[Ntop] NTOP only seeing data from host running NTOP

Jorge d'Argence jdargence at tachyon.net
Thu Mar 29 01:23:06 CEST 2007 

Anyone know why the Netflow or Sflow plugins would error out with "no devices to initialize".  I get the same error with both Netflow and Sflow.  I compiled the latest RC3 on Redhat 9.  It works just fine with eth0 on the local machine but I can't get anything else.  Any thoughts?

Thanks,
Jorge

-----Original Message-----
From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it]On Behalf Of Gary Gatten
Sent: Wednesday, March 28, 2007 3:16 PM
To: ntop at unipi.it
Subject: RE: [Ntop] NTOP only seeing data from host running NTOP



What are the timeout settings on your netflow exports?  I set mine as low as possible to get the most real-time data.  If you're sending flows over limited bandwidth you may want to use higher timeouts.

 

Also, if you click: Plugins>Netflow>Statistics, see anything that doesn't look right?

 

Lastly, do tcpdump or whatever and make sure your ntop box is actually receiving the 2055 traffic.  Could it be clocked by an ACL or firewall somewhere?

 

Many people have had a HARD time getting netflow to work, but it was super easy for me - no problems at all.  Not sure why it works so easy for some and is such a PITA for others.

 

I'm gone for today, can help tomorrow if still needed.

 

Gary

 

 

 

 


  _____  


From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of Robert Geller
Sent: Wednesday, March 28, 2007 4:42 PM
To: ntop at unipi.it
Subject: Re: [Ntop] NTOP only seeing data from host running NTOP

 

Yes, I do have the virtual netflow device setup and the NTOP server is listening on udp 2055
However I did not do the SWITCH NIC on the web.  I just did that (thanks for that) but I am not seeing any data now on that I device.

Also,  what I read / understand regarding the IP network in the Virtual Interface settings is that the IP network is only used to distinguish what is local and what is remote, whereas the black and white list tells NTOP what to store and not to store (I have these both blank so it so store all info). Please correct me if I am wrong.  

Thanks for the reply.  
-Rob





  _____  


From: Gary Gatten <Ggatten at waddell.com>
Reply-To: <ntop at unipi.it>
Date: Wed, 28 Mar 2007 17:20:33 -0400
To: <ntop at unipi.it>
Conversation: [Ntop] NTOP only seeing data from host running NTOP
Subject: RE: [Ntop] NTOP only seeing data from host running NTOP

Did you configure your virtual netflow interface in ntop?  Did you
"switch nic" and select the virtual netflow interface for your web
views?  Do a netstat -a, or sockstat -l and see if there's a ntop
process listening on the udp port configured for netflow.

Gary


-----Original Message-----
From: ntop-bounces at unipi.it [ mailto:ntop-bounces at unipi.it] <mailto:ntop-bounces at unipi.it%5d>  On Behalf Of
Robert Geller
Sent: Wednesday, March 28, 2007 4:18 PM
To: ntop at unipi.it
Subject: [Ntop] NTOP only seeing data from host running NTOP

Just recently installed 3.2.  I have my Netflow configured, and I have
my
routers configure to export.  The routers are showing flows being
exported,
nothing being dropped.  I am seeing data in NTOP, however it appears to
only
contain traffic that includes the host running NTOP only, which is
mainly
all my SNMP traffic.

I do have the ip route-cache flow configured on my interfaces, and CEF
is
enabled.  The routers are showing flows.

Not sure why I am not seeing other flows.  Any suggestions?

Thanks,

-Rob

_______________________________________________
Ntop mailing list
Ntop at unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

===========================================================================





"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."

_______________________________________________
Ntop mailing list
Ntop at unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop



=========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listgateway.unipi.it/pipermail/ntop/attachments/20070328/4edb97cc/attachment-0001.htm

More information about the Ntop mailing list