Mailing List Archive

Hi All,
I'm new to using ntopng/nprobe so forgive me if this is a noob issue.

I've configured ntopng (pro license) and nprobe on a raspberry pi 4 to
receive netflow traffic from the DD-WRT based router (using sflow). The
DD-WRT host points sflow traffic to the nprobe on the rpi on port 2205, and
nprobe should collect the flows and forward via zmq to ntopng on the same
rpi.

However, when I configure the zmq settings for nprobe, it crashes on
startup with a SEGV and no error message. I haven't purchased a license
for nprobe yet as I want to prove function first.

Here are my configs, and the nprobe output to daemon.log:

Thanks for the help

nprobe.conf ----------------
-i=none
-n=none
-3=2055
-b=1
--zmq="tcp://127.0.0.1:5556"
--zmq-probe-mode
-T="@NTOPNG@"

ntopng.conf ----------------
-G=/var/run/ntopng.pid
-i=tcp://127.0.0.1:5556c
-m=192.168.1.0/24

daemon.log [nprobe] ----------------
Jul 3 14:59:51 ntop systemd[1]: nprobe.service: Service RestartSec=5s
expired, scheduling restart.
Jul 3 14:59:51 ntop systemd[1]: nprobe.service: Scheduled restart job,
restart counter is at 73.
Jul 3 14:59:51 ntop systemd[1]: Stopped nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.
Jul 3 14:59:51 ntop systemd[1]: Starting nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6...
Jul 3 14:59:51 ntop systemd[1]: Started nprobe extensible NetFlow
v5/v9/IPFIX probe/collector for IPv4/v6.
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:5054]
Reading configuration file /run/nprobe.conf
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [plugin.c:177] No
plugins found in ./plugins
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [plugin.c:185]
Loading 23 plugins [.so] from /usr/local/lib/nprobe/plugins
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4620]
ERROR: Invalid license (/etc/nprobe.license) [Missing license file]
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4627]
ERROR: *****************************************************
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4628]
ERROR: ** **
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4629]
ERROR: ** Switching to DEMO MODE (missing valid license) **
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4630]
ERROR: ** **
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4632]
ERROR: ** Purchase your license at **
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4633]
ERROR: ** https://shop.ntop.org/ **
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4634]
ERROR: ** **
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:4636]
ERROR: *****************************************************
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6677]
WARNING: The output interfaceId is set to 0: did you forget to use -Q
perhaps ?
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6680]
WARNING: The input interfaceId is set to 0: did you forget to use -u
perhaps ?
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6771]
Flow cache is disabled in flow collection mode
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6774]
Welcome to nProbe v.9.1.200629 ($Revision: 6903 $) for
armv7l-unknown-linux-gnueabihf
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6785]
Running on Raspbian GNU/Linux 10 (buster)
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6796]
[LICENSE] nProbe SystemId: 4491C28A5E6BA0A5
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:6867]
Sample rate [packet: 1][flow collection/export: 1/1]
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9734]
ERROR: ***************************************************************
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9735]
ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9736]
ERROR: ***************************************************************
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9743]
Welcome to nProbe v.9.1.200629 for armv7l-unknown-linux-gnueabihf
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:8557]
WARNING: Adding %EXPORTER_IPV4_ADDRESS to the template as nProbe is working
as collector
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:8675]
Using NetFlow Packet Payload Len: 1472
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:8595]
@NTOPNG@ expanded to " %IN_SRC_MAC %OUT_DST_MAC %INPUT_SNMP %OUTPUT_SNMP
%SRC_VLAN %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT
%IPV6_SRC_ADDR %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %L7_PROTO
%IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED
%CLIENT_TCP_FLAGS %SERVER_TCP_FLAGS %EXPORTER_IPV4_ADDRESS"
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:8710]
Flow export type: bidirectional flows
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [plugin.c:1171] 0
plugin(s) enabled
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9177]
Each flow is 104 bytes long
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9178]
The # flows per packet has been set to 13
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:9181] IP
TOS is ignored
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:10026]
Flows ASs will not be computed (no GeoDB files loaded)
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:10131]
Not capturing packet from interface (collector mode)
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [util.c:5117]
Initializing ZMQ as client
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [util.c:5190]
Exporting flows towards ZMQ endpoint tcp://127.0.0.1:5556
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [util.c:4114]
Enlarged socket buffer [echo 8388608 > /proc/sys/net/core/rmem_max]
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [util.c:4155]
nProbe changed user to 'nprobe'
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [collect.c:192]
Flow collector listening on port 2055 (IPv4/v6)
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [export.c:540]
Using TLV as serialization format
Jul 3 14:59:51 ntop nprobe[24756]: 03/Jul/2020 14:59:51 [nprobe.c:10394]
nProbe started successfully
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3612]
---------------------------------
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3631] L7
Proto Diff Total
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3645]
#011Unknown/0 12.14 KB 12.14 KB
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3664]
Flows exports (including drops) [1 flows][avg: 1.0 flows/sec][latest 1 sec
avg: 1.0 flows/sec]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3672]
Flow drops [export queue full: 0]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3675]
Packet drops [too many flow buckets: 0]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3678]
Flow Buckets [active: 1][allocated: 1][toBeExported: 0]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3682]
Export Queue [current: 0][max: 512000][fill level: 0.0%]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3712]
ZMQ Export [1 exporters][1 flows][total avg: 9.97 Kb/sec][236.0
bytes/flow][latest 1 sec avg: 9.97 Kb/sec]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3774]
Collector Threads: [1 pkts@0]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3428]
Processed packets: 0 (max bucket search: 0)
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3411]
Fragment queue length: 0
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3439]
UDP collection stats: [collected pkts: 1][UDP socket drops: 0]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3446]
Flow collection stats: [processed: 2][dropped (holes in collected flow
sequence): 0]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3452]
Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3458]
Flow export drop stats: [0 bytes/0 pkts][0 flows]
Jul 3 14:59:52 ntop nprobe[24756]: 03/Jul/2020 14:59:52 [nprobe.c:3463]
Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent]
Jul 3 14:59:54 ntop systemd[1]: nprobe.service: Main process exited,
code=killed, status=11/SEGV
Jul 3 14:59:54 ntop systemd[1]: nprobe.service: Failed with result
'signal'.

daemon.log [ntopng] ------------------------------
Jul 3 14:44:04 ntop systemd[1]: Starting ntopng high-speed web-based
traffic monitoring and analysis tool...
Jul 3 14:44:04 ntop systemd[1]: Started ntopng high-speed web-based
traffic monitoring and analysis tool.
Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [Ntop.cpp:2254]
Setting local networks to 192.168.1.0/24
Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [Redis.cpp:157]
Successfully connected to redis 127.0.0.1:6379@0
Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [Redis.cpp:157]
Successfully connected to redis 127.0.0.1:6379@0
Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [NtopPro.cpp:299]
[LICENSE] Reading license from /etc/ntopng.license
Jul 3 14:44:04 ntop ntopng[21947]: 03/Jul/2020 14:44:04 [NtopPro.cpp:429]
[LICENSE] /etc/ntopng.license: found valid Professional Embedded license
Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05 [Ntop.cpp:2359]
Registered interface tcp://127.0.0.1:5556c [id: 8]
Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05 [main.cpp:316] PID
stored in file /var/run/ntopng.pid
Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05
[Geolocation.cpp:150] Running without geolocation support.
Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05
[Geolocation.cpp:151] To enable geolocation follow the instructions at
Jul 3 14:44:05 ntop ntopng[21947]: 03/Jul/2020 14:44:05
[Geolocation.cpp:152]
https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06
[HTTPserver.cpp:1498] Web server dirs
[/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06
[HTTPserver.cpp:1501] HTTP server listening on 3000
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [Utils.cpp:761]
User changed to ntopng
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [main.cpp:386]
Working directory: /var/lib/ntopng
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [main.cpp:388]
Scripts/HTML pages directory: /usr/share/ntopng
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [Ntop.cpp:455]
Welcome to ntopng armv7l v.4.1.200629 - (C) 1998-20 ntop.org
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [Ntop.cpp:465]
Built on Raspbian GNU/Linux 10 (buster)
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [NtopPro.cpp:699]
[LICENSE] System Id:#[removed]
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [NtopPro.cpp:700]
[LICENSE] Edition:#011Professional Embedded
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [NtopPro.cpp:701]
[LICENSE] License Type:#011Permanent License
[license removed for email]
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06 [NtopPro.cpp:725]
[LICENSE] Maintenance:#011Until Thu Jul 1 12:34:46 2021 [362 days left]
Jul 3 14:44:06 ntop ntopng[21947]: 03/Jul/2020 14:44:06
[PeriodicActivities.cpp:105] Started periodic activities loop...
Jul 3 14:44:12 ntop ntopng[21947]: 03/Jul/2020 14:44:12
[PeriodicActivities.cpp:165] Each periodic activity script will use 2
threads
Jul 3 14:44:12 ntop ntopng[21947]: 03/Jul/2020 14:44:12
[NetworkInterface.cpp:2358] Started packet polling on interface
tcp://127.0.0.1:5556c [id: 8]...
Jul 3 14:44:12 ntop ntopng[21947]: 03/Jul/2020 14:44:12
[ZMQCollectorInterface.cpp:255] Collecting flows on tcp://127.0.0.1:5556c
Tim Nichols