search

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring
http://www.ntop.org
GNU General Public License v3.0
6.23k stars 654 forks source link

"No Results Found" in GUI #831

Closed Sulzer-GmbH closed 7 years ago

Sulzer-GmbH commented 7 years ago

Hi *, We installed “nProbe for Unix” and ntopng on Jessie and see no errors in logs. But under GUI is the message to see: “No Results Found”. Could you help us, please. Thanks a lot, Farid Sulzer Company

/etc/ntopng/ntopng.conf

-i="tcp://127.0.0.1:5556" -G=/var/run/ntopng.pid -d=/var/tmp -v=

###################################

/etc/nprobe/nprobe-netflow.conf

-i=none -n=none --zmq="tcp://*:5556" --collector-port=2055 --pid-file=/tmp/nprobe -G=

simonemainardi commented 7 years ago

Hi,

first let's make sure that nprobe is collecting flows: run it with extra options -b 2 --debug and see the output. You should see flows coming in and going out to ntopng as json, e.g., 

21/Nov/2016 16:18:48 [util.c:4163] [flow] {"8":"192.168.2.143","12":"239.255.255.250","15":"0.0.0.0","10":65535,"14":65535,"2":1,"1":155,"22":1479741497,"21":1479741497,"7":51564,"11":1900,"6":0,"4":17,"5":0,"16":0,"17":0,"9":0,"13":0,"42":3338}
21/Nov/2016 16:18:48 [engine.c:3484] Emitting Flow: [->][udp] 192.168.2.143:51564 -> 239.255.255.250:1900 [1 pkt/155 bytes][ifIdx 65535->65535][0.0 sec][init Unknown][AS: 0 -> 0]

Then, once you are sure flows are going through, launch ntopng with option -v 3 and see if it correctly receives them. It should tell something like:

21/Nov/2016 16:22:13 [CollectorInterface.cpp:183] {"8":"192.168.2.130","12":"131.114.18.19","15":"0.0.0.0","10":65535,"14":65535,"2":1,"1":71,"22":1479741702,"21":1479741702,"7":58148,"11":53,"6":0,"4":17,"5":0,"16":0,"17":0,"9":0,"13":0,"42":3755}
21/Nov/2016 16:22:13 [CollectorInterface.cpp:183] {"8":"131.114.18.19","12":"192.168.2.130","15":"0.0.0.0","10":65535,"14":65535,"2":1,"1":139,"22":1479741702,"21":1479741702,"7":53,"11":58148,"6":0,"4":17,"5":0,"16":0,"17":0,"9":0,"13":0,"42":3756}
2
Sulzer-GmbH commented 7 years ago

Hi Simone, thanks for your support. With -b 2 I see the connections:

22/Nov/2016 17:15:32 [util.c:4163] [flow] {"8":"172.17.41.109","12":"255.255.255.255","15":"0.0.0.0","10":0,"14":0,"2":1,"1":328,"22":1479831329,"21":1479831329,"7":68,"11":67,"6":0,"4":17,"5":0,"16":0,"17":0,"9":0,"13":0,"42":17} 22/Nov/2016 17:15:32 [engine.c:3409] Emitting Flow: [->][udp] 172.17.41.109:68 -> 255.255.255.255:67 [1 pkt/328 bytes][ifIdx 0->0][0.0 sec][init Unknown][AS: 0 -> 0]

22/Nov/2016 17:18:33 [engine.c:3436] Emitting Flow: [<-][tcp] 172.17.31.193:3000 -> 172.21.21.77:50161 [4 pkt/351 bytes][ifIdx 0->0][0.0 sec][AS: 0 -> 0] 22/Nov/2016 17:18:33 [util.c:4163] [flow] {"8":"172.21.21.77","12":"172.17.31.193","15":"0.0.0.0","10":0,"14":0,"2":5,"1":588,"22":1479831511,"21":1479831511,"7":50162,"11":3000,"6":30,"4":6,"5":0,"16":0,"17":0,"9":0,"13":0,"42":49}

But in ntopng -v3 I could not see a CollectorInterface.cpp!?

Best Regards, Farid

ntopng-v3.txt

simonemainardi commented 7 years ago

@Sulzer-GmbH OK so that means that nprobe correctly receives and output flows but ntopng can't get them. Please, make sure ntopng can actually connect to nprobe.

From the ntopng-v3.txt logs enclosed I can see that there is no ZMQ interface specified. Make sure to tell ntopng the nprobe ZMQ endpoint as an interface-i tcp://127.0.0.1:5556

Sulzer-GmbH commented 7 years ago

Hi Simone, I think ZMQ is ok (see image). You could see too in my first post the "nprobe-netflow.conf" and ntopng.conf". I don't kknow where shoud I config this?

zmq rx-updates_sflow-updates

Sulzer-GmbH commented 7 years ago

netstat -tupln | grep ntop tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 616/ntopng

tcpdump -n 15:31:21.145265 IP 192.168.8.31.2055 > 172.17.31.193.2055: UDP, length 388 15:31:21.995786 IP 172.17.0.2.2055 > 172.17.31.193.2055: UDP, length 208

simonemainardi commented 7 years ago

@Sulzer-GmbH in the file ntopng-v3.txt you enclosed there was no zmq interface just the system interfaces. Can you please enclose an ntopng verbose log (-v 3) that uses the ZMQ interface. Thank you.

Sulzer-GmbH commented 7 years ago

@simonemainardi log of ntopng.log.txt

ntopng with -v 3

Sulzer-GmbH commented 7 years ago

@simonemainardi Is there any problem with VM machine? I installed ntopng and nprobe on other machine, and it works now. But how could I transfer the licence from old machine to new? Thanks a lot

simonemainardi commented 7 years ago

@Sulzer-GmbH thanks for reporting. Please, contact the ntop team privately for instructions on how to transfer a license.