Mailing List Archive

Background:

New system - running compiled 3.8.1 with nDPI 3.0 (both from git). Ntopng works properly via the web interface. However, it appears that the IP addresses in the mysql database appear as integers - however the web interface renders them properly.

If I do a table lookup in Grafana - I end up with integers.

What did I do wrong?

christina phillips / Director, IT Security Practice
Independent Network Consultants
e: cphillips@inei.com<mailto:cphillips@inei.com> m: 703.626.0385
http://incsecurity.wordpress.com<http://incsecurity.wordpress.com/>
Twitter: https://twitter.com/ITSecurityNinja
LinkedIn: www.linkedin.com/in/ChristinaPMBA<http://www.linkedin.com/in/ChristinaPMBA>

Hi Christina,

You're not doing anything wrong :-)

Ntopng stores ip addresses as 32-bit long, it's far more efficient in several ways.
AFAIK Grafana has no tools which will directly help you, but the following may be a route forwards;

Ultimately a Grafana query is just a SQL query when pulling data from MySQL, and MySQL has functions for converting long integers into dotted notation IP addresses and vice versa.
So you could tweak your select statements to apply the function to data coming from MySQL.

Look for INET_NTOA, INET_ATON, INET6_NTOA, INET6_ATON functions
https://dev.mysql.com/doc/refman/8.0/en/miscellaneous-functions.html

HTH
Dariush

From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Christina Phillips
Sent: 29 April 2020 15:37
To: ntop@listgateway.unipi.it; ntop@unipi.it
Subject: [Ntop] exporting ntopng to mysql

ATTENTION: External email - This message has been sent from outside LV=.
Background:

New system - running compiled 3.8.1 with nDPI 3.0 (both from git). Ntopng works properly via the web interface. However, it appears that the IP addresses in the mysql database appear as integers - however the web interface renders them properly.

If I do a table lookup in Grafana - I end up with integers.

What did I do wrong?

christina phillips / Director, IT Security Practice
Independent Network Consultants
e: cphillips@inei.com<mailto:cphillips@inei.com> m: 703.626.0385
http://incsecurity.wordpress.com<http://incsecurity.wordpress.com/>
Twitter: https://twitter.com/ITSecurityNinja
LinkedIn: www.linkedin.com/in/ChristinaPMBA<http://www.linkedin.com/in/ChristinaPMBA>



This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us at DPO@lv.com and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=.

This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment.

LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect.

LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law.

LV= and Liverpool Victoria are trademarks of Liverpool Victoria Financial Services Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. Liverpool Victoria Financial Services Limited , registered in England with registration number 12383237 is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, register number 110035.The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanies<http://www.lv.com/legal/lvcompanies/>

Hi Christina,

You're not doing anything wrong :-)

Ntopng stores ip addresses as 32-bit long, it's far more efficient in several ways.
AFAIK Grafana has no tools which will directly help you, but the following may be a route forwards;

Ultimately a Grafana query is just a SQL query when pulling data from MySQL, and MySQL has functions for converting long integers into dotted notation IP addresses and vice versa.
So you could tweak your select statements to apply the function to data coming from MySQL.

Look for INET_NTOA, INET_ATON, INET6_NTOA, INET6_ATON functions
https://dev.mysql.com/doc/refman/8.0/en/miscellaneous-functions.html

HTH
Dariush

From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Christina Phillips
Sent: 29 April 2020 15:37
To: ntop@listgateway.unipi.it; ntop@unipi.it
Subject: [Ntop] exporting ntopng to mysql

ATTENTION: External email - This message has been sent from outside LV=.
Background:

New system - running compiled 3.8.1 with nDPI 3.0 (both from git). Ntopng works properly via the web interface. However, it appears that the IP addresses in the mysql database appear as integers - however the web interface renders them properly.

If I do a table lookup in Grafana - I end up with integers.

What did I do wrong?

christina phillips / Director, IT Security Practice
Independent Network Consultants
e: cphillips@inei.com<mailto:cphillips@inei.com> m: 703.626.0385
http://incsecurity.wordpress.com<http://incsecurity.wordpress.com/>
Twitter: https://twitter.com/ITSecurityNinja
LinkedIn: www.linkedin.com/in/ChristinaPMBA<http://www.linkedin.com/in/ChristinaPMBA>



This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us at DPO@lv.com and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=.

This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment.

LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect.

LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law.

LV= and Liverpool Victoria are trademarks of Liverpool Victoria Financial Services Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. Liverpool Victoria Financial Services Limited , registered in England with registration number 12383237 is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, register number 110035.The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanies<http://www.lv.com/legal/lvcompanies/>

I realized that I sent the e-mail in mistake when I found a GitHub posting from 2016 addressing this issue. LOL.

I completely understand how the query needs to be modified. Thank you so much for replying in lightning speed.

~Christina

From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> On Behalf Of Marsh-Mossadeghi, Dariush
Sent: Wednesday, April 29, 2020 11:39 AM
To: ntop@unipi.it; ntop@listgateway.unipi.it
Cc: dariush@gravitas.co.uk
Subject: Re: [Ntop] exporting ntopng to mysql

Hi Christina,

You're not doing anything wrong :-)

Ntopng stores ip addresses as 32-bit long, it's far more efficient in several ways.
AFAIK Grafana has no tools which will directly help you, but the following may be a route forwards;

Ultimately a Grafana query is just a SQL query when pulling data from MySQL, and MySQL has functions for converting long integers into dotted notation IP addresses and vice versa.
So you could tweak your select statements to apply the function to data coming from MySQL.

Look for INET_NTOA, INET_ATON, INET6_NTOA, INET6_ATON functions
https://dev.mysql.com/doc/refman/8.0/en/miscellaneous-functions.html

HTH
Dariush

From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Christina Phillips
Sent: 29 April 2020 15:37
To: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>; ntop@unipi.it<mailto:ntop@unipi.it>
Subject: [Ntop] exporting ntopng to mysql

ATTENTION: External email - This message has been sent from outside LV=.
Background:

New system - running compiled 3.8.1 with nDPI 3.0 (both from git). Ntopng works properly via the web interface. However, it appears that the IP addresses in the mysql database appear as integers - however the web interface renders them properly.

If I do a table lookup in Grafana - I end up with integers.

What did I do wrong?

christina phillips / Director, IT Security Practice
Independent Network Consultants
e: cphillips@inei.com<mailto:cphillips@inei.com> m: 703.626.0385
http://incsecurity.wordpress.com<http://incsecurity.wordpress.com/>
Twitter: https://twitter.com/ITSecurityNinja
LinkedIn: www.linkedin.com/in/ChristinaPMBA<http://www.linkedin.com/in/ChristinaPMBA>



This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us at DPO@lv.com<mailto:DPO@lv.com> and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=.

This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment.

LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect.

LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law.

LV= and Liverpool Victoria are trademarks of Liverpool Victoria Financial Services Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. Liverpool Victoria Financial Services Limited , registered in England with registration number 12383237 is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, register number 110035.The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanies<http://www.lv.com/legal/lvcompanies/>

I realized that I sent the e-mail in mistake when I found a GitHub posting from 2016 addressing this issue. LOL.

I completely understand how the query needs to be modified. Thank you so much for replying in lightning speed.

~Christina

From: ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> On Behalf Of Marsh-Mossadeghi, Dariush
Sent: Wednesday, April 29, 2020 11:39 AM
To: ntop@unipi.it; ntop@listgateway.unipi.it
Cc: dariush@gravitas.co.uk
Subject: Re: [Ntop] exporting ntopng to mysql

Hi Christina,

You're not doing anything wrong :-)

Ntopng stores ip addresses as 32-bit long, it's far more efficient in several ways.
AFAIK Grafana has no tools which will directly help you, but the following may be a route forwards;

Ultimately a Grafana query is just a SQL query when pulling data from MySQL, and MySQL has functions for converting long integers into dotted notation IP addresses and vice versa.
So you could tweak your select statements to apply the function to data coming from MySQL.

Look for INET_NTOA, INET_ATON, INET6_NTOA, INET6_ATON functions
https://dev.mysql.com/doc/refman/8.0/en/miscellaneous-functions.html

HTH
Dariush

From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Christina Phillips
Sent: 29 April 2020 15:37
To: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>; ntop@unipi.it<mailto:ntop@unipi.it>
Subject: [Ntop] exporting ntopng to mysql

ATTENTION: External email - This message has been sent from outside LV=.
Background:

New system - running compiled 3.8.1 with nDPI 3.0 (both from git). Ntopng works properly via the web interface. However, it appears that the IP addresses in the mysql database appear as integers - however the web interface renders them properly.

If I do a table lookup in Grafana - I end up with integers.

What did I do wrong?

christina phillips / Director, IT Security Practice
Independent Network Consultants
e: cphillips@inei.com<mailto:cphillips@inei.com> m: 703.626.0385
http://incsecurity.wordpress.com<http://incsecurity.wordpress.com/>
Twitter: https://twitter.com/ITSecurityNinja
LinkedIn: www.linkedin.com/in/ChristinaPMBA<http://www.linkedin.com/in/ChristinaPMBA>



This email (including any attachment) may contain confidential and/ or legally privileged information. If you are not the intended recipient, please notify us at DPO@lv.com<mailto:DPO@lv.com> and destroy it and any copies. Unauthorised access, use, disclosure, storage or copying of this email is not permitted and, unless you are the intended recipient, you are not entitled to rely on it in any way. Any opinions expressed in this email are those of the individual sending it and not necessarily those of LV=.

This email is believed to be free of any virus or other defect. However, communication by email cannot be guaranteed to be free from defect, error free or secure. If you choose to communicate with us by email you must realise that there can be no guarantee of privacy and you should carry out your own security checks before opening any email or attachment.

LV= accepts no liability for any loss or damage which may be caused by any lack of privacy, software viruses or other defect.

LV= reserves the right to monitor and inspect any email (including any attachment) sent to and/or from LV= for reasons of security and for monitoring internal compliance with our office policies. LV= may use email monitoring or blocking software at its discretion. You are responsible for ensuring that any email you send is appropriate and within the bounds of the law.

LV= and Liverpool Victoria are trademarks of Liverpool Victoria Financial Services Limited and LV= and Liverpool Victoria are trading styles of the Liverpool Victoria group of companies. Liverpool Victoria Financial Services Limited , registered in England with registration number 12383237 is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, register number 110035.The registered office address for all LV= companies is County Gates, Bournemouth, BH1 2NF. Information about the LV= group of companies can be found via this link www.lv.com/legal/lvcompanies<http://www.lv.com/legal/lvcompanies/>