and ntopng is as follows:

./nprobe -i <mirrored interface> -n <ip address of elastiflow>:<port of elastiflow> -V <elastiflow netflow version> --zmq tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>
./ntopng -i tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556> -m <one or more subnets of interest>

<ip address of elastiflow>:<port of elastiflow> is where elastiflow is listening for incoming netflow
<elastiflow netflow version> is the netflow version elastiflow is expecting
<one or more subnets of interest> a comma separated list of networks, eg., "192.168.2.0/24, 192.168.3.0/24"

Regards,
Simone

> On 1 Aug 2018, at 10:47, Victor Hooi <victorhooi@yahoo.com> wrote:
>
> Hi,
>
> We have a small office network, and I'm hoping to use both nProbe and ntopng to analyse our traffic.
>
> The plan is to use our switch to mirror the outgoing WAN port to another port on the switch - and then connect this to the second NIC on the nProbe/ntopng machine. We can then use nProbe to send the traffic as Netflow data to Elastiflow (https://github.com/robcowart/elastiflow <https://github.com/robcowart/elastiflow>), and also analyse it on the box itself via ntopng.
>
> Is something like this possible on the same machine? What is the best way of setting this up?
>
> Regards,
> Victor
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Victor
yes you can collapse both apps on the same box, but make sure you
understand that the main cost (in terms of CPU and memory will be ELK)

Please see
https://www.ntop.org/nprobe/network-monitoring-101-a-beginners-guide-to-understanding-ntop-tools/

Regards Luca
 
On 08/01/2018 10:47 AM, Victor Hooi wrote:
> Hi,
>
> We have a small office network, and I'm hoping to use both nProbe and
> ntopng to analyse our traffic.
>
> The plan is to use our switch to mirror the outgoing WAN port to
> another port on the switch - and then connect this to the second NIC
> on the nProbe/ntopng machine. We can then use nProbe to send the
> traffic as Netflow data to Elastiflow
> (https://github.com/robcowart/elastiflow), and also analyse it on the
> box itself via ntopng.
>
> Is something like this possible on the same machine? What is the best
> way of setting this up?
>
> Regards,
> Victor
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop