No traffic recorded after upgrade from 2.4 to 2.5

[mahescho]

Hi,

as I get no response on the mailing list I report this issue here too. After a upgrade to 2.5 no traffic is recorded. I use NetFlow for two Mikrotik routers. For my configs see this message:

http://listgateway.unipi.it/pipermail/ntop/2017-April/019801.html

and for further debugging results see this message:

http://listgateway.unipi.it/pipermail/ntop/2017-April/019804.html

How to fix this?

TIA

[lucaderi]

@mahescho we are doing our best to assist everyone, while some of our colleagues are on vacation.

Can you please paste (or send me via email) a pcap containing mikrotik-exported flows+templates so I can see what happens? Have you updated just ntopng or also nprobe since the last working setup?

[simonemainardi]

it looks like all the stats periodically reported to ntopng by nProbe are zero:

{ "if.name": "none", 
"if.speed": 1000, "if.ip": "", "probe.ip": "192.168.100.21", 
"probe.public_ip": "", "time" : 1491911378.329, "bytes": 0, "packets": 
0, "avg.bps": 0, "avg.pps": 0 } [msg_id=118]
11/Apr/2017 13:49:39 [CollectorInterface.cpp:210] { "if.name": "none", 
"if.speed": 1000, "if.ip": "", "probe.ip": "192.168.100.21", 
"probe.public_ip": "", "time" : 1491911378.356, "bytes": 0, "packets": 
0, "avg.bps": 0, "avg.pps": 0 } [msg_id=118]
11/Apr/2017 13:49:39 [CollectorInterface.cpp:210] { "if.name": "none", 
"if.speed": 1000, "if.ip": "", "probe.ip": "192.168.100.21", 
"probe.public_ip": "", "time" : 1491911379.330, "bytes": 0, "packets": 
0, "avg.bps": 0, "avg.pps": 0 } [msg_id=119]
11/Apr/2017 13:49:39 [CollectorInterface.cpp:210] { "if.name": "none", 
"if.speed": 1000, "if.ip": "", "probe.ip": "192.168.100.21", 
"probe.public_ip": "", "time" : 1491911379.356, "bytes": 0, "packets": 
0, "avg.bps": 0, "avg.pps": 0 }

In addition to Luca's suggestion, if you let the nProbe run for a while (also add option --debug), do you see any logs appearing on the console? I would like to understand if Mikrotik data properly reaches nProbe. Also, when quitting nProbe with a ctrl+c, it should print a summary of the statistics that include the number of received/exported flows. Please report that as well.

[mahescho]

Please keep in mind, that every thing perfectly worked with 2.4 but the "47 years problem" and nothing changed in the Mikrotik setup.

I've updated everything, current versions:

ntopng 2.5.170411-2642 nprobe 7.5.170411-5727

@lucaderi I've to ask again: how to create "a pcap containing mikrotik-exported flows+templates"? @simonemainardi sent by mail and as I can see there the detected flow template are in the output.

[simonemainardi]

@mahescho to generate a pcap run

sudo tcpdump -i <name of the network interface that is receiving flows> -w microtik.pcap port 4711

let the command run for a few minutes and then send us the file mikrotik.pcap

[mahescho]

So simple that I was unable to figure it out my self :( - sent by mail.

[simonemainardi]

@mahescho I confirm the issue is fixed, tested both with Netflow v9 and Netflow v10.

A new build is in progress. Please, wait an hour and then update the packages.

[mahescho]

Thanks, works again as expected. I will post my new questions to the ML :-)

[simonemainardi]

thanks for reporting. I'm glad to know it's solved