how to connect ntopng to nprobe

[volkovmm]

I have the following error when start nprobe: error while loading shared libraries: /opt/napatech3/lib/libntapi.so: cannot open shared object file: No such file or directory Please help.

[lucaderi]

Hold on. We're modifying the packages today, so do not update until we have finished.

[volkovmm]

Thank you.

[volkovmm]

Unable to connect nprobe with ntopng.. I'm writing in ntopng.conf: -i tcp://127.0.0.1:5556, and i start nprobe this: nprobe --zmq "tcp://5556" -i eth0 -n none. Not work... help..

[lucaderi]

It's normal, shame on you :-)

-zmq "tcp://*:5556" or -zmq "tcp://125.0.0.1:5556"

[lucaderi]

The package issue has been fixed completed so I close this bug

[volkovmm]

how to reopen?

[volkovmm]

sorry for the stupid question, but I really need your help.all the instructions I've seen do not help me to understand how to connect ntopng to nprobe. So, i have a server with ntopng( ip 25.110.34.64). And i have a PC with nprobe( ip 25.110.34.65). In a ntopng.conf i write: -i=tcp://127.0.0.1:5556 right? then i start nprobe next command: nprobe -zmq tcp://*:5556 and nothing works. i tried start nprobe by use many variants. does not work. in ntopng is not received the data stream.

[lucaderi]

dash dash zmq (double dash)

[volkovmm]

does not work(

[volkovmm]

nprobe --zmq tcp://:5556 06/Oct/2015 19:10:35 [nprobe.c:3141] ERROR: Invalid nProbe license (/etc/nprobe.license) [Missing license file] 06/Oct/2015 19:10:35 [nprobe.c:3148] ERROR: ****** 06/Oct/2015 19:10:35 [nprobe.c:3149] ERROR: \ 06/Oct/2015 19:10:35 [nprobe.c:3150] ERROR: \ Switching to DEMO MODE (missing valid license) 06/Oct/2015 19:10:35 [nprobe.c:3151] ERROR: \ 06/Oct/2015 19:10:35 [nprobe.c:3152] ERROR: \ Create your nProbe license at 06/Oct/2015 19:10:35 [nprobe.c:3153] ERROR: \ http://www.nmon.net/mklicense/ 06/Oct/2015 19:10:35 [nprobe.c:3154] ERROR: \ 06/Oct/2015 19:10:35 [nprobe.c:3155] ERROR: * 06/Oct/2015 19:10:35 [nprobe.c:6605] ERROR: ***** 06/Oct/2015 19:10:35 [nprobe.c:6606] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. * 06/Oct/2015 19:10:35 [nprobe.c:6607] ERROR: *** 06/Oct/2015 19:10:35 [plugin.c:166] No plugins found in ./plugins 06/Oct/2015 19:10:35 [plugin.c:174] Loading 22 plugins [.so] from /usr/local/lib/nprobe/plugins 06/Oct/2015 19:10:35 [nprobe.c:4530] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ? 06/Oct/2015 19:10:35 [nprobe.c:4533] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ? 06/Oct/2015 19:10:35 [nprobe.c:4611] Welcome to nProbe Pro v.7.2.151006 ($Revision: 4584 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration 06/Oct/2015 19:10:35 [nprobe.c:4621] Running on CentOS Linux release 7.1.1503 (Core) 06/Oct/2015 19:10:35 [nprobe.c:4632] [LICENSE] nProbe SystemId: 3E5C656E9206AAF2 06/Oct/2015 19:10:35 [nprobe.c:4720] WARNING: -n parameter is missing. 127.0.0.1:2055 will be used. 06/Oct/2015 19:10:35 [nprobe.c:6623] Welcome to nprobe v.7.2.151006 for x86_64-unknown-linux-gnu 06/Oct/2015 19:10:35 [plugin.c:1000] 0 plugin(s) enabled 06/Oct/2015 19:10:35 [nprobe.c:6297] Non IPv4/v6 traffic is discarded according to the template 06/Oct/2015 19:10:35 [util.c:318] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat 06/Oct/2015 19:10:35 [util.c:327] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat 06/Oct/2015 19:10:35 [nprobe.c:5183] Using packet capture length 128 06/Oct/2015 19:10:36 [nprobe.c:6795] IPv6 traffic will NOT be exported/accounted by this probe 06/Oct/2015 19:10:36 [nprobe.c:6796] due to configuration options (e.g. use NetFlow v9) 06/Oct/2015 19:10:36 [nprobe.c:6926] Capturing packets from interface enp3s0 [snaplen: 128 bytes] 06/Oct/2015 19:10:36 [util.c:3898] Succesfully created ZMQ endpoint tcp://*:5556 06/Oct/2015 19:10:36 [util.c:2977] nProbe changed user to 'nobody' 06/Oct/2015 19:10:36 [nprobe.c:7132] nProbe started successfully ^C06/Oct/2015 19:10:38 [cache.c:1200] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec] 06/Oct/2015 19:10:38 [nprobe.c:389] Received shutdown request... [signal: 2] 06/Oct/2015 19:10:39 [engine.c:2618] About to flush hash (threadId 0) 06/Oct/2015 19:10:39 [engine.c:2620] Completed hash walk (thread 0) 06/Oct/2015 19:10:42 [cache.c:1200] Redis Cache [0 total/0.0 get/sec][0 total/0.0 set/sec] 06/Oct/2015 19:10:42 [nprobe.c:2484] Processed packets: 10 (max bucket search: 0) 06/Oct/2015 19:10:42 [nprobe.c:2467] Fragment queue length: 0 06/Oct/2015 19:10:42 [nprobe.c:2493] Flow export stats: [224 bytes/3 pkts][2 flows/1 pkts sent] 06/Oct/2015 19:10:42 [nprobe.c:2503] Flow drop stats: [0 bytes/0 pkts][0 flows] 06/Oct/2015 19:10:42 [nprobe.c:2508] Total flow stats: [224 bytes/3 pkts][2 flows/1 pkts sent] [root@localhost home]# exit

[lmangani]

Are you using the quotation marks?

    -zmq "tcp://*:5556" 

or

    -zmq "tcp://125.0.0.1:5556"

[volkovmm]

tried some of. nothing has changed. I don't understand why this should work if I do not specify the ip address of the collecor at the start Nprobe

[lmangani]

This is making very little sense... of course you have to outline the IP of the collector.

1) nProbe creates a TCP endpoint available on all interfaces (* stands for all) active at the port 5556.

2) ntopng should simply be instructed to connect via TCP to such endpoint as client

[volkovmm]

ntopng.conf: -G=/var/tmp/ntopng.pid -i=tcp://127.0.0.1:5556 -F=mysql;localhost;ntopng;flows;root;977159

[volkovmm]

and what to do..

[lucaderi]

06/Oct/2015 19:10:36 [util.c:3898] Succesfully created ZMQ endpoint tcp://*:5556

so probe works . Do you have traffic on enp3s0 ? Please add -b 2 to nprobe to see what happens

[volkovmm]

nprobe --zmq "tcp://*:5556" -i br0 -b 2

07/Oct/2015 13:29:50 [util.c:3923] [ZMQ] {"8":"10.112.35.67","12":"255.255.255.255","15":"0.0.0.0","10":0,"14":0,"2":1,"1":328,"22":1444213759,"21":1444213759,"7":68,"11":67,"6":0,"4":17,"5":0,"16":0,"17":0,"9":0,"13":0,"42":7} 07/Oct/2015 13:29:50 [engine.c:2486] Emitting Flow: [->][udp] 10.112.35.67:68 -> 255.255.255.255:67 [1 pkt/328 bytes][ifIdx 0->0][0.0 sec][init Unknown][AS: 0 -> 0] 07/Oct/2015 13:29:50 [util.c:3923] [ZMQ] {"8":"10.112.35.51","12":"10.112.35.65","15":"0.0.0.0","10":0,"14":0,"2":5,"1":726,"22":1444213760,"21":1444213760,"7":63539,"11":3000,"6":27,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42":8} 07/Oct/2015 13:29:50 [engine.c:2486] Emitting Flow: [->][tcp] 10.112.35.51:63539 -> 10.112.35.65:3000 [5 pkt/726 bytes][ifIdx 0->0][0.0 sec][CNL: 0.227 ms][SNL: 0.053 ms][init 10.112.35.51][AS: 0 -> 0] 07/Oct/2015 13:29:50 [util.c:3923] [ZMQ] {"8":"10.112.35.65","12":"10.112.35.51","15":"0.0.0.0","10":0,"14":0,"2":5,"1":852,"22":1444213760,"21":1444213760,"7":3000,"11":63539,"6":27,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42":9} 07/Oct/2015 13:29:50 [engine.c:2513] Emitting Flow: [<-][tcp] 10.112.35.65:3000 -> 10.112.35.51:63539 [5 pkt/852 bytes][ifIdx 0->0][0.0 sec][CNL: 0.227 ms][SNL: 0.

[volkovmm]

do not close the topic

[lucaderi]

So use -v in ntopng to see if flows are received.

[volkovmm]

ntopng -i tcp://127.0.0.1:5556 -v 07/Oct/2015 08:56:50 [Ntop.cpp:936] Setting local networks to 127.0.0.0/8 07/Oct/2015 08:56:50 [AddressResolution.cpp:137] Rule 127.0.0.0/8 07/Oct/2015 08:56:50 [Redis.cpp:105] Successfully connected to redis 127.0.0.1:6379@0 07/Oct/2015 08:56:50 [NtopPro.cpp:117] [LICENSE] Read license from Redis [] 07/Oct/2015 08:56:50 [NtopPro.cpp:159] ERROR: [LICENSE] Invalid or missing ntopng License [Empty license file] 07/Oct/2015 08:56:50 [NtopPro.cpp:172] WARNING: [LICENSE] ntopng will now run in pro mode for 10 minutes 07/Oct/2015 08:56:50 [NtopPro.cpp:174] WARNING: [LICENSE] before returning to community mode 07/Oct/2015 08:56:50 [NtopPro.cpp:175] WARNING: [LICENSE] You can buy a permanent license at http://shop.ntop.org 07/Oct/2015 08:56:50 [NtopPro.cpp:176] WARNING: [LICENSE] or run ntopng in community mode starting 07/Oct/2015 08:56:50 [NtopPro.cpp:177] WARNING: [LICENSE] ntopng --community 07/Oct/2015 08:56:50 [main.cpp:135] System has 2 CPU cores 07/Oct/2015 08:56:50 [Utils.cpp:1224] Unable to read MTU for device tcp://127.0.0.1:5556 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 0 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 1 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 2 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 3 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 4 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 5 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 6 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 7 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 8 with no shaping max rate 07/Oct/2015 08:56:50 [L7Policer.cpp:80] Created policer 9 with no shaping max rate 07/Oct/2015 08:56:50 [Ntop.cpp:1185] Registered interface view tcp://127.0.0.1:5556 [id: 14] 07/Oct/2015 08:56:50 [Ntop.cpp:1155] Registered interface tcp://127.0.0.1:5556 [id: 0] 07/Oct/2015 08:56:50 [Utils.cpp:304] User changed to nobody 07/Oct/2015 08:56:50 [main.cpp:237] PID stored in file /var/tmp/ntopng.pid 07/Oct/2015 08:56:50 [HTTPserver.cpp:458] Please read https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable SSL. 07/Oct/2015 08:56:50 [HTTPserver.cpp:501] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 07/Oct/2015 08:56:50 [HTTPserver.cpp:504] HTTP server listening on port 3000 07/Oct/2015 08:56:50 [main.cpp:290] Working directory: /var/tmp/ntopng 07/Oct/2015 08:56:50 [main.cpp:292] Scripts/HTML pages directory: /usr/share/ntopng 07/Oct/2015 08:56:50 [Ntop.cpp:267] Welcome to ntopng x86_64 v.2.0.151006 - (C) 1998-15 ntop.org 07/Oct/2015 08:56:50 [Ntop.cpp:272] Built on CentOS Linux release 7.1.1503 (Core) 07/Oct/2015 08:56:50 [PeriodicActivities.cpp:53] Started periodic activities loop... 07/Oct/2015 08:56:50 [PeriodicActivities.cpp:91] Starting script /usr/share/ntopng/scripts/callbacks/second.lua 07/Oct/2015 08:56:50 [RuntimePrefs.cpp:32] Dumping alerts into syslog 07/Oct/2015 08:56:50 [NtopPro.cpp:234] [LICENSE] ntopng systemId: 4211A68909B1B8A9 07/Oct/2015 08:56:50 [NtopPro.cpp:239] [LICENSE] ntopng is starting in demo mode 07/Oct/2015 08:56:50 [Lua.cpp:2745] ntop_get_dirs() called 07/Oct/2015 08:56:50 [Lua.cpp:2683] ntop_is_pro() called 07/Oct/2015 08:56:50 [NetworkInterface.cpp:1395] Started packet polling on interface tcp://127.0.0.1:5556 [id: 14]... 07/Oct/2015 08:56:50 [CollectorInterface.cpp:93] Collecting flows on tcp://127.0.0.1:5556 07/Oct/2015 08:56:50 [Lua.cpp:2683] ntop_is_pro() called 07/Oct/2015 08:56:50 [Lua.cpp:216] ntop_get_interface_names() called 07/Oct/2015 08:56:50 [Lua.cpp:266] ntop_select_interface() called 07/Oct/2015 08:56:50 [Lua.cpp:245] get_ntop_interface() called 07/Oct/2015 08:56:50 [Lua.cpp:2674] ntop_get_interface_stats() called 07/Oct/2015 08:56:50 [Lua.cpp:2745] ntop_get_dirs() called 07/Oct/2015 08:56:50 [Lua.cpp:754] ntop_is_windows() called 07/Oct/2015 08:56:50 [Lua.cpp:650] ntop_get_file_dir_exists() called 07/Oct/2015 08:56:50 [Lua.cpp:754] ntop_is_windows() called 07/Oct/2015 08:56:50 [Lua.cpp:650] ntop_get_file_dir_exists() called 07/Oct/2015 08:56:50 [Lua.cpp:2125] ntop_rrd_update(/var/tmp/ntopng/14/rrd/bytes.rrd) N:0 07/Oct/2015 08:56:50 [Lua.cpp:754] ntop_is_windows() called 07/Oct/2015 08:56:50 [Lua.cpp:650] ntop_get_file_dir_exists() called 07/Oct/2015 08:56:50 [Lua.cpp:2125] ntop_rrd_update(/var/tmp/ntopng/14/rrd/packets.rrd) N:0 07/Oct/2015 08:56:50 [Lua.cpp:754] ntop_is_windows() called 07/Oct/2015 08:56:50 [Lua.cpp:650] ntop_get_file_dir_exists() called 07/Oct/2015 08:56:50 [Lua.cpp:2125] ntop_rrd_update(/var/tmp/ntopng/14/rrd/drops.rrd) N:0 07/Oct/2015 08:56:50 [Lua.cpp:754] ntop_is_windows() called 07/Oct/2015 08:56:50 [Lua.cpp:650] ntop_get_file_dir_exists() called 07/Oct/2015 08:56:50 [Lua.cpp:2125] ntop_rrd_update(/var/tmp/ntopng/14/rrd/num_hosts.rrd) N:0 07/Oct/2015 08:56:50 [Lua.cpp:754] ntop_is_windows() called 07/Oct/2015 08:56:50 [Lua.cpp:650] ntop_get_file_dir_exists() called 07/Oct/2015 08:56:50 [Lua.cpp:2125] ntop_rrd_update(/var/tmp/ntopng/14/rrd/num_flows.rrd) N:0 07/Oct/2015 08:56:50 [Lua.cpp:754] ntop_is_windows() called 07/Oct/2015 08:56:50 [Lua.cpp:650] ntop_get_file_dir_exists() called 07/Oct/2015 08:56:50 [Lua.cpp:2125] ntop_rrd_update(/var/tmp/ntopng/14/rrd/num_http_hosts.rrd) N:0 07/Oct/2015 08:56:50 [HTTPserver.cpp:217] [HTTP] Session b12752e5a954ab6de8fcb518299bf0dc is OK: extended for 43200 sec 07/Oct/2015 08:56:50 [HTTPserver.cpp:347] [HTTP] /lua/network_load.lua 07/Oct/2015 08:56:50 [HTTPserver.cpp:379] [HTTP] /lua/network_load.lua [/usr/share/ntopng/scripts/lua/network_load.lua] 07/Oct/2015 08:56:50 [AddressResolution.cpp:137] Rule 0.0.0.0/0 07/Oct/2015 08:56:50 [AddressResolution.cpp:137] Rule ::/0 07/Oct/2015 08:56:50 [Lua.cpp:2745] ntop_get_dirs() called 07/Oct/2015 08:56:50 [HTTPserver.cpp:217] [HTTP] Session b12752e5a954ab6de8fcb518299bf0dc is OK: extended for 43200 sec 07/Oct/2015 08:56:50 [HTTPserver.cpp:347] [HTTP] /lua/network_load.lua 07/Oct/2015 08:56:50 [HTTPserver.cpp:379] [HTTP] /lua/network_load.lua [/usr/share/ntopng/scripts/lua/network_load.lua] 07/Oct/2015 08:56:50 [AddressResolution.cpp:137] Rule 0.0.0.0/0 07/Oct/2015 08:56:50 [AddressResolution.cpp:137] Rule ::/0 07/Oct/2015 08:56:50 [HTTPserver.cpp:217] [HTTP] Session b12752e5a954ab6de8fcb518299bf0dc is OK: extended for 43200 sec 07/Oct/2015 08:56:50 [HTTPserver.cpp:347] [HTTP] /lua/network_load.lua 07/Oct/2015 08:56:50 [HTTPserver.cpp:379] [HTTP] /lua/network_load.lua [/usr/share/ntopng/scripts/lua/network_load.lua] 07/Oct/2015 08:56:50 [Lua.cpp:2745] ntop_get_dirs() called 07/Oct/2015 08:56:50 [AddressResolution.cpp:137] Rule 0.0.0.0/0 07/Oct/2015 08:56:50 [AddressResolution.cpp:137] Rule ::/0 07/Oct/2015 08:56:50 [Lua.cpp:2745] ntop_get_dirs() called 07/Oct/2015 08:56:50 [HTTPserver.cpp:217] [HTTP] Session b12752e5a954ab6de8fcb518299bf0dc is OK: extended for 43200 sec 07/Oct/2015 08:56:50 [HTTPserver.cpp:347] [HTTP] /lua/network_load.lua 07/Oct/2015 08:56:50 [HTTPserver.cpp:379] [HTTP] /lua/network_load.lua [/usr/share/ntopng/scripts/lua/network_load.lua] ^C07/Oct/2015 08:56:58 [main.cpp:37] Shutting down... 07/Oct/2015 08:57:00 [ProtoStats.cpp:35] [IPv4] 0 B/0.00 Packets 07/Oct/2015 08:57:00 [ProtoStats.cpp:35] [IPv6] 0 B/0.00 Packets 07/Oct/2015 08:57:00 [ProtoStats.cpp:35] [ARP] 0 B/0.00 Packets 07/Oct/2015 08:57:00 [ProtoStats.cpp:35] [MPLS] 0 B/0.00 Packets 07/Oct/2015 08:57:00 [ProtoStats.cpp:35] [Other] 0 B/0.00 Packets 07/Oct/2015 08:57:00 [Ntop.cpp:1221] Interface tcp://127.0.0.1:5556 [running: 0] 07/Oct/2015 08:57:00 [main.cpp:55] Deleted PID /var/tmp/ntopng.pid [rc: 0] 07/Oct/2015 08:57:00 [HTTPserver.cpp:516] HTTP server terminated 07/Oct/2015 08:57:00 [AddressResolution.cpp:233] Address resolution stats [0 resolved][0 failures]

[lucaderi]

I have just started nProbe (7.2.151006) as nprobe --zmq tcp://127.0.0.1:5556 -b 2

and on another shell of the same host

ntopng -i "tcp://127.0.0.1:5556"

and I see flows emitted and received by ntopng and everything works. Can you please give me access to your system to see what's wrong there?

[simonemainardi]

@volkovmm I think the point is that ntopng is listening on localhost, while you have nprobe running on a separate machine. Try to change 127.0.0.1 in ntopng -i "tcp://127.0.0.1:5556" with some IP that is reachable from the nprobe machine.

[volkovmm]

it works! thanks to all!

[lucaderi]

@volkovmm Make sure you star ntopng on github