search

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring
http://www.ntop.org
GNU General Public License v3.0
6.16k stars 648 forks source link

ntopng Can not recieve sflow messages from the nprobe. ] WARNING: Unsupported publisher version: is your nProbe sender outdated? #8567

Closed uyi600 closed 1 month ago

uyi600 commented 1 month ago

Environment: docker root@sflow-ntopng-sever:/# ntopng --version v.4.2.210426 [Enterprise/Professional build] GIT rev: 4.2-stable:c45fb78365c974f96c2269de91721dbfe347596a:20210426 Pro rev: r3349 Built on: Ubuntu 20.04.1 LTS System Id: 5045AEBD04050783 Platform: x86_64 Edition: Enterprise L (Bundle) License Type: Time-Limited [Empty license file] Validity: Until Thu Jul 25 12:29:48 2024 root@sflow-ntopng-sever:/#

root@sflow-ntopng-sever:/# nprobe -v

Welcome to nProbe v.10.4.240205 for x86_64-pc-linux-gnu with native PF_RING acceleration. Built with nDPI 4.8.0-4331-816b0019

Copyright 2002-23 ntop.org

Version: 10.4.240205 Build OS: Ubuntu 20.04.6 LTS SystemID: L5045AEBD04050783--U5045AEBDAB8B6DAF--OL GIT rev: 10.4-stable:37f33dd7c67a815cc3b889f084dab0023b2848da:20240205 License: Invalid license (/etc/nprobe.license) [Missing license file. Please read https://www.ntop.org/support/faq/license-inside-a-container]

nProbe is subject to the terms and conditions defined in the LICENSE and EULA files that are part of this package.

nProbe also contains third party code: Radix tree code - (C) The Regents of the University of Michigan ("The Regents") and Merit Network, Inc. sFlow collector - (C) InMon Inc. root@sflow-ntopng-sever:/#

What happened:

25/Jul/2024 12:15:37 [ZMQCollectorInterface.cpp:315] WARNING: Unsupported publisher version: is your nProbe sender outdated? [28][24][2][2][1] 25/Jul/2024 12:15:37 [ZMQCollectorInterface.cpp:315] WARNING: Unsupported publisher version: is your nProbe sender outdated? [368][24][113][2][1] 25/Jul/2024 12:15:38 [ZMQCollectorInterface.cpp:315] WARNING: Unsupported publisher version: is your nProbe sender outdated? [28][24][2][2][1] 25/Jul/2024 12:15:38 [ZMQCollectorInterface.cpp:315] WARNING: Unsupported publisher version: is your nProbe sender outdated? [368][24][113][2][1] 25/Jul/2024 12:15:39 [ZMQCollectorInterface.cpp:315] WARNING: Unsupported publisher version: is your nProbe sender outdated? [28][24][2][2][1]

How did you reproduce it?

Debug Information:

cardigliano commented 1 month ago

@uyi600 please note you are running an obsolete ntopng version, that is no longer compatible with the new nprobe export format that has been changed to optimize and enrich flow export. Please update the software.

uyi600 commented 1 month ago

@cardigliano Thank you! I downloaded ntopng and nprobe from docker hub of ntop officer'publish two days ago. Would you guys update the docker hub. the ntopng can not match the nprobe docker images. That is convenient for customs. I debug for hours to figure out.

cardigliano commented 1 month ago

What is the name of the image you are using? Did you get it from https://hub.docker.com/u/ntop ?

uyi600 commented 1 month ago

docker pull ntop/ntopng:stable

uyi600 commented 1 month ago

docker pull ntop/nprobe

uyi600 commented 1 month ago

image image

uyi600 commented 1 month ago

image

uyi600 commented 1 month ago

Yes, you can see the IMAGE ID image

cardigliano commented 1 month ago

I get ntopng 6.0.240531 from ntop/ntopng:stable, this is the command I run:

docker run -it -p 3000:3000 -v $(pwd)/ntopng.license:/etc/ntopng.license:ro --net=host ntop/ntopng:stable --version Unable to find image 'ntop/ntopng:stable' locally stable: Pulling from ntop/ntopng a8b1c5f80c2d: Pull complete b93e6c395e8c: Pull complete cd05f9f150fe: Pull complete edb944085cf6: Pull complete 1957768f501f: Pull complete d90d88a275ea: Pull complete Digest: sha256:da62b6f248597f9f00c8c89989da08012e473b5335830656cb50f0789256c506 Status: Downloaded newer image for ntop/ntopng:stable WARNING: Published ports are discarded when using host network mode Starting redis-server: redis-server. Version: 6.0.240531 [Enterprise/Professional build] GIT rev: 6.0-stable:93cb51d01a0f03d12c8503ae03e7936708e71ece:20240531

uyi600 commented 1 month ago

I figured it out that I configurated registry-mirrors before. root@min-virtual-machine:/home/min/yaml# cat /etc/docker/daemon.json "registry-mirrors": ["https://rutk7umz.mirror.aliyuncs.com"],

Thank you very much for responding

uyi600 commented 1 month ago

@cardigliano Hi guys. I face a problem. nprobe received the sflow packet ,but nprobe do not send it to the ntopng. do you know the problem is ?

docker run -itd -p 3000:3000 --net=host my-ntop:latest -i eth0 -i tcp://127.0.0.1:5556

docker run -itd --privileged -u root --net=host ntop/nprobe:stable -i eth0 -i -i none -n none --collector-port 2055 --zmq tcp://127.0.0.1:5556

[root@sflow-ntopng-sever ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8e31836f3a56 ntop/nprobe:stable "/run.sh -i eth0 -..." 18 minutes ago Up 18 minutes nifty_thompson 2971685835e1 my-ntop:latest "/run.sh -i eth0 -..." 23 minutes ago Up 23 minutes boring_keller 3ebfff3f2724 redis "docker-entrypoint..." 31 minutes ago Up 31 minutes 0.0.0.0:6379->6379/tcp redis_container [root@sflow-ntopng-sever ~]# docker logs 8e31836f3a56 26/Jul/2024 12:43:40 [plugin.c:178] No plugins found in ./plugins 26/Jul/2024 12:43:40 [plugin.c:186] Loading 23 plugins [.so] from /usr/lib/nprobe/plugins 26/Jul/2024 12:43:40 [nprobe.c:5966] Disabling flow cache during collection 26/Jul/2024 12:43:40 [nprobe.c:7149] WARNING: IMPORTANT 26/Jul/2024 12:43:40 [nprobe.c:7150] WARNING: IMPORTANT --zmq tcp://x.x.x.x:yyyy is deprecated 26/Jul/2024 12:43:40 [nprobe.c:7151] WARNING: IMPORTANT and it has been replaced with 26/Jul/2024 12:43:40 [nprobe.c:7152] WARNING: IMPORTANT --ntopng zmq://x.x.x.x:yyyy 26/Jul/2024 12:43:40 [nprobe.c:7153] WARNING: IMPORTANT Please update your configuration 26/Jul/2024 12:43:40 [nprobe.c:7154] WARNING: IMPORTANT 26/Jul/2024 12:43:40 [nprobe.c:5387] WARNING: Invalid license (/etc/nprobe.license) [Missing license file. Please read https://www.ntop.org/support/faq/license-inside-a-container] 26/Jul/2024 12:43:40 [nprobe.c:5397] WARNING: ** 26/Jul/2024 12:43:40 [nprobe.c:5398] WARNING: 26/Jul/2024 12:43:40 [nprobe.c:5399] WARNING: Switching to DEMO MODE 26/Jul/2024 12:43:40 [nprobe.c:5400] WARNING: - Missing license file. Please read https://www.ntop.org/support/faq/license-inside-a-container 26/Jul/2024 12:43:40 [nprobe.c:5401] WARNING: 26/Jul/2024 12:43:40 [nprobe.c:5403] WARNING: Purchase your license at 26/Jul/2024 12:43:40 [nprobe.c:5404] WARNING: https://shop.ntop.org/ 26/Jul/2024 12:43:40 [nprobe.c:5405] WARNING: 26/Jul/2024 12:43:40 [nprobe.c:5407] WARNING: ** 26/Jul/2024 12:43:40 [nprobe.c:7886] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ? 26/Jul/2024 12:43:40 [nprobe.c:7889] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ? 26/Jul/2024 12:43:40 [nprobe.c:7914] Using ZMQ sourceId 1873283219 26/Jul/2024 12:43:40 [nprobe.c:7933] -i is ignored as --collector-port|-3 has been used: using '-i none' 26/Jul/2024 12:43:40 [nprobe.c:7985] Flow cache is disabled in flow collection mode 26/Jul/2024 12:43:40 [nprobe.c:7988] Welcome to nProbe v.10.4.240205 for x86_64-pc-linux-gnu with native PF_RING acceleration 26/Jul/2024 12:43:40 [nprobe.c:8010] Pro Edition running on Ubuntu 20.04.6 LTS 26/Jul/2024 12:43:40 [nprobe.c:8018] Current limits [4 ZMQ exporters][4 collector devices] 26/Jul/2024 12:43:40 [nprobe.c:8029] SystemId: L5045AEBD04050783--U5045AEBDAB8B6DAF--OL 26/Jul/2024 12:43:40 [nprobe.c:8122] Sample rate [packet: 1][flow collection/export: 1/1] 26/Jul/2024 12:43:40 [nprobe.c:11490] WARNING: 26/Jul/2024 12:43:40 [nprobe.c:11491] WARNING: NOTE: This is a DEMO version limited to: 26/Jul/2024 12:43:40 [nprobe.c:11492] WARNING: - flows export: 5000 (live), 512 (pcap). 26/Jul/2024 12:43:40 [nprobe.c:11493] WARNING: - 300 seconds. 26/Jul/2024 12:43:40 [nprobe.c:11494] WARNING: 26/Jul/2024 12:43:40 [exportPlugin.c:664] WARNING: Kafka support requires nprobe Enterprise M or better: disabled 26/Jul/2024 12:43:40 [nprobe.c:10217] Using template %IN_SRC_MAC %OUT_DST_MAC %INPUT_SNMP %OUTPUT_SNMP %SRC_VLAN %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %L7_PROTO %L7_CONFIDENCE %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %CLIENT_TCP_FLAGS %SERVER_TCP_FLAGS %L7_PROTO_RISK %L7_RISK_SCORE %EXPORTER_IPV4_ADDRESS %DIRECTION %SAMPLING_INTERVAL %TOTAL_FLOWS_EXP %NPROBE_IPV4_ADDRESS %NPROBE_INSTANCE_NAME %POST_NAT_SRC_IPV4_ADDR %POST_NAT_DST_IPV4_ADDR %POST_NAPT_SRC_TRANSPORT_PORT %POST_NAPT_DST_TRANSPORT_PORT 26/Jul/2024 12:43:40 [nprobe.c:10219] Using NetFlow Packet Payload Len: 1472 26/Jul/2024 12:43:40 [template.c:3570] WARNING: Unable to locate template 'NPROBE_IPV6_ADDRESS': Pro version does not include plugins. 26/Jul/2024 12:43:40 [template.c:3570] WARNING: Unable to locate template 'POST_NAT_SRC_IPV6_ADDR': Pro version does not include plugins. 26/Jul/2024 12:43:40 [template.c:3570] WARNING: Unable to locate template 'POST_NAT_DST_IPV6_ADDR': Pro version does not include plugins. 26/Jul/2024 12:43:40 [template.c:3570] WARNING: Unable to locate template 'NPROBE_IPV6_ADDRESS': Pro version does not include plugins. 26/Jul/2024 12:43:40 [template.c:3570] WARNING: Unable to locate template 'POST_NAT_SRC_IPV6_ADDR': Pro version does not include plugins. 26/Jul/2024 12:43:40 [template.c:3570] WARNING: Unable to locate template 'POST_NAT_DST_IPV6_ADDR': Pro version does not include plugins. 26/Jul/2024 12:43:40 [plugin.c:1205] 0 plugin(s) enabled 26/Jul/2024 12:43:40 [nprobe.c:10760] Each flow is 164 bytes long 26/Jul/2024 12:43:40 [nprobe.c:10761] The # flows per packet has been set to 7 26/Jul/2024 12:43:40 [nprobe.c:10764] IP TOS is ignored 26/Jul/2024 12:43:40 [nprobe.c:11566] Flow export type (-T): bidirectional flows 26/Jul/2024 12:43:40 [nprobe.c:11774] Flows ASs will not be computed (no GeoDB files loaded with --as-list) 26/Jul/2024 12:43:40 [nprobe.c:11806] Flows will be exported in NetFlow 9 format 26/Jul/2024 12:43:40 [nprobe.c:11852] Learning the public IP address.. Disable it with --disable-startup-checks 26/Jul/2024 12:43:40 [util.c:6457] Initializing ZMQ as server 26/Jul/2024 12:43:40 [util.c:6494] Successfully created ZMQ endpoint tcp://127.0.0.1:5556 with sourceId: 1873283219 26/Jul/2024 12:43:40 [nprobe.c:12044] Not capturing packet from interface (collector mode) 26/Jul/2024 12:43:40 [util.c:5202] Enlarged socket buffer [echo 8388608 > /proc/sys/net/core/rmem_max] 26/Jul/2024 12:43:40 [util.c:5257] nProbe changed user to 'nprobe' 26/Jul/2024 12:43:40 [collect.c:248] Flow collector listening on port 2055 (IPv4/v6) 26/Jul/2024 12:43:40 [export.c:483] Using TLV as serialization format 26/Jul/2024 12:43:40 [nprobe.c:12340] nProbe started successfully 26/Jul/2024 12:44:25 [collect.c:3469] Collecting flows from 100.65.116.5 [total: 1/4] 26/Jul/2024 13:00:51 [collect.c:3469] Collecting flows from 100.65.108.8 [total: 2/4] 26/Jul/2024 13:00:51 [export.c:532] ERROR: 26/Jul/2024 13:00:51 [export.c:533] ERROR: NOTE: You have reached the max demo 0 flows export: no more exports 26/Jul/2024 13:00:51 [export.c:535] ERROR: NOTE: no additional flows will be exported by this nProbe instance 26/Jul/2024 13:00:51 [export.c:536] ERROR: [root@sflow-ntopng-sever ~]#

cardigliano commented 1 month ago

Please change -i eth0 to -i none (nprobe should not process promisc traffic from an interface when collecting sflow or netflow)