Mailing List Archive: syslog integration (Suricon 2019) throws an error

syslog integration (Suricon 2019) throws an error

Nov 18, 2019, 6:05 AM

Post #1 of 4 (915 views)

Hi,

I viewed the recording of Suricon 2019 and tried to add syslog interface
to ntopng, but it always fails:

[...]

Nov 18 14:23:17 collector ntopng[5983]: 18/Nov/2019 14:23:17
[Ntop.cpp:1994] Registered interface eth0 [id: 0]
Nov 18 14:23:18 collector ntopng: [main.cpp:239] ERROR: An exception
occurred during syslog://10.24.64.12:9999 interface creation[19]: No
such device
Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18
[main.cpp:239] ERROR: An exception occurred during
syslog://10.24.64.12:9999 interface creation[19]: No such device
Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18
[main.cpp:302] PID stored in file /var/run/ntopng.pid
Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18
[Utils.cpp:592] User changed to ntopng
Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18
[HTTPserver.cpp:1199] Web server dirs
[/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18
[HTTPserver.cpp:1202] HTTP server listening on 3000

[...]

Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18
[Ntop.cpp:403] Welcome to ntopng x86_64 v.3.8.191111 - (C) 1998-18 ntop.org
Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18
[Ntop.cpp:413] Built on Debian GNU/Linux 9.1 (stretch)

I also tried with latest FreeBSD release which also breaks same way. My
config looks like this:

#cat /etc/ntopng/ntopng.conf | grep -v "#"

-G=/var/run/ntopng.pid
-i=eth0
-i=syslog://10.24.64.12:9999

Any idea what went wrong?

Best,

Michael

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: syslog integration (Suricon 2019) throws an error [ In reply to ]

mainardi at ntop

Nov 18, 2019, 7:57 AM

Post #2 of 4 (914 views)

Permalink

Hi,

> On 18 Nov 2019, at 15:05, Muenz, Michael <m.muenz@spam-fetish.org> wrote:
>
> Hi,
>
> I viewed the recording of Suricon 2019 and tried to add syslog interface to ntopng, but it always fails:
>
> [...]
>
> Nov 18 14:23:17 collector ntopng[5983]: 18/Nov/2019 14:23:17 [Ntop.cpp:1994] Registered interface eth0 [id: 0]
> Nov 18 14:23:18 collector ntopng: [main.cpp:239] ERROR: An exception occurred during syslog://10.24.64.12:9999 interface creation[19]: No such device
> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [main.cpp:239] ERROR: An exception occurred during syslog://10.24.64.12:9999 interface creation[19]: No such device
> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [main.cpp:302] PID stored in file /var/run/ntopng.pid
> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [Utils.cpp:592] User changed to ntopng
> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [HTTPserver.cpp:1199] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [HTTPserver.cpp:1202] HTTP server listening on 3000
>
> [...]
>
> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [Ntop.cpp:403] Welcome to ntopng x86_64 v.3.8.191111 - (C) 1998-18 ntop.org

Suricata integration is part of the latest ntopng 3.9 dev. Please, update from 3.8 to 3.9.

Regards,

Simone

> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [Ntop.cpp:413] Built on Debian GNU/Linux 9.1 (stretch)
>
>
> I also tried with latest FreeBSD release which also breaks same way. My config looks like this:
>
> #cat /etc/ntopng/ntopng.conf | grep -v "#"
>
> -G=/var/run/ntopng.pid
> -i=eth0
> -i=syslog://10.24.64.12:9999
>
> Any idea what went wrong?
>
>
> Best,
>
> Michael
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: syslog integration (Suricon 2019) throws an error [ In reply to ]

mainardi at ntop

Nov 18, 2019, 7:57 AM

Post #3 of 4 (914 views)

Permalink

Re: syslog integration (Suricon 2019) throws an error [ In reply to ]

m.muenz at spam-fetish

Nov 19, 2019, 1:46 AM

Post #4 of 4 (909 views)

Permalink

Am 18.11.2019 um 16:57 schrieb Simone Mainardi:
> Hi,
>
>> On 18 Nov 2019, at 15:05, Muenz, Michael <m.muenz@spam-fetish.org> wrote:
>>
>> Hi,
>>
>> I viewed the recording of Suricon 2019 and tried to add syslog interface to ntopng, but it always fails:
>>
>> [...]
>>
>> Nov 18 14:23:17 collector ntopng[5983]: 18/Nov/2019 14:23:17 [Ntop.cpp:1994] Registered interface eth0 [id: 0]
>> Nov 18 14:23:18 collector ntopng: [main.cpp:239] ERROR: An exception occurred during syslog://10.24.64.12:9999 interface creation[19]: No such device
>> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [main.cpp:239] ERROR: An exception occurred during syslog://10.24.64.12:9999 interface creation[19]: No such device
>> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [main.cpp:302] PID stored in file /var/run/ntopng.pid
>> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [Utils.cpp:592] User changed to ntopng
>> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [HTTPserver.cpp:1199] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
>> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [HTTPserver.cpp:1202] HTTP server listening on 3000
>>
>> [...]
>>
>> Nov 18 14:23:18 collector ntopng[5983]: 18/Nov/2019 14:23:18 [Ntop.cpp:403] Welcome to ntopng x86_64 v.3.8.191111 - (C) 1998-18 ntop.org
> Suricata integration is part of the latest ntopng 3.9 dev. Please, update from 3.8 to 3.9.
>
> Regards,
>
> Simone
>
Hi Simone,

With 3.9 I can see the correct interface, thanks!

Already saw Luca updating the documentation with version hint. :)

Best,

Michael

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop