Disk icon missing n2disk

[dimkar121]

I would like to maintain history stats so I have activated n2disk with the corresponding academic licence. In https://www.ntop.org/guides/ntopng/using_with_other_tools/n2disk.html , I read "In order to actually start recording traffic, you need to select an interface from the Interfaces menu, click on the disk icon, and configure the recording instance:". I am missing this disk icon. Any thoughts?

thanks D.

[cardigliano]

As first step, did you verify that n2disk is installed and the license is valid? Could you provide n2disk --version (or n2disk1g --version depending on the license)

[dimkar121]

Hallo, this is the output of n2disk --version:

n2disk v.3.7.210521 (r5315) Copyright 2009-2021 ntop.org SystemID: 6**F Edition: 10/40/100G License: DM/****i9xqgqkA== License Hash: 25***5D [valid license] License Type: Permanent License Maintenance: Until Tue Apr 12 12:35:20 2022 [326 days left]

thanks

[cardigliano]

Please now provide a screenshot of the interface stats page in ntopng

[dimkar121]

Is this what you have requested?

[cardigliano]

Yes. Please note ntopng is not able to automatically detect what is the interface for running the traffic recording in this case as you are collecting data from a ZMQ interface (in this case it's a local probe, however this can also be remote) rather than capturing directly from the interface. In this case you need to manually configure the n2disk service (https://www.ntop.org/guides/n2disk/how_to_start.html#systemd-based-systems) and configure an external recording provider in ntopng (https://www.ntop.org/guides/ntopng/using_with_other_tools/n2disk.html#external-traffic-recording-providers)

[dimkar121]

Hello, I am indeed running a ZMQ at 127.0.0.1:5556, where nprobe exports data from mikrotik to ntopng. I am also providing the configuarion file of n2disk

--interface=nt01 --dump-directory=/storage --timeline-dir=/storage --disk-limit=40% --max-file-len=1000 --buffer-len=4000 --max-file-duration=60 --index --snaplen=1536 --writer-cpu-affinity=0 --reader-cpu-affinity=1 --compressor-cpu-affinity=2,3 --index-on-compressor-threads -u=ntopng --zmq=tcp://127.0.0.1:5556 --zmq-probe-mode --zmq-export-flows

Any ideas?

thanks Dimitrios

[cardigliano]

@dimkar121 if you are analysing flow data coming from a different appliance, you cannot capture the raw traffic on machine running ntopng (unless you have a mirror), and in any case you need to configure n2disk manually as I described before.

[dimkar121]

Yes exactly. This is what I am trying to do (manual configuration). This is the reason I have pasted the conf file of n2disk. The purpose is to somehow use n2disk together with nrpobe to analyse traffic coming from mikrotik.

[cardigliano]

Do you have a (raw) traffic mirror coming to the box running ntopng?

[dimkar121]

I just have a linux box which reads data from mikrotik.

[cardigliano]

@dimkar121 is this linux box receiving Netflow or a traffic mirror?

[dimkar121]

It receives data from mikrotik @port 6343 andthen passed this data to ntopng through port 5656.

[cardigliano]

This is Netflow (meta) data, you need a traffic mirror (raw data) to dump it with n2disk.

[dimkar121]

What is a traffic mirror?

[dimkar121]

As far as I understand, it is not possible to use n2disk with netflow. Nprobe and ntopng is probably enough.

[cardigliano]

Right, not in this configuration. I will close this.