dlk3
commented
10 months ago Upgraded both machines to 6.1.240116 today. The messages continue to be logged.
Closed dlk3 closed 5 months ago
dlk3
commented
10 months ago Upgraded both machines to 6.1.240116 today. The messages continue to be logged.
NicoMaio
commented
10 months ago Hi @dlk3 I'm running the configurations as you have suggested, but no logs are coming out. Could you please update to the latest version and try again?
dlk3
commented
10 months ago I upgraded both instances to the latest from the apt repo and I am still getting these warning messages on the collector end of the conversation.
Given that the messages are not produced for every ZMQ packet that is received, I'm guessing that the messages are associated with some infrequent event that causes a malformed packet to be produced. In the log that I have attached, ntopng.log the first warning message did not appear until 24 minutes after ntopng was restarted after the upgrade and roughly 11,000 ZMQ messages had been received, according to the interface counters.
I'm wondering if I should run some sort of verbose log or packet capture to try to grab the offending messages? Let me know if there's anything I can do that would be useful to you.
Version: 6.1.240121 [Enterprise/Professional build] GIT rev: dev:134aad8cf2622c366c2aed414fff85437cec8294:20240121 Pro rev: r6301 Built on: Debian GNU/Linux 12 (bookworm) System Id: LEF30D305499602D2--OL Platform: aarch64 Edition: Community
MatteoBiscosi
commented
5 months ago Hi @dlk3 i'm trying to test your issue but everything seems working fine. Could you please update to the latest version and let me know if everything works correctly? If not, could you please capture a pcap with the traffic the 'ntopng 1' exports to the 'ntopng 2'? If you prefer you can drop an email at 'biscosi at ntop.org' with the pcap
dlk3
commented
5 months ago I gave up on getting this configuration to work months ago so I no longer have the ability to test this issue.
I have a router running ntopng at the edge of my network, exporting flows to a Raspberry Pi "collector" machine running ntopng. They are both running the same release of ntopng, and the collector ntopng on the Pi does receive flow information from the "publisher." In the collector's log, however, I am getting frequent "WARNING: Unsupported publisher version: is your nProbe sender outdated?" messages.
Environment: ntopng was installed on both machines from the ntop apt repository.
Router (publisher): Ubiquiti UDM Pro Version: 6.1.240114 [Enterprise/Professional build] GIT rev: dev:bb7e60920bd5a20a12a28dffd5dc995d35ae197e:20240114 Pro rev: r6283 Built on: Debian GNU/Linux 11 (bullseye) [Raspberry] System Id: L0BD77325499602D2--OL Platform: aarch64 Edition: Community License Type: Time-Limited [Empty license file]
Raspbery Pi 4B (collector) Version: 6.1.240114 [Enterprise/Professional build] GIT rev: dev:bb7e60920bd5a20a12a28dffd5dc995d35ae197e:20240114 Pro rev: r6283 Built on: Debian GNU/Linux 12 (bookworm) System Id: LEF30D305499602D2--OL Platform: aarch64 Edition: Community License Type: Time-Limited [Empty license file]
What happened: Multiple messages like this in syslog for the collector system. The bracketed numbers at the end vary: WARNING: Unsupported publisher version: is your nProbe sender outdated? [478][24][49][2][1]
I've attached a log file from the Raspberry Pi collector with the relevant messages -> ntop.log
Debug information Collector's ntopng.conf with commented lines removed: -W=3001 -i=tcp://192.168.1.25:3002
Publisher's ntopng.conf with commented lines removed: -W=3001 -i=br0 -i=br2 -i=br3 -i=eth9 -d=/volume1/ntopng -I=tcp://192.168.1.25:3002