Inhaltsverzeichnis

NtopNG

NtopNG and Nprobe config for Routers using NetFlow with IPv6 and MySQL data storage. Based on version 2.5

nprobe 1

The default template (-T) for some reason does not contain the IPv6 fields so they have to be added.

--zmq="tcp://127.0.0.1:5556"
--collector-port=4711
-n=none
-i=none
--pid-file=/var/run/nprobe-rh.pid
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %NPROBE_IPV4_ADDRESS %INPUT_SNMP %OUTPUT_SNMP"

nprobe 2

--zmq="tcp://127.0.0.1:5557"
--collector-port=4712
-n=none
-i=none
--pid-file=/var/run/nprobe-tk.pid
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %NPROBE_IPV4_ADDRESS %INPUT_SNMP %OUTPUT_SNMP"

ntop

„-m“ defines the nets considdered to be local. Without this host statistics do not work. The text file added by „-p“ defines ports an protocols not recognized by NtoNG by default.

-G=/var/run/ntopng.pid
--interface="tcp://127.0.0.1:5556"
--interface="tcp://127.0.0.1:5557"
-F="mysql;localhost;ntop;flows;ntop;ntop"
-m="x.x.x.x,x.x.x.x/x,x:x:x:x:x::/x,x:x:x:x:x::/x"
-D=all
-p="/etc/ntopng/protos.txt"
My „/etc/ntopng/protos.txt“
# Format:
# <tcp|udp>:,<tcp|udp>:,.....@
#tcp:81,tcp:8181@HTTP
#udp:5061-5062@SIP
#tcp:860,udp:860,tcp:3260,udp:3260@iSCSI
#tcp:3000@ntop 

tcp:6556@check_mk
tcp:6557@mk_multisite
tcp:8333@bitcoin