[Ntop-misc] nprobe help with AS and City

Alan Kemp alan at three6five.com
Thu Apr 19 11:36:26 CEST 2012 

Hi Guys

I was wondering if someone could help. 

I have installed nprobe v6.9.3_032312_pro, with fastbit 1.3.0 on ubunutu Linux 11.04

My question is around the collection of AS and city or country src and dst data.
I have started nprobe with the --as-list --city-list pointing to the corresponding Geo dat files.
I have also addd the -T option with these options "%SRC_IP_COUNTRY %SRC_IP_CITY %DST_IP_COUNTRY %DST_IP_CITY %SRC_AS_PATH_1 %SRC_AS %DST_AS"

The problem is that I never see that data in my fastbit database 
--snip--
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 APPL_LATENCY_SEC
-rw-rw-r-- 1 iris iris  496393 2012-04-19 11:15 DIRECTION
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 DST_AS
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 EXPORTER_IPV4_ADDRESS
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 FIRST_SWITCHED
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 IN_BYTES
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 IN_PKTS
-rw-rw-r-- 1 iris iris  992786 2012-04-19 11:15 INPUT_SNMP
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 IPV4_DST_ADDR
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 IPV4_SRC_ADDR
-rw-rw-r-- 1 iris iris  992786 2012-04-19 11:15 L4_DST_PORT
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_DST_PORT_MAP_0
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_DST_PORT_MAP_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_DST_PORT_MAP_2
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_DST_PORT_MAP_3
-rw-rw-r-- 1 iris iris  992786 2012-04-19 11:15 L4_SRC_PORT
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_SRC_PORT_MAP_0
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_SRC_PORT_MAP_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_SRC_PORT_MAP_2
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_SRC_PORT_MAP_3
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L7_PROTO_NAME_0
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L7_PROTO_NAME_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L7_PROTO_NAME_2
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L7_PROTO_NAME_3
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 LAST_SWITCHED
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 MPLS_LABEL_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 OUT_BYTES
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 OUT_PKTS
-rw-rw-r-- 1 iris iris  992786 2012-04-19 11:15 OUTPUT_SNMP
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PACKET_VARIANCE
-rw-rw-rw- 1 iris iris    4260 2012-04-19 11:15 -part.txt
-rw-rw-r-- 1 iris iris  496393 2012-04-19 11:15 PROTOCOL
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PROTOCOL_MAP_0
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PROTOCOL_MAP_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PROTOCOL_MAP_2
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PROTOCOL_MAP_3
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 SAMPLING_INTERVAL
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 SERVER_NW_DELAY_SEC
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 SRC_AS
-rw-rw-r-- 1 iris iris  496393 2012-04-19 11:15 TCP_FLAGS
--snip--

Also while typing this mail I did notice that the byte count on the above looks incorrect (same size files)? or am I missing something there.

I also noticed that when I run a fbquery against this data I get an usual result.
--snip--
~/nprobe_6.9.3_032312_pro/fastbit/fbquery -d . -c "sum(IN_BYTES),SRC_AS,DST_AS" -L 10 
_0,SRC_AS
672665372,0
2840,0
64,0
3764413,0
17668,0
56,0
160,0
2952,0
24052,0
1420,0
--snip--

So the header is _0,SRC_AS should it now be "sum1,SRC_AS,DST_AS"? and I'm missing a column, it happens whenever I call a sum().

Thats for any suggests in this regard.

regards

--
Alan Kemp
email: alan at three6five.com
mobile: +27 83 257 5970
three6five

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop-misc/attachments/20120419/2c1161cd/attachment.htm>

More information about the Ntop-misc mailing list