NtopNG and Nprobe config for Routers using NetFlow with IPv6 and MySQL data storage. Based on version 2.5
The default template (-T) for some reason does not contain the IPv6 fields so they have to be added.
--zmq="tcp://127.0.0.1:5556" --collector-port=4711 -n=none -i=none --pid-file=/var/run/nprobe-rh.pid -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %NPROBE_IPV4_ADDRESS %INPUT_SNMP %OUTPUT_SNMP"
--zmq="tcp://127.0.0.1:5557" --collector-port=4712 -n=none -i=none --pid-file=/var/run/nprobe-tk.pid -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %EXPORTER_IPV4_ADDRESS %NPROBE_IPV4_ADDRESS %INPUT_SNMP %OUTPUT_SNMP"
„-m“ defines the nets considdered to be local. Without this host statistics do not work. The text file added by „-p“ defines ports an protocols not recognized by NtoNG by default.
-G=/var/run/ntopng.pid --interface="tcp://127.0.0.1:5556" --interface="tcp://127.0.0.1:5557" -F="mysql;localhost;ntop;flows;ntop;ntop" -m="x.x.x.x,x.x.x.x/x,x:x:x:x:x::/x,x:x:x:x:x::/x" -D=all -p="/etc/ntopng/protos.txt"My „/etc/ntopng/protos.txt“
# Format: # <tcp|udp>:,<tcp|udp>:,.....@ #tcp:81,tcp:8181@HTTP #udp:5061-5062@SIP #tcp:860,udp:860,tcp:3260,udp:3260@iSCSI #tcp:3000@ntop tcp:6556@check_mk tcp:6557@mk_multisite tcp:8333@bitcoin