Empty flows when using Dynamic Flow Collection Interfaces

[edhil]

OS: Ubuntu 14.04.5 LTS ntopng Version: 2.5.170119 - Pro Small Business Edition

I'm using ntopng to show traffic collected by nprobe (as netflow collector)

When I activate the "Dynamic Flow Collection Interfaces" in the Runtime Preferences (Expert Mode) -> Network Interfaces, and restart ntopng, There is 0 hosts, devices or flows showing in any interface (whereas real or virtual one). The counters at the bottom of the webui are 0.

If I set the parameter back to "None" and restart ntopng, the flows are showing again.

If I put log level to Info, I see that the flow information is still getting to ntopng.

Here is a CollectorInterface log when parameter set to Off: 19/Jan/2017 11:31:26 [CollectorInterface.cpp:210] {"8":"1.1.5.1","12":"24.202.245.198","15":"1.2.9.2","10":18,"14":1,"2":4,"1":404,"22":1484821851,"21":1484821851,"7":31697,"11":995,"6":0,"4":17,"5":0,"16":60595,"17":5769,"9":0,"13":0, "130":"172.16.103.34"} [msg_id=1030313]

When collection set to "ingress flow interface" : 19/Jan/2017 11:34:50 [CollectorInterface.cpp:210] {"8":"9.7.4.1","12":"1.1.5.3","15":"178.237.99.2","10":1,"14":18,"2":2,"1":238,"22":1484822059,"21":1484822059,"7":53,"11":7504,"6":0,"4":17,"5":0,"16":21342,"17":60595,"9":0,"13":0, "130":"172.16.103.34"} [msg_id=1141312]

So it seems the collection is still ok, but I don't have anything showing ...

[edhil]

I did also try to revert nprobe/ntopng mode as follow:
nprobe conf: -n=none -G= --online-license-check -g=/var/run/nprobe.pid --collector-port=1234 --zmq=tcp://127.0.0.1:5559 --cpu-affinity=2 --zmq-probe-mode

ntopng conf: -G=/var/tmp/ntopng.pid -n=3 -i=tcp://127.0.0.1:5559c -i=tcp://127.0.0.1:5560c -d=/home/ntopng --daemon= -w=3000 --user=ntopng --group=ntopng

And the behavior is exactly the same : with the "Dynamic Flow Collection Interfaces" option set to none, I can see flows, and if set to anything else, I have no flows and no hosts.

[edhil]

Please note that the realtime trafic on the Pro Dashboard is actually working, with the trafic for each virtual interface. So the problem is really an UI issue.

[simonemainardi]

I tried to reproduce your issue and everything works as expected. Flows appear in the UI even across ntopng restarts. I tried both with virtual interfaces based on the probe IP as well as the ingress flow interface.

I used the following:

v.2.5.170124 [Enterprise/Professional Edition]
GIT rev:   dev:93705cedcdc49c03a76b5edbd6e6038bdaf4eb76:20170124
Pro rev:   r912
System Id: A2D7D2FB9206AAF2
Built on:  Ubuntu 16.04.1 LTS

Welcome to nProbe v.7.5.170124 (r5612)

[edhil]

Hi Simone, After your message, I did try again, from scratch : I completely removed ntopng install to start again, wiped out redis completely by stopping redis-server and remove /var/lib/redis/dump.rdb, and reinstalled everything. Now is seems to work ok when ntopng is configured in collector mode.

I suppose that my first attemps failed because I first configured ntopng and nprobe in standard mode (no --zmq-probe-mode in nprobe, no 'c' in ntopn interface name)

For the record, There is my working configuration :

• My router (mikrotik) send flow to 172.16.103:1236
• nprobe configuration: -n=none -G= --online-license-check -g=/var/run/nprobe.pid --collector-port=1236 --zmq=tcp://127.0.0.1:5560 --zmq-probe-mode
• ntopng configuration: -G=/var/run/ntopng.pid -n=3 -i=tcp://127.0.0.1:5560c -d=/home/ntopng --daemon= -w=3000 --user=ntopng --group=ntopng --local-networks=100.64.0.0/10,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12

Thanks.