deri at ntop
Feb 23, 2011, 12:32 PM
Post #4 of 4
(396 views)
Permalink
|
|
Re: nprobe probe/collector empty fields (out_bytes and http_url)
[In reply to]
|
|
Sylvain
a patch is on the way to you...
Luca
On Feb 22, 2011, at 6:26 PM, Sylvain Mouly wrote:
>
> Ok Luca.
> Bug created: https://www.ntop.org/bugzilla3/show_bug.cgi?id=38
>
> Any idea about the difficulty to solve the issue ?
>
> Thank you for your help
>
>
> Sylvain
>
>
> Le 22/02/11 17:37, Luca Deri a écrit :
>> Sylvain
>> please file a bug on
>> https://www.ntop.org/bugzilla3/
>>
>>
>> Luca
>>
>> On Feb 22, 2011, at 12:03 PM, Sylvain Mouly wrote:
>>
>>
>>> Hello,
>>>
>>> I'm using NProbe v6.1.6 as probe on a linux router and as a collector on a server(which collect flows from several routers).
>>> Everything works fine except the OUT_BYTES/PACKETS and HTTP plugin information not sent to the collector (the OUT_BYTES is 0 and HTTP_URL is empty). I use sqlite output format, but the same problem appears with text output.
>>> When logging localy on the router (with the -P option used and no -n option) the fields are correctly set and have proper values.
>>>
>>> Any help will be greatly appreciated.
>>> Thank you
>>>
>>> Sylvain
>>>
>>>
>>> Nprobe client/router configuration file:
>>> -i=eth0
>>> -b=2
>>> -V=10
>>> -G
>>> -1=
>>> "192.168.0.0/24@1,0.0.0.0/0@2"
>>>
>>> --bi-directional
>>> -n=10.1.1.1:5001
>>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL %FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
>>>
>>>
>>> NProbe collector configuration file:
>>> -b=2
>>> -n=none
>>> -P=/home/nprobe/data/
>>> -D=d
>>> --no-promisc
>>> --bi-directionnal
>>> -V=10
>>> -G
>>> --collector-port=5001
>>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL %FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
>>>
>>>
>>>
>>> Logs form collector startup:
>>> 22/Feb/2011 11:50:29 [nprobe.c:2647] Welcome to nprobe v.6.1.6 ($Revision: 1831 $) for i686-pc-linux-gnu
>>> 22/Feb/2011 11:50:29 [nprobe.c:2666] Tracing enabled
>>> 22/Feb/2011 11:50:29 [nprobe.c:2702] Dumping flow files every 60 sec into directory /home/nprobe-prod/data
>>> 22/Feb/2011 11:50:29 [plugin.c:132] Loading plugins...
>>> 22/Feb/2011 11:50:29 [plugin.c:147] Loading plugins [.so] from ./plugins
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsipPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libl7Plugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsmtpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdumpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/librtpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdbPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libmysqlPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libbgpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libhttpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [sipPlugin.c:70] Initialized SIP plugin
>>> 22/Feb/2011 11:50:29 [l7Plugin.c:100] Initialized L7 plugin
>>> 22/Feb/2011 11:50:29 [smtpPlugin.c:48] Initialized SMTP plugin
>>> 22/Feb/2011 11:50:29 [dumpPlugin.c:50] Initialized dump plugin
>>> 22/Feb/2011 11:50:29 [rtpPlugin.c:106] Initialized RTP plugin
>>> 22/Feb/2011 11:50:29 [dbPlugin.c:174] WARNING: DB support is not enabled (disabled at compile time)
>>> 22/Feb/2011 11:50:29 [mysqlPlugin.c:118] Initialized MySQL plugin
>>> 22/Feb/2011 11:50:29 [bgpPlugin.c:377] BGP plugin is disabled (--bgp-port has not been specified)
>>> 22/Feb/2011 11:50:29 [httpPlugin.c:130] Initialized HTTP plugin
>>> 22/Feb/2011 11:50:29 [plugin.c:195] 9 plugin(s) loaded [9 delete][9 packet].
>>> 22/Feb/2011 11:50:29 [nprobe.c:3609] Welcome to nprobe v.6.1.6 for i686-pc-linux-gnu
>>> 22/Feb/2011 11:50:29 [nprobe.c:3255] Compiling flow templates...
>>> 22/Feb/2011 11:50:29 [nprobe.c:3425] Scanning flow template...
>>> 22/Feb/2011 11:50:29 [nprobe.c:3435] IPv4 Template [id=257]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_SRC_ADDR [id 8][4 bytes][total 4 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_DST_ADDR [id 12][4 bytes][total 8 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_NEXT_HOP [id 15][4 bytes][total 12 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id 10][2 bytes][total 14 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id 14][2 bytes][total 16 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id 32][2 bytes][total 18 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4 bytes][total 22 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4 bytes][total 26 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id 24][4 bytes][total 30 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id 23][4 bytes][total 34 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id 22][4 bytes][total 38 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id 21][4 bytes][total 42 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2 bytes][total 44 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id 11][2 bytes][total 46 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1 bytes][total 47 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1 bytes][total 48 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1 bytes][total 49 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id 82][4 bytes][total 53 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id 83][4 bytes][total 57 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id 84][4 bytes][total 61 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id 85][4 bytes][total 65 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id 86][4 bytes][total 69 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id 87][4 bytes][total 73 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id 60][1 bytes][total 74 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id 61][1 bytes][total 75 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id 34][4 bytes][total 79 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id 105][2 bytes][total 81 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id 165][8 bytes][total 89 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id 180][64 bytes][total 153 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id 56][6 bytes][total 159 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id 80][6 bytes][total 165 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3435] IPv6 Template [id=258]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_SRC_ADDR [id 27][16 bytes][total 16 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_DST_ADDR [id 28][16 bytes][total 32 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_NEXT_HOP [id 62][16 bytes][total 48 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id 10][2 bytes][total 50 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id 14][2 bytes][total 52 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id 32][2 bytes][total 54 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4 bytes][total 58 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4 bytes][total 62 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id 24][4 bytes][total 66 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id 23][4 bytes][total 70 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id 22][4 bytes][total 74 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id 21][4 bytes][total 78 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2 bytes][total 80 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id 11][2 bytes][total 82 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1 bytes][total 83 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1 bytes][total 84 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1 bytes][total 85 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id 82][4 bytes][total 89 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id 83][4 bytes][total 93 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id 84][4 bytes][total 97 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id 85][4 bytes][total 101 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id 86][4 bytes][total 105 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id 87][4 bytes][total 109 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id 60][1 bytes][total 110 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id 61][1 bytes][total 111 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id 34][4 bytes][total 115 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id 105][2 bytes][total 117 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id 165][8 bytes][total 125 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id 180][64 bytes][total 189 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id 56][6 bytes][total 195 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id 80][6 bytes][total 201 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3470] Scanning option template...
>>> 22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_FLOWS_EXP [id 42][4 bytes][total 4 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_PKTS_EXP [id 41][4 bytes][total 8 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3499] Each flow is 201 bytes long
>>> 22/Feb/2011 11:50:29 [nprobe.c:3500] The # packets per flow has been set to 6
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SIP
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin L7 Protocol Recognition
>>> 22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin L7 Protocol Recognition
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SMTP Protocol Dissector
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin dump
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin RTP
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL DB
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL Plugin
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin BGP Update Listener
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin HTTP Protocol Dissector
>>> 22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin HTTP Protocol Dissector
>>> 22/Feb/2011 11:50:29 [plugin.c:625] 2 plugin(s) enabled
>>> 22/Feb/2011 11:50:29 [nprobe.c:3733] The flows hash has 32768 buckets
>>> 22/Feb/2011 11:50:29 [nprobe.c:3735] Flows older than 120 seconds will be exported
>>> 22/Feb/2011 11:50:29 [nprobe.c:3741] Flows inactive for at least 30 seconds will be exported
>>> 22/Feb/2011 11:50:29 [nprobe.c:3744] Expired flows will be checked every 30 seconds
>>> 22/Feb/2011 11:50:29 [nprobe.c:3746] Expired flows will not be queued for more than 30 seconds
>>> 22/Feb/2011 11:50:29 [nprobe.c:3750] Exported flows with engineType 0 and engineId 245
>>> 22/Feb/2011 11:50:29 [nprobe.c:3777] Flows ASs will not be computed
>>> 22/Feb/2011 11:50:29 [nprobe.c:3785] After 1 flow packets are sent, we'll delay at least 1 ms
>>> 22/Feb/2011 11:50:29 [nprobe.c:3805] Flows will be emitted in IPFIX format
>>> 22/Feb/2011 11:50:29 [nprobe.c:3810] Max payload length set to 32 bytes
>>> 22/Feb/2011 11:50:29 [nprobe.c:3812] Payload export policy (-x) for TCP: payload only with SYN set
>>> 22/Feb/2011 11:50:29 [nprobe.c:3814] Payload export policy (-x) for UDP: no payload
>>> 22/Feb/2011 11:50:29 [nprobe.c:3816] Payload export policy (-x) for ICMP: no payload
>>> 22/Feb/2011 11:50:29 [nprobe.c:3818] Payload export policy (-x) for OTHER: no payload
>>> 22/Feb/2011 11:50:29 [nprobe.c:3838] Flow input interface index is set to 0
>>> 22/Feb/2011 11:50:29 [nprobe.c:3844] Flow output interface index is set to 0
>>> 22/Feb/2011 11:50:29 [util.c:2282] INIT: Bye bye: I'm becoming a daemon...
>>> 22/Feb/2011 11:50:29 [util.c:2285] INIT: Parent process is exiting (this is normal)
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>>
>>> Ntop-misc [at] listgateway
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>> ---
>> If you can not measure it, you can not improve it - Lord Kelvin
>>
>> _______________________________________________
>> Ntop-misc mailing list
>>
>> Ntop-misc [at] listgateway
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
---
Bildung ist kein Verbrechen
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
|
