search

ntop / nProbe

Open source components and extensions for nProbe
http://ntop.org
GNU General Public License v2.0
1.66k stars 44 forks source link

nProbe is not collecting all the data from a NetFlow #218

Closed juesor closed 7 years ago

juesor commented 7 years ago

Is it possible to see how much traffic the nprobe is receiving at any given time ?

simonemainardi commented 7 years ago

sure, add -b=1:

simone@devel:~/nProbe$ sudo ./nprobe -i eno1 -b 1
17/Oct/2017 18:49:49 [plugin.c:182] Loading 25 plugins [.so] from ./plugins
17/Oct/2017 18:49:49 [plugin.c:701] WARNING: Plugin System process information (./plugins/processPlugin.so) version mismatch [loaded=$Revision: 5893 $][expected=$Revision: 5916 $]: discarded
17/Oct/2017 18:49:49 [nprobe.c:5694] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
17/Oct/2017 18:49:49 [nprobe.c:5697] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
17/Oct/2017 18:49:49 [nprobe.c:5796] Welcome to nProbe Pro v.8.1.171013 ($Revision: 5916 $) for x86_64-pc-linux-gnu with native PF_RING acceleration
17/Oct/2017 18:49:49 [nprobe.c:5806] Running on Ubuntu 16.04.3 LTS
17/Oct/2017 18:49:49 [nprobe.c:5905] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used.
17/Oct/2017 18:49:49 [nprobe.c:5930] Sample rate [packet: 1][flow: 1]
17/Oct/2017 18:49:49 [nprobe.c:8356] Welcome to nProbe v.8.1.171013 for x86_64-pc-linux-gnu
17/Oct/2017 18:49:49 [plugin.c:1066] 0 plugin(s) enabled
17/Oct/2017 18:49:49 [nprobe.c:7852] Non IPv4/v6 traffic is discarded according to the template
17/Oct/2017 18:49:49 [util.c:440] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
17/Oct/2017 18:49:49 [util.c:451] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
17/Oct/2017 18:49:49 [nprobe.c:6405] Using packet capture length 128
17/Oct/2017 18:49:49 [pro/pf_ring.c:356] Initializing PF_RING socket on device eno1..
17/Oct/2017 18:49:49 [pro/pf_ring.c:398] Dumping traffic statistics on /proc/net/pf_ring/stats/1542-eno1.30
17/Oct/2017 18:49:49 [pro/pf_ring.c:463] PF_RING enabled on eno1
17/Oct/2017 18:49:49 [nprobe.c:8535] IPv6 traffic will NOT be exported/accounted by this probe
17/Oct/2017 18:49:49 [nprobe.c:8536] due to configuration options (e.g. use NetFlow v9)
17/Oct/2017 18:49:49 [nprobe.c:8537] Please use -V to set the version to other than NetFlow V5
17/Oct/2017 18:49:49 [util.c:3589] nProbe changed user to 'nobody'
17/Oct/2017 18:49:49 [nprobe.c:8907] nProbe started successfully

17/Oct/2017 18:49:50 [nprobe.c:3164] ---------------------------------
17/Oct/2017 18:49:50 [nprobe.c:3165] Average traffic: [134.00 pps][All Traffic 301.52 Kb/sec][IP Traffic 257.49 Kb/sec][ratio 0.86]
17/Oct/2017 18:49:50 [nprobe.c:3173] Current traffic: [134.00 pps][301.52 Kb/sec]
17/Oct/2017 18:49:50 [nprobe.c:3179] Current flow export rate: [0.0 flows/sec]
17/Oct/2017 18:49:50 [nprobe.c:3182] Flow drops: [export queue too long=0][too many flows=0][ELK queue flow drops=0]
17/Oct/2017 18:49:50 [nprobe.c:3187] Export Queue: 0/512000 [0.0 %]
17/Oct/2017 18:49:50 [nprobe.c:3192] Flow Buckets: [active=10][allocated=10][toBeExported=0]
17/Oct/2017 18:49:50 [nprobe.c:3015] Processed packets: 134 (max bucket search: 0)
17/Oct/2017 18:49:50 [nprobe.c:2998] Fragment queue length: 0
17/Oct/2017 18:49:50 [nprobe.c:3024] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent]
17/Oct/2017 18:49:50 [nprobe.c:3034] Flow drop stats:   [0 bytes/0 pkts][0 flows]
17/Oct/2017 18:49:50 [nprobe.c:3039] Total flow stats:  [0 bytes/0 pkts][0 flows/0 pkts sent]

17/Oct/2017 18:50:20 [nprobe.c:3164] ---------------------------------
17/Oct/2017 18:50:20 [nprobe.c:3165] Average traffic: [123.00 pps][All Traffic 243.17 Kb/sec][IP Traffic 202.57 Kb/sec][ratio 0.84]
17/Oct/2017 18:50:20 [nprobe.c:3173] Current traffic: [123.00 pps][241.22 Kb/sec]
17/Oct/2017 18:50:20 [nprobe.c:3179] Current flow export rate: [0.8 flows/sec]
17/Oct/2017 18:50:20 [nprobe.c:3182] Flow drops: [export queue too long=0][too many flows=0][ELK queue flow drops=0]
17/Oct/2017 18:50:20 [nprobe.c:3187] Export Queue: 0/512000 [0.0 %]
17/Oct/2017 18:50:20 [nprobe.c:3192] Flow Buckets: [active=227][allocated=227][toBeExported=0]
17/Oct/2017 18:50:20 [nprobe.c:3015] Processed packets: 3826 (max bucket search: 1)
17/Oct/2017 18:50:20 [nprobe.c:2998] Fragment queue length: 0
17/Oct/2017 18:50:20 [nprobe.c:3024] Flow export stats: [43439 bytes/207 pkts][25 flows/0 pkts sent]
17/Oct/2017 18:50:20 [nprobe.c:3034] Flow drop stats:   [0 bytes/0 pkts][0 flows]
17/Oct/2017 18:50:20 [nprobe.c:3039] Total flow stats:  [43439 bytes/207 pkts][25 flows/0 pkts sent]
juesor commented 7 years ago

Sorry Yes this is the correct setup but i diverted back away from separating out streams. As we would like to see a combined total. And when you split them out you cannot see the overall total for all streams.