search

ntop / nProbe

Open source components and extensions for nProbe
http://ntop.org
GNU General Public License v2.0
1.66k stars 44 forks source link

Flows in Ntopng #626

Closed radrigo7 closed 2 months ago

radrigo7 commented 2 months ago

Hi, Debian 12.6 ntopng 6.3.240821 [Enterprise/Professional build] nprobe v.10.7.240821 (Pro Edition)

ntopng.conf:

-i=tcp://127.0.0.1:5558 -F="clickhouse;127.0.0.1@9004;ntopng;default;default" -G=/var/run/ntopng.pid

nprobe.conf: -i=none -n=none --ntopng="zmq://127.0.0.1:5558" -V=9 -b=1 -3=2066

nprobe is getting flows but ntopng doesn't show them up. The problem is the same for cisco or mikrotik V9 flows

23/Aug/2024 14:41:53 [nprobe.c:4504] Average traffic: [136.00 pps][All Traffic 611.56 Kb/sec][IP Traffic 562.65 Kb/sec][ratio 0.92]
23/Aug/2024 14:41:53 [nprobe.c:4512] Current traffic: [143.00 pps][642.82 Kb/sec]
 23/Aug/2024 14:41:53 [nprobe.c:4553] Flows exports (including drops) [11538 flows][uptime: 60 sec][avg: 192.3 flows/sec][latest 60 sec av>
23/Aug/2024 14:41:53 [nprobe.c:4562] Flow drops   [export queue full: 0]
23/Aug/2024 14:41:53 [nprobe.c:4565] Packets      [captured packets: 73829][capture drops: 0][too many flow buckets: 0]
 23/Aug/2024 14:41:53 [nprobe.c:4570] Flow Buckets [active: 897][allocated: 897][toBeExported: 0]
23/Aug/2024 14:41:53 [nprobe.c:4574] Export Queue [current: 0][max: 512000][fill level: 0.0%]
 23/Aug/2024 14:41:53 [nprobe.c:4324] Processed packets: 73875 (max bucket search: 1)
23/Aug/2024 14:41:53 [nprobe.c:4305] Fragment queue length: 0
23/Aug/2024 14:41:53 [nprobe.c:4355] Flow export stats:      [0 bytes/0 pkts][11538 flows/0 pkts sent]
23/Aug/2024 14:41:53 [nprobe.c:4367] Flow export drop stats: [0 bytes/0 pkts][0 flows/0.00 %]
23/Aug/2024 14:41:53 [nprobe.c:4373] Total flow stats:       [0 bytes/0 pkts][11538 flows/0 pkts sent]
koenighp commented 2 months ago

I have the same problem. Have you been able to find the error in the meantime?

BTW: Where can I find the log you showed? I can't find an ntopng, an nprob directory or a log file in /var/log/... .

radrigo7 commented 2 months ago

I have the same problem. Have you been able to find the error in the meantime?

BTW: Where can I find the log you showed? I can't find an ntopng, an nprob directory or a log file in /var/log/... .

I tried to change the configuration like:

Note: by default ntopng is the connection initiator, this does not work if nprobe is in a private network protected by a firewall. In this case it is necessary to revert the configuration by swapping the roles and configuring ntopng as collector (using the the trailing 'c' in the endpoint), and nProbe as connection initiator (by adding the --zmq-probe-mode option).

but with no success - got the same result (nbrope is getting flows but ntopng doesnt show them).

One of the options to print logs is "journalctl -xeu nprobe.service"

koenighp commented 2 months ago

Now it's runs for me. I need to disable local firewall on ntopng server.

Cloud you help me with ClickHouse installation and configuration?

radrigo7 commented 2 months ago

Now it's runs for me. I need to disable local firewall on ntopng server.

Cloud you help me with ClickHouse installation and configuration?

I configured Clickhouse with https://www.ntop.org/guides/ntopng/clickhouse/installation.html (ClickHouse version 22 or newer is required)

I didnt have any firewall enabled on server

radrigo7 commented 2 months ago

The problem was in Cisco, from Mikrotik traffic collects properly now