smouly at clevernetwork
Feb 22, 2011, 3:03 AM
Views: 416
Permalink
|
|
nprobe probe/collector empty fields (out_bytes and http_url)
|
|
Hello,
I'm using NProbe v6.1.6 as probe on a linux router and as a collector on
a server(which collect flows from several routers).
Everything works fine except the OUT_BYTES/PACKETS and HTTP plugin
information not sent to the collector (the OUT_BYTES is 0 and HTTP_URL
is empty). I use sqlite output format, but the same problem appears
with text output.
When logging localy on the router (with the -P option used and no -n
option) the fields are correctly set and have proper values.
Any help will be greatly appreciated.
Thank you
Sylvain
Nprobe client/router configuration file:
-i=eth0
-b=2
-V=10
-G
-1="192.168.0.0/24@1,0.0.0.0/0@2"
--bi-directional
-n=10.1.1.1:5001
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
%OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES
%FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
%PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC
%SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC
%APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL
%FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
NProbe collector configuration file:
-b=2
-n=none
-P=/home/nprobe/data/
-D=d
--no-promisc
--bi-directionnal
-V=10
-G
--collector-port=5001
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
%OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES
%FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
%PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC
%SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC
%APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL
%FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
Logs form collector startup:
22/Feb/2011 11:50:29 [nprobe.c:2647] Welcome to nprobe v.6.1.6
($Revision: 1831 $) for i686-pc-linux-gnu
22/Feb/2011 11:50:29 [nprobe.c:2666] Tracing enabled
22/Feb/2011 11:50:29 [nprobe.c:2702] Dumping flow files every 60 sec
into directory /home/nprobe-prod/data
22/Feb/2011 11:50:29 [plugin.c:132] Loading plugins...
22/Feb/2011 11:50:29 [plugin.c:147] Loading plugins [.so] from ./plugins
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsipPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libl7Plugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded
'./plugins/libsmtpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded
'./plugins/libdumpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/librtpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdbPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded
'./plugins/libmysqlPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libbgpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded
'./plugins/libhttpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [sipPlugin.c:70] Initialized SIP plugin
22/Feb/2011 11:50:29 [l7Plugin.c:100] Initialized L7 plugin
22/Feb/2011 11:50:29 [smtpPlugin.c:48] Initialized SMTP plugin
22/Feb/2011 11:50:29 [dumpPlugin.c:50] Initialized dump plugin
22/Feb/2011 11:50:29 [rtpPlugin.c:106] Initialized RTP plugin
22/Feb/2011 11:50:29 [dbPlugin.c:174] WARNING: DB support is not enabled
(disabled at compile time)
22/Feb/2011 11:50:29 [mysqlPlugin.c:118] Initialized MySQL plugin
22/Feb/2011 11:50:29 [bgpPlugin.c:377] BGP plugin is disabled
(--bgp-port has not been specified)
22/Feb/2011 11:50:29 [httpPlugin.c:130] Initialized HTTP plugin
22/Feb/2011 11:50:29 [plugin.c:195] 9 plugin(s) loaded [9 delete][9 packet].
22/Feb/2011 11:50:29 [nprobe.c:3609] Welcome to nprobe v.6.1.6 for
i686-pc-linux-gnu
22/Feb/2011 11:50:29 [nprobe.c:3255] Compiling flow templates...
22/Feb/2011 11:50:29 [nprobe.c:3425] Scanning flow template...
22/Feb/2011 11:50:29 [nprobe.c:3435] IPv4 Template [id=257]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_SRC_ADDR [id 8][4
bytes][total 4 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_DST_ADDR [id
12][4 bytes][total 8 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_NEXT_HOP [id
15][4 bytes][total 12 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id
10][2 bytes][total 14 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id
14][2 bytes][total 16 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id
32][2 bytes][total 18 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4
bytes][total 22 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4
bytes][total 26 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id
24][4 bytes][total 30 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id
23][4 bytes][total 34 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id
22][4 bytes][total 38 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id
21][4 bytes][total 42 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2
bytes][total 44 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id
11][2 bytes][total 46 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1
bytes][total 47 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1
bytes][total 48 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1
bytes][total 49 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id
82][4 bytes][total 53 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id
83][4 bytes][total 57 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id
84][4 bytes][total 61 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id
85][4 bytes][total 65 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id
86][4 bytes][total 69 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id
87][4 bytes][total 73 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id
60][1 bytes][total 74 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id
61][1 bytes][total 75 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id
34][4 bytes][total 79 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id
105][2 bytes][total 81 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id
165][8 bytes][total 89 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id
180][64 bytes][total 153 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id
56][6 bytes][total 159 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id
80][6 bytes][total 165 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3435] IPv6 Template [id=258]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_SRC_ADDR [id
27][16 bytes][total 16 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_DST_ADDR [id
28][16 bytes][total 32 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_NEXT_HOP [id
62][16 bytes][total 48 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id
10][2 bytes][total 50 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id
14][2 bytes][total 52 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id
32][2 bytes][total 54 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4
bytes][total 58 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4
bytes][total 62 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id
24][4 bytes][total 66 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id
23][4 bytes][total 70 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id
22][4 bytes][total 74 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id
21][4 bytes][total 78 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2
bytes][total 80 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id
11][2 bytes][total 82 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1
bytes][total 83 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1
bytes][total 84 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1
bytes][total 85 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id
82][4 bytes][total 89 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id
83][4 bytes][total 93 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id
84][4 bytes][total 97 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id
85][4 bytes][total 101 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id
86][4 bytes][total 105 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id
87][4 bytes][total 109 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id
60][1 bytes][total 110 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id
61][1 bytes][total 111 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id
34][4 bytes][total 115 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id
105][2 bytes][total 117 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id
165][8 bytes][total 125 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id
180][64 bytes][total 189 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id
56][6 bytes][total 195 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id
80][6 bytes][total 201 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3470] Scanning option template...
22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_FLOWS_EXP [id
42][4 bytes][total 4 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_PKTS_EXP [id
41][4 bytes][total 8 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3499] Each flow is 201 bytes long
22/Feb/2011 11:50:29 [nprobe.c:3500] The # packets per flow has been set
to 6
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SIP
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin L7 Protocol Recognition
22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin L7 Protocol Recognition
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SMTP Protocol Dissector
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin dump
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin RTP
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL DB
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL Plugin
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin BGP Update Listener
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin HTTP Protocol Dissector
22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin HTTP Protocol Dissector
22/Feb/2011 11:50:29 [plugin.c:625] 2 plugin(s) enabled
22/Feb/2011 11:50:29 [nprobe.c:3733] The flows hash has 32768 buckets
22/Feb/2011 11:50:29 [nprobe.c:3735] Flows older than 120 seconds will
be exported
22/Feb/2011 11:50:29 [nprobe.c:3741] Flows inactive for at least 30
seconds will be exported
22/Feb/2011 11:50:29 [nprobe.c:3744] Expired flows will be checked every
30 seconds
22/Feb/2011 11:50:29 [nprobe.c:3746] Expired flows will not be queued
for more than 30 seconds
22/Feb/2011 11:50:29 [nprobe.c:3750] Exported flows with engineType 0
and engineId 245
22/Feb/2011 11:50:29 [nprobe.c:3777] Flows ASs will not be computed
22/Feb/2011 11:50:29 [nprobe.c:3785] After 1 flow packets are sent,
we'll delay at least 1 ms
22/Feb/2011 11:50:29 [nprobe.c:3805] Flows will be emitted in IPFIX format
22/Feb/2011 11:50:29 [nprobe.c:3810] Max payload length set to 32 bytes
22/Feb/2011 11:50:29 [nprobe.c:3812] Payload export policy (-x) for
TCP: payload only with SYN set
22/Feb/2011 11:50:29 [nprobe.c:3814] Payload export policy (-x) for
UDP: no payload
22/Feb/2011 11:50:29 [nprobe.c:3816] Payload export policy (-x) for
ICMP: no payload
22/Feb/2011 11:50:29 [nprobe.c:3818] Payload export policy (-x) for
OTHER: no payload
22/Feb/2011 11:50:29 [nprobe.c:3838] Flow input interface index is set to 0
22/Feb/2011 11:50:29 [nprobe.c:3844] Flow output interface index is set to 0
22/Feb/2011 11:50:29 [util.c:2282] INIT: Bye bye: I'm becoming a daemon...
22/Feb/2011 11:50:29 [util.c:2285] INIT: Parent process is exiting (this
is normal)
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
|
nprobe probe/collector empty fields (out_bytes and http_url)
