Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
Ntopng stop collecting flows
bsd at todoo
Jun 26, 2019, 3:43 AM
Post #1 of 2 (464 views)
Permalink
Hello,

We have installed ntopng and nrpobe

The selected config is the following :

1FW device (softflowd) --> export to --> port 2055 (nprobe) --> zmq="tcp://*:2056" --> ntopng tcp://127.0.0.1:2056


I have couple of problem with the install:


## Pb 1 : flow stops to get collected ##

1. upon startup flow get collected "ok" for couple of minutes
2. …then they stop !
3. If I restart the nprobe / ntopng -- they got collected for couple of minutes and stop again!

Maybe It is a licence problem ?
This is not very clear.


## pb 2 : VLAN flow tagging ##

We are trying to classify flows exported from the FW based on the VLAN they originated from.
This feature looks nice and would allow us to have a "per VLAN" vision of the flows

No matter how hard we try, We only got one VLAN (0)
Maybe this is also related to some licence issues…


## Pb 3 : probe licence ##

It is not yet very clear to me if we need one nprobe licence per firewall
…or if It is ok to send all flows to one nprobe


Thanks for your help.

G.B.
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Ntopng stop collecting flows [ In reply to ]
mainardi at ntop
Jun 26, 2019, 3:50 AM
Post #2 of 2 (464 views)
Permalink
Hi

> On 26 Jun 2019, at 12:43, bsd@todoo.biz wrote:
>
> Hello,
>
> We have installed ntopng and nrpobe
>
> The selected config is the following :
>
> 1FW device (softflowd) --> export to --> port 2055 (nprobe) --> zmq="tcp://*:2056" --> ntopng tcp://127.0.0.1:2056
>
>
> I have couple of problem with the install:
>
>
> ## Pb 1 : flow stops to get collected ##
>
> 1. upon startup flow get collected "ok" for couple of minutes
> 2. …then they stop !
> 3. If I restart the nprobe / ntopng -- they got collected for couple of minutes and stop again!
>
> Maybe It is a licence problem ?
> This is not very clear.

Correct. nProbe tells you the status/validity of the license upon startup. Without license, it will just export the first 25k flows and then stops.

>
>
> ## pb 2 : VLAN flow tagging ##
>
> We are trying to classify flows exported from the FW based on the VLAN they originated from.
> This feature looks nice and would allow us to have a "per VLAN" vision of the flows
>
> No matter how hard we try, We only got one VLAN (0)
> Maybe this is also related to some licence issues…

Use nProbe template -T "@NTOPNG@" which also contains VLAN information. Assuming your softflowd is exporting VLANs in the NetFlow, then you'll see them straight into ntopng.

>
>
> ## Pb 3 : probe licence ##
>
> It is not yet very clear to me if we need one nprobe licence per firewall
> …or if It is ok to send all flows to one nprobe

nprobe license is per machine and it does not depend on the number of firewalls it's collecting from.


Simone

>
>
> Thanks for your help.
>
> G.B.
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal