search

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring
http://www.ntop.org
GNU General Public License v3.0
6.27k stars 656 forks source link

SNMP monitoring stopped working after upgrading ntopng from 3.8 to 4.0 #3686

Closed oliwirth closed 4 years ago

oliwirth commented 4 years ago

When using ntopng 3.8 on debian stretch from apt-stable.ntop.org I could successfully monitor a number of devices via SNMP v??? (see the attached screenshots).

After the upgrade to ntopng 4.0 the SNMP monitoring now errors with:

The SNMP walk is too slow. Displayed data may be outdated or missing. Check network connectivity and device responsiveness. A new scan attempt will be performed in 15 minutes.

However, running a simple snmpwalk -v2c -c xxx 10.0.0.1 from the command line on the same host succeeds within a few seconds.

I would appreciate any advice on how to debug this issue further.

Best regards, Oliver

ntopng_SNMP NTOPNG-SNMP-Error_Message

emanuele-f commented 4 years ago

What is the output of ntopng --version? Can you click on the yellow triangle in the top bar and send here a screenshot of the page that opens?

oliwirth commented 4 years ago

v.4.0.200326 [Enterprise/Professional build] GIT rev: 4.0-stable:4ed0491edfbd0d8bb1e49fbb26883fd8a3e32843:20200326 Pro rev: r2798 Built on: Debian GNU/Linux 9.12 (stretch) System Id: 1C03091100000749 Platform: x86_64 Edition: Enterprise License Type: Permanent Maintenance: Until Sat Jan 23 17:13:10 2021 [296 days left] License: bWnSIU1jDA/gGhcKB7UM+Lo4sFvqIHwVkrxcQ/Jr9KfgNY4tUg8Z15xdXdNUz/xwDy3EN ajLS7mTYULkMDDPOyeHi05b19WKk/3gGN5GlPehs5y7Zy0ALmz4tC4lNhDgmdCk2Zs0XF Afb9GFR26aJBHK8+sWQtFZa/AHyAdEZAZBE+q77iS2Oet07t4q2tmk2+5vFOHs1zGx18e P58Nk6VJBlOc4hOWfmyVi1Xii804ZU7E2S3cDsTWTf36IFYe7Q15wLxenI5Gks0xXKXPB ugkTctpaqpnK1M6J0EKmnourkI4iTQ9Tu6iPNq1CVngpx+ucZTyG9YgEzIfhDGzWVA== License Hash: CAE46C90D20D87FD76F297890C3801191611418390003CE1AF

ntopng_version_attention

simonemainardi commented 4 years ago

please, go to preferences, SNMP, enable the debug, let it run for 15 minutes, and report the output:

image

oliwirth commented 4 years ago

exept a lot of [Blacklisted Flow] I receive this:

(same output attached as a file ntopng_snmp_log.txt)

Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 30 secs [host: 10.10.29.40] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.48] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.48] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.48] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.48] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.48] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.49] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.49] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.49] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.49] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.49] Apr 2 11:01:31 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:31 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.90] Apr 2 11:01:57 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:57 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 26 secs [host: 10.10.29.90] Apr 2 11:01:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:58 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 1 secs [host: 10.10.29.90] Apr 2 11:01:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:58 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.10.29.90] Apr 2 11:01:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:58 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.10.29.90] Apr 2 11:01:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:01:58 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.117] Apr 2 11:02:01 nlxowirthstretch CRON[9657]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:02:01 nlxowirthstretch CRON[9659]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:02:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:28 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 30 secs [host: 10.10.29.117] Apr 2 11:02:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:28 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.181] Apr 2 11:02:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:58 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 30 secs [host: 10.10.29.181] Apr 2 11:02:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:58 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.50] Apr 2 11:02:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:58 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.50] Apr 2 11:02:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:58 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.50] Apr 2 11:02:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:58 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.50] Apr 2 11:02:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:58 [5min.lua:10] [snmp_device.lua:46] cachecounters executed in 0 secs [host: 10.0.9.50] Apr 2 11:04:01 nlxowirthstretch CRON[9873]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:04:01 nlxowirthstretch CRON[9875]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:04:05 nlxowirthstretch ntopng: [02/04/2020 11:01:01][Error][Flows Flood][Host][10.0.3.15@0][Released] Host nlxowirthstretch.gsi.de is a flow flooder [137 > 50 flows sent] Apr 2 11:04:05 nlxowirthstretch ntopng: [02/04/2020 11:04:01][Error][Dropped Alerts][Interface][iface-1][Engaged] 3 alerts dropped on interface local ens3. Apr 2 11:04:05 nlxowirthstretch ntopng: [02/04/2020 11:02:01][Error][Dropped Alerts][Interface][iface_-1][Released] 1 alerts dropped on interface ens3. Apr 2 11:04:34 nlxowirthstretch ntopng: [02/04/2020 11:03:35][Error][Flows Flood][Host][92.118.37.95@0][Released] Host 92.118.37.95 is a flow flooder [481 > 50 flows sent] Apr 2 11:04:35 nlxowirthstretch ntopng: [02/04/2020 11:04:31][Error][Web Mining][Flow][flow] The website is known for mining cryptocurrencies on client devices [Flow: Info 223.71.167.165:10679 140.181.72.125:8333] Apr 2 11:04:35 nlxowirthstretch ntopng: [02/04/2020 11:04:31][Error][Web Mining][Flow][flow] The website is known for mining cryptocurrencies on client devices [Flow: Info 223.71.167.165:47173 140.181.72.168:8333] Apr 2 11:05:01 nlxowirthstretch ntopng[24823]: Starting with system caching Apr 2 11:05:01 nlxowirthstretch ntopng[24823]: Starting with bridge caching Apr 2 11:05:01 nlxowirthstretch ntopng[24823]: Starting with interface caching Apr 2 11:05:01 nlxowirthstretch ntopng[24823]: Starting with interface status Apr 2 11:05:01 nlxowirthstretch ntopng[24823]: Starting with counters caching Apr 2 11:05:01 nlxowirthstretch ntopng[24823]: Dumping device timeseries Apr 2 11:05:01 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:01 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.90] Apr 2 11:05:21 nlxowirthstretch ntopng: [02/04/2020 11:05:18][Error][Threshold Cross][Host][140.181.8.12@0][Engaged] Minute host_score crossed by host ext-027495.gsi.de [1020 > 999] Apr 2 11:05:21 nlxowirthstretch ntopng: [02/04/2020 11:04:18][Error][Threshold Cross][Host][119.63.89.10@0][Released] Minute host_score crossed by host 119.63.89.10 [1120 > 999] Apr 2 11:05:21 nlxowirthstretch ntopng: [02/04/2020 11:04:18][Error][Threshold Cross][Host][83.97.20.113@0][Released] Minute host_score crossed by host 113.20.97.83.ro.ovo.sc [1400 > 999] Apr 2 11:05:21 nlxowirthstretch ntopng: [02/04/2020 11:00:24][Error][Threshold Cross][Host][140.181.8.33@0][Released] Minute host_score crossed by host vcap01.gsi.de [1011 > 999] Apr 2 11:05:21 nlxowirthstretch ntopng: [02/04/2020 10:50:18][Error][Threshold Cross][Host][140.181.8.16@0][Released] Minute host_score crossed by host docvpn.gsi.de [1002 > 999] Apr 2 11:05:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:27 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 26 secs [host: 10.10.29.90] Apr 2 11:05:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:27 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.10.29.90] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 1 secs [host: 10.10.29.90] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.10.29.90] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.48] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.48] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.48] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.48] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.48] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.49] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.49] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.49] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.49] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.49] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.50] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.50] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.50] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.50] Apr 2 11:05:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:05:28 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.50] Apr 2 11:06:01 nlxowirthstretch CRON[10052]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:06:01 nlxowirthstretch CRON[10054]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:06:25 nlxowirthstretch ntopng: [02/04/2020 11:06:22][Error][Web Mining][Flow][flow] The website is known for mining cryptocurrencies on client devices [Flow: Info census7.shodan.io:20217 140.181.190.106:8333] Apr 2 11:07:01 nlxowirthstretch CRON[10142]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:07:01 nlxowirthstretch CRON[10143]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:07:41 nlxowirthstretch ntopng: [02/04/2020 11:07:28][Error][Threshold Cross][Host][14.192.7.2@0][Engaged] Minute host_score crossed by host 14.192.7.2 [1560 > 999] Apr 2 11:08:01 nlxowirthstretch CRON[10272]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:08:01 nlxowirthstretch CRON[10274]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:08:21 nlxowirthstretch ntopng: [02/04/2020 11:08:19][Error][Threshold Cross][Host][193.105.134.95@0][Engaged] Minute host_score crossed by host 193.105.134.95 [1290 > 999] Apr 2 11:08:21 nlxowirthstretch ntopng: [02/04/2020 11:08:19][Error][Threshold Cross][Host][119.63.89.10@0][Engaged] Minute host_score crossed by host 119.63.89.10 [1352 > 999] Apr 2 11:08:21 nlxowirthstretch ntopng: [02/04/2020 11:08:18][Error][Threshold Cross][Host][118.70.113.1@0][Engaged] Minute host_score crossed by host 118.70.113.1 [1145 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 11:08:18][Error][Threshold Cross][Host][156.96.155.239@0][Engaged] Minute host_score crossed by host 156.96.155.239 [1320 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 11:07:18][Error][Threshold Cross][Host][83.97.20.113@0][Released] Minute host_score crossed by host 113.20.97.83.ro.ovo.sc [1165 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 11:05:15][Error][Threshold Cross][Host][37.49.226.116@0][Released] Minute host_score crossed by host 37.49.226.116 [1185 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 11:05:15][Error][Threshold Cross][Host][37.49.226.176@0][Released] Minute host_score crossed by host 37.49.226.176 [1030 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 11:05:15][Error][Threshold Cross][Host][37.49.227.202@0][Released] Minute host_score crossed by host 37.49.227.202 [1000 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 11:02:19][Error][Threshold Cross][Host][140.181.8.51@0][Released] Minute host_score crossed by host gsivc51.gsi.de [2030 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 11:00:21][Error][Threshold Cross][Host][185.175.93.37@0][Released] Minute host_score crossed by host 185.175.93.37 [1435 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 10:58:16][Error][Threshold Cross][Host][185.175.93.34@0][Released] Minute host_score crossed by host 185.175.93.34 [1150 > 999] Apr 2 11:08:22 nlxowirthstretch ntopng: [02/04/2020 11:08:20][Error][Flow Misbehaviour][Flow][flow] Elephant Flow (Local to Remote) [Exceeding 1 GB] [Flow: 140.181.2.25:38660 128.142.215.36:1095] [TCP] [Application: Unknown] Apr 2 11:09:01 nlxowirthstretch CRON[10361]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:09:01 nlxowirthstretch CRON[10362]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:09:29 nlxowirthstretch ntopng: [02/04/2020 11:08:27][Error][Flows Flood][Host][185.143.223.81@0][Released] Host 185.143.223.81 is a flow flooder [51 > 50 flows sent] Apr 2 11:10:01 nlxowirthstretch CRON[10800]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:10:01 nlxowirthstretch CRON[10802]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: Starting with system caching Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: Starting with bridge caching Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: Starting with interface caching Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: Starting with interface status Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: Starting with counters caching Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: Dumping device timeseries Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:01 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.50] Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:01 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.50] Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:01 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.50] Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:01 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.50] Apr 2 11:10:01 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:01 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.50] Apr 2 11:10:02 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:02 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.49] Apr 2 11:10:02 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:02 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.49] Apr 2 11:10:02 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:02 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.49] Apr 2 11:10:02 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:02 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.49] Apr 2 11:10:02 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:02 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.49] Apr 2 11:10:02 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:02 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.90] Apr 2 11:10:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:27 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 25 secs [host: 10.10.29.90] Apr 2 11:10:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:27 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.10.29.90] Apr 2 11:10:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 1 secs [host: 10.10.29.90] Apr 2 11:10:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:28 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.10.29.90] Apr 2 11:10:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:28 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.48] Apr 2 11:10:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:28 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.48] Apr 2 11:10:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.48] Apr 2 11:10:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.48] Apr 2 11:10:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:10:28 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.48] Apr 2 11:11:01 nlxowirthstretch CRON[10888]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:11:01 nlxowirthstretch CRON[10890]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:11:36 nlxowirthstretch ntopng: [02/04/2020 11:10:36][Error][Flows Flood][Host][92.118.37.95@0][Released] Host 92.118.37.95 is a flow flooder [56 > 50 flows sent] Apr 2 11:12:01 nlxowirthstretch CRON[10996]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:12:01 nlxowirthstretch CRON[10997]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:12:19 nlxowirthstretch ntopng: [02/04/2020 11:12:17][Error][Threshold Cross][Host][122.228.19.80@0][Engaged] Minute host_score crossed by host 122.228.19.80 [1090 > 999] Apr 2 11:12:19 nlxowirthstretch ntopng: [02/04/2020 11:12:17][Error][Threshold Cross][Host][107.189.10.180@0][Engaged] Minute host_score crossed by host 107.189.10.180 [1195 > 999] Apr 2 11:12:19 nlxowirthstretch ntopng: [02/04/2020 11:12:17][Error][Threshold Cross][Host][185.175.93.37@0][Engaged] Minute host_score crossed by host 185.175.93.37 [1575 > 999] Apr 2 11:12:19 nlxowirthstretch ntopng: [02/04/2020 11:12:17][Error][Threshold Cross][Host][185.202.1.34@0][Engaged] Minute host_score crossed by host 185.202.1.34 [1055 > 999] Apr 2 11:12:19 nlxowirthstretch ntopng: [02/04/2020 11:07:17][Error][Threshold Cross][Host][210.66.206.59@0][Released] Minute host_score crossed by host h59-210-66-206.seed.net.tw [1070 > 999] Apr 2 11:12:35 nlxowirthstretch ntopng: [02/04/2020 11:12:31][Error][Web Mining][Flow][flow] The website is known for mining cryptocurrencies on client devices [Flow: Info 170.106.81.117:39982 140.181.59.132:8333] Apr 2 11:13:01 nlxowirthstretch CRON[11089]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:13:01 nlxowirthstretch CRON[11090]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:13:09 nlxowirthstretch ntopng: [02/04/2020 11:13:06][Error][Web Mining][Flow][flow] The website is known for mining cryptocurrencies on client devices [Flow: Info 71.6.199.23:20217 140.181.92.79:8333] Apr 2 11:13:24 nlxowirthstretch ntopng: [02/04/2020 11:13:23][Error][Threshold Cross][Host][140.181.72.147@0][Engaged] Minute host_score crossed by host qwg2011.gsi.de [1001 > 999] Apr 2 11:13:24 nlxowirthstretch ntopng: [02/04/2020 11:13:18][Error][Threshold Cross][Host][185.142.236.35@0][Engaged] Minute host_score crossed by host wine.census.shodan.io [1035 > 999] Apr 2 11:13:24 nlxowirthstretch ntopng: [02/04/2020 11:09:19][Error][Threshold Cross][Host][140.181.8.51@0][Released] Minute host_score crossed by host gsivc51.gsi.de [2000 > 999] Apr 2 11:13:24 nlxowirthstretch ntopng: [02/04/2020 11:09:19][Error][Threshold Cross][Host][140.181.3.106@0][Released] Minute host_score crossed by host lxelog1.gsi.de [2020 > 999] Apr 2 11:13:24 nlxowirthstretch ntopng: [02/04/2020 11:05:18][Error][Threshold Cross][Host][140.181.8.12@0][Released] Minute host_score crossed by host ext-027495.gsi.de [1020 > 999] Apr 2 11:13:24 nlxowirthstretch ntopng: [02/04/2020 11:02:19][Error][Threshold Cross][Host][140.181.8.56@0][Released] Minute host_score crossed by host emmilr01.gsi.de [1015 > 999] Apr 2 11:13:24 nlxowirthstretch ntopng: [02/04/2020 11:13:21][Error][Web Mining][Flow][flow] The website is known for mining cryptocurrencies on client devices [Flow: Info 198.108.67.86:27491 140.181.11.65:8333] Apr 2 11:15:01 nlxowirthstretch ntopng[24823]: Starting with system caching Apr 2 11:15:01 nlxowirthstretch ntopng[24823]: Starting with bridge caching Apr 2 11:15:01 nlxowirthstretch ntopng[24823]: Starting with interface caching Apr 2 11:15:01 nlxowirthstretch ntopng[24823]: Starting with interface status Apr 2 11:15:01 nlxowirthstretch ntopng[24823]: Starting with counters caching Apr 2 11:15:01 nlxowirthstretch ntopng[24823]: Dumping device timeseries Apr 2 11:15:01 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:01 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.90] Apr 2 11:15:01 nlxowirthstretch CRON[11285]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:15:01 nlxowirthstretch CRON[11287]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:15:23 nlxowirthstretch ntopng: [02/04/2020 11:15:23][Error][Threshold Cross][Host][140.181.64.67@0][Engaged] Minute host_score crossed by host biopc177.gsi.de [1015 > 999] Apr 2 11:15:23 nlxowirthstretch ntopng: [02/04/2020 11:15:20][Error][Threshold Cross][Host][140.181.8.16@0][Engaged] Minute host_score crossed by host docvpn.gsi.de [1001 > 999] Apr 2 11:15:23 nlxowirthstretch ntopng: [02/04/2020 11:15:20][Error][Threshold Cross][Host][140.181.8.54@0][Engaged] Minute host_score crossed by host gsivc54.gsi.de [2013 > 999] Apr 2 11:15:23 nlxowirthstretch ntopng: [02/04/2020 11:15:20][Error][Threshold Cross][Host][140.181.8.12@0][Engaged] Minute host_score crossed by host ext-027495.gsi.de [1016 > 999] Apr 2 11:15:23 nlxowirthstretch ntopng: [02/04/2020 11:15:19][Error][Threshold Cross][Host][202.101.173.131@0][Engaged] Minute host_score crossed by host 202.101.173.131 [1828 > 999] Apr 2 11:15:24 nlxowirthstretch ntopng: [02/04/2020 11:15:19][Error][Threshold Cross][Host][202.101.173.130@0][Engaged] Minute host_score crossed by host 202.101.173.130 [1117 > 999] Apr 2 11:15:24 nlxowirthstretch ntopng: [02/04/2020 11:15:19][Error][Threshold Cross][Host][202.101.173.146@0][Engaged] Minute host_score crossed by host 202.101.173.146 [1326 > 999] Apr 2 11:15:24 nlxowirthstretch ntopng: [02/04/2020 11:15:18][Error][Threshold Cross][Host][83.97.20.113@0][Engaged] Minute host_score crossed by host 113.20.97.83.ro.ovo.sc [1040 > 999] Apr 2 11:15:24 nlxowirthstretch ntopng: [02/04/2020 11:06:17][Error][Threshold Cross][Host][140.181.8.33@0][Released] Minute host_score crossed by host vcap01.gsi.de [3010 > 999] Apr 2 11:15:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:27 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 26 secs [host: 10.10.29.90] Apr 2 11:15:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:28 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 1 secs [host: 10.10.29.90] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 1 secs [host: 10.10.29.90] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.10.29.90] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.50] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.50] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.50] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.50] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.50] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.49] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.49] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.49] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.49] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.49] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.48] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.48] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.48] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.48] Apr 2 11:15:29 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:15:29 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.48] Apr 2 11:17:01 nlxowirthstretch CRON[11469]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:17:01 nlxowirthstretch CRON[11472]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Apr 2 11:17:01 nlxowirthstretch CRON[11473]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:18:01 nlxowirthstretch CRON[11560]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:18:01 nlxowirthstretch CRON[11562]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:20:56 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:20:56 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 25 secs [host: 10.10.29.90] Apr 2 11:20:56 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:20:56 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.10.29.90] Apr 2 11:20:57 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:20:57 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 1 secs [host: 10.10.29.90] Apr 2 11:20:57 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:20:57 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.10.29.90] Apr 2 11:20:57 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:20:57 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.163] Apr 2 11:21:00 nlxowirthstretch ntopng: [02/04/2020 11:20:57][Error][Web Mining][Flow][flow] The website is known for mining cryptocurrencies on client devices [Flow: Info 106.75.13.173:58914 140.181.242.214:8333] Apr 2 11:21:01 nlxowirthstretch CRON[11842]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests) Apr 2 11:21:01 nlxowirthstretch CRON[11843]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand) Apr 2 11:21:23 nlxowirthstretch ntopng: [02/04/2020 11:21:21][Error][Flows Flood][Host][140.181.96.11@0][Engaged] Host lxdns1.gsi.de is a flow flooder [93 > 50 flows sent] Apr 2 11:21:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:21:27 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 4 secs [host: 10.10.29.163] Apr 2 11:21:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:21:27 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.0.9.48] Apr 2 11:21:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:21:27 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 0 secs [host: 10.0.9.48] Apr 2 11:21:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:21:27 [5min.lua:10] [snmp_device.lua:46] cache_interfaces executed in 0 secs [host: 10.0.9.48] Apr 2 11:21:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:21:27 [5min.lua:10] [snmp_device.lua:46] cache_interfaces_status executed in 0 secs [host: 10.0.9.48] Apr 2 11:21:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:21:27 [5min.lua:10] [snmp_device.lua:46] cache_counters executed in 0 secs [host: 10.0.9.48] Apr 2 11:21:27 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:21:27 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.40]

simonemainardi commented 4 years ago

For one of the devices highlighted with the yellow triangle, the caching ob bridge MIB takes more than 30 seconds so ntopng gives up. See for example:

Apr  2 11:02:28 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:28 [5min.lua:10] [snmp_device.lua:46] cache_system executed in 0 secs [host: 10.10.29.181]
Apr  2 11:02:58 nlxowirthstretch ntopng[24823]: 02/Apr/2020 11:02:58 [5min.lua:10] [snmp_device.lua:46] cache_bridge executed in 30 secs [host: 10.10.29.181]

Need to handle longer caching times and retries. Will get back to you.

oliwirth commented 4 years ago

Right, an snmpwalk to 10.10.29.181 almost takes 7 minutes, since ist is a big stacking switch. BUT: snmpwalk to 10.10.29.90 takes 2 minutes but WORKS and shows data in ntopng. snmpwalk to 10.0.0.1 takes 24 seconds but is NOT WORKING, doesn't show data in ntopng. So not a really consistent behaviour regarding the 30 seconds... Look forward what you will find out.

emanuele-f commented 4 years ago

It all depends on the order in which ntopng scans the SNMP devices. The 24 seconds device may not be scanned at all if the other SNMP devices take a lot of time to complete. The #3058 issue should improve this. Also we should consider making parallel requests to the SNMP devices.

lucaderi commented 4 years ago

We have made some fixed in SNMP. Can you please update and report?

oliwirth commented 4 years ago

Dear Luca, I upgraded to v.4.0.200608 as advised. But still no change. ntopng_snmp

A simple snmpwalk shows this: real 0m25,713s user 0m1,276s sys 0m2,556s

simonemainardi commented 4 years ago

you need to upgrade to version 4.1

oliwirth commented 4 years ago

Sorry to ask, but how shall I do this? In the mapped repository only Version 4.0.200610-10482 is available. What do you recommend I should install version 4.1?

simonemainardi commented 4 years ago

Correct. Visit packages.ntop.org and follow instructions to install nightly builds.

oliwirth commented 4 years ago

Dear Simone, SNMP now works in version 4.1!!! Nice! Thanks for fixing! Just a short remark, in version 3.8 graphs were shown also via snmp. That was useful, since traffic was split into send and received. Graphs seem not to be available anymore? Do you plan to implement this again?

simonemainardi commented 4 years ago

Thanks for reporting. Charts are available also in 4.1, just make sure they are enabled from the preferences:

image

oliwirth commented 4 years ago

Dear Simone, something does not work correct in SNMP. I realised it after the upgrade 2 days before.

SNMP shows duplicate names for different IP adresses. Also the names are changing after a while. Have a look on IP 10.10.41.16 in both attached pics.

ntopng_snmp_wrong_names1 ntopng_snmp_wrong_names2

oliwirth commented 4 years ago

Actual version: ntopng Enterprise M Edition v.4.1.200618

oliwirth commented 4 years ago

correct allocation is: 10.0.2.1 Cisco ASA Module l3-02a 10.0.0.1 Cisco Cat6509 l3-01 10.10.41.16 Brocade ICX6430 gificx15 10.10.29.181 Brocade ICX7450 icxq37 10.10.29.163 Brocade VDX vdxc03 10.10.29.90 Brocade ICX6450 icxx36

simonemainardi commented 4 years ago

Let's focus on 10.10.41.16 which is supposed to be Brocade ICX6430 gificx15.

As soon as you add it, name and descriptions are correct? Did you notice any particular action which causes this change?

An snmp packet capture would be useful to further dig into the issue. Can you record SNMP traffic until you see the issue occurring and then send us the resulting pcap file?

lucaderi commented 4 years ago

The above bug should be fixed by now. Overnight new packages will be built

oliwirth commented 4 years ago

Hello Luca, yes now the display remains correct. Thanks for fixing it!