search

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring
http://www.ntop.org
GNU General Public License v3.0
6.26k stars 656 forks source link

Ntopng - v.2.3.160603 (arm) "First / Last Seen" always same. #600

Closed filemoon closed 8 years ago

filemoon commented 8 years ago

Hi.

I've noticed all my hosts have always have very same first/last seen date (one and same data for all of them - first and last) - external and local.

Examples:

screen shot 2016-06-04 at 22 24 23 screen shot 2016-06-04 at 22 24 02

Regards Chris

filemoon commented 8 years ago

Another screenshot from now. Issue is still present for all hosts (internal/external).

another example

simonemainardi commented 8 years ago

can't reproduce on raspberry pi. Please, post full configuration used

filemoon commented 8 years ago

This is full config.

-G=/var/log/ntopng.pid -d=/var/lib/ntopng -i=tcp://127.0.0.1:5556 -m="10.0.1.0/24,10.0.2.0/24,10.0.0.0/24" -n=1 -X=100000 -x=16000

lucaderi commented 8 years ago

@filemoon What nprobe version are you using? What about the nprobe config file?

filemoon commented 8 years ago

Latest available ARM version.

-3=2055 -V=9 --zmq tcp://*:5556 -i=none -n=none -t=60 -d=15 -l=15 -g=/var/log/nprobe.pid

filemoon commented 8 years ago

What may be tricky - I'm using ARM64 system (Odroid C2) - linux multiarch - and armhf version of ntopng/nprobe.

Are you planing to create builds for ARM64 version too?

lucaderi commented 8 years ago

Is the clock properly set on both nprobe and ntopng PIs ? We'll be releasing 64 bit ARM packages soon

filemoon commented 8 years ago

The clock is set at ARM "server" - ntopng and nprobe is running from at same server (time is syncing any hour - ntp) - time/time zone is correct.

Can't wait for ARM64 build ;)

simonemainardi commented 8 years ago

Hi,

I have tested also with nprobe and ntopng arm builds. It works properly:

image

I run ntopng on a raspberry pi:

deri@raspberrypi 164> /usr/local/bin/ntopng --version
v.2.3.160603 [Professional/Embedded Edition]
GIT rev:   dev:f3cd841bd1a44734bca8676fb82d98a1c03d51fb:20160603
Pro rev:   r634
System Id: FD2BC9D6499602D2
Built on:  Raspbian GNU/Linux 8.0 (jessie)

And nprobe on a ubiquiti edgex:

root@edgex:/home/ubnt# /usr/local/sbin/nprobe --version

Welcome to nProbe v.7.3.160430 (r5070) [Embedded] for x86_64-unknown-linux-gnu

That said. I noticed you are using nprobe as a proxy. That is, it receives flows on port 2055. Are you sure that flows sent to nProbe contain first and last switched fields and that those fields are correctly populated? You may want to enclose a pcap of captured netflow v9 (from the exported to the nprobe) so that we can check.

filemoon commented 8 years ago

Please close the ticket - I did not export time stamps (now my cisco config is sorted) ;(