HI Simone,
Maria issued a 7 day license early today, but this license limits the total flows to 25000. Do you want me to ask Maria for a temp license without a flow limit ?
Grazie mille !
Robert Racioppoli
Conseiller Technique Senior en Télécommunications - Surveillance Réseau
Senior Technical Advisor - Telecommunications - Network Monitoring
2020 Robert Bourassa
Montréal QC
H3A 2A5
Canada
[ intact ] Corporation financière
Téléphone : (866) 440-8300 x61257
Robert.Racioppoli@intact.net
De : ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> De la part de Simone Mainardi
Envoyé : 18 juin 2020 16:47
À : ntop@unipi.it
Cc : ntop@listgateway.unipi.it; Michel Labrecque <michel.labrecque@intact.net>
Objet : [E!] Re: [Ntop] nProbe modes
Robert,
I'm glad to see that it's working. To request evaluation licenses please contact Maria using address mallegro at ntop dot org.
Regards,
Simone
On 18 Jun 2020, at 20:00, Robert Racioppoli <Robert.Racioppoli@intact.net<mailto:Robert.Racioppoli@intact.net>> wrote:
Ciao Simone,
I can now see the actual flows. Thank You. It works great, but not for very long. There seems to be a limitation on the total maximum flows permitted by the temp license.
As you can see in the log messages below nProbe reaches its upper flow limit within the first minute. This makes the product evaluation impossible.
Can you provide a licence with unlimited flow capability ?
Your assistance in this matter is truly appreciated.
Best Regards,
Robert
18/Jun/2020 11:28:26 [nprobe.c:10361] nProbe started successfully
18/Jun/2020 11:29:23 [export.c:587] ERROR: ***************************************************************************
18/Jun/2020 11:29:23 [export.c:588] ERROR: * NOTE: You have reached the max demo 25000 flows export: no more exports *
18/Jun/2020 11:29:23 [export.c:590] ERROR: * NOTE: no additional flows will be exported by this nProbe instance *
18/Jun/2020 11:29:23 [export.c:591] ERROR: ***************************************************************************
^C18/Jun/2020 11:36:03 [nprobe.c:573] Received shutdown request... [signal: 2]
18/Jun/2020 11:36:04 [nprobe.c:6924] Flushing active flows
Robert Racioppoli
Conseiller Technique Senior en Télécommunications - Surveillance Réseau
Senior Technical Advisor - Telecommunications - Network Monitoring
2020 Robert Bourassa
Montréal QC
H3A 2A5
Canada
[ intact ] Corporation financière
Téléphone : (866) 440-8300 x61257
Robert.Racioppoli@intact.net<mailto:Robert.Racioppoli@intact.net>
De : ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> De la part de Simone Mainardi
Envoyé : 18 juin 2020 09:15
À : ntop@unipi.it<mailto:ntop@unipi.it>
Cc : ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>; Michel Labrecque <michel.labrecque@intact.net<mailto:michel.labrecque@intact.net>>
Objet : [E!] Re: [Ntop] nProbe modes
Robert,
From the picture enclosed, it seems you are using ntopng to capture from a physical interface -- ens192.
As you've said your scenario is:
Cisco L3 Device ——>>>>>netFlow collector (acting as a proxy/forwarder) ——>>>>> nProbe——>>>>>NTOPNG
So you have to connect ntopng and nprobe together via ZMQ to see the actual content of flow records. See
https://www.ntop.org/guides/ntopng/using_with_other_tools/nprobe.html<
https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ntop.org%2Fguides%2Fntopng%2Fusing_with_other_tools%2Fnprobe.html&data=02%7C01%7CRobert.Racioppoli%40intact.net%7Cb7e105d14eb4408116a708d813c8d4e7%7Cb880eecaf1fb4c91bff682e84350a6e6%7C0%7C0%7C637281100581567659&sdata=mTOV%2BRuPpmpdx0uCUjn7OPnAGOretln9dskFwD85wu8%3D&reserved=0>
In particular, you have to use option --collector-port to tell nProbe on which port the netflow arrives.
Regards,
Simone
On 17 Jun 2020, at 22:42, Robert Racioppoli <Robert.Racioppoli@intact.net<mailto:Robert.Racioppoli@intact.net>> wrote:
Hi Simone,
Are there special settings/commands required on NTOPNG or nProbe to allow this to happen ? To better explain our current setup,, the communication between the proxy Flow Collector (10.177.45.18) and nProbe is established and can be seen in NTOPNG (see item #1 ). The issue is that the actual Flow record information or if you prefer the Flow dataset does not appear in NTOPNG.
No individual router conversation flow can be seen.
Grazie mille.
Robert
Item #1
<image001.png>
Here is a small sample of the expected flows as seen by another solution.
<image003.jpg>
Robert Racioppoli
Conseiller Technique Senior en Télécommunications - Surveillance Réseau
Senior Technical Advisor - Telecommunications - Network Monitoring
2020 Robert Bourassa
Montréal QC
H3A 2A5
Canada
[ intact ] Corporation financière
Téléphone : (866) 440-8300 x61257
Robert.Racioppoli@intact.net<mailto:Robert.Racioppoli@intact.net>
De : ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> <ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it>> De la part de Simone Mainardi
Envoyé : 17 juin 2020 15:57
À : ntop@unipi.it<mailto:ntop@unipi.it>
Cc : ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>; Michel Labrecque <michel.labrecque@intact.net<mailto:michel.labrecque@intact.net>>
Objet : [E!] Re: [Ntop] nProbe modes
Robert,
Yes, nProbe can be on the receiving end of an alternative Flow Collector - provided that the alternative Flow Collector is exporting NetFlow v5/v9/IPFIX/sFlow or any other format which is interoperable with them.
Regards,
Simone
On 17 Jun 2020, at 19:18, Robert Racioppoli <Robert.Racioppoli@intact.net<mailto:Robert.Racioppoli@intact.net>> wrote:
Hello,
Your documentation clearly describes a scenario where nProbe can act as a flow proxy/collector. My question is can nProbe be on the receiving end of an alternative Flow Collector acting as a proxy/forwarder ?
Thank You!
Robert Racioppoli
Conseiller Technique Senior en Télécommunications - Surveillance Réseau
Senior Technical Advisor - Telecommunications - Network Monitoring
2020 Robert Bourassa
Montréal QC
H3A 2A5
Canada
[ intact ] Corporation financière
Téléphone : (866) 440-8300 x61257
Robert.Racioppoli@intact.net<mailto:Robert.Racioppoli@intact.net>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop<
https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flistgateway.unipi.it%2Fmailman%2Flistinfo%2Fntop&data=02%7C01%7CRobert.Racioppoli%40intact.net%7Cb7e105d14eb4408116a708d813c8d4e7%7Cb880eecaf1fb4c91bff682e84350a6e6%7C0%7C0%7C637281100581567659&sdata=PrtoWkCeNdygoH3Hj%2FTMZuJGA5zOQIYla4rs2h6VcB8%3D&reserved=0>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop<
https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flistgateway.unipi.it%2Fmailman%2Flistinfo%2Fntop&data=02%7C01%7CRobert.Racioppoli%40intact.net%7Cb7e105d14eb4408116a708d813c8d4e7%7Cb880eecaf1fb4c91bff682e84350a6e6%7C0%7C0%7C637281100581577648&sdata=msIMAHj3MNIT3sZo18zJqzwjWQCoRfBdUoo4qaIGCio%3D&reserved=0>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop<
https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flistgateway.unipi.it%2Fmailman%2Flistinfo%2Fntop&data=02%7C01%7CRobert.Racioppoli%40intact.net%7Cb7e105d14eb4408116a708d813c8d4e7%7Cb880eecaf1fb4c91bff682e84350a6e6%7C0%7C0%7C637281100581577648&sdata=msIMAHj3MNIT3sZo18zJqzwjWQCoRfBdUoo4qaIGCio%3D&reserved=0>