Mailing List Archive

nprobe probe/collector empty fields (out_bytes and http_url)
Hello,

I'm using NProbe v6.1.6 as probe on a linux router and as a collector on
a server(which collect flows from several routers).
Everything works fine except the OUT_BYTES/PACKETS and HTTP plugin
information not sent to the collector (the OUT_BYTES is 0 and HTTP_URL
is empty). I use sqlite output format, but the same problem appears
with text output.
When logging localy on the router (with the -P option used and no -n
option) the fields are correctly set and have proper values.

Any help will be greatly appreciated.
Thank you

Sylvain


Nprobe client/router configuration file:
-i=eth0
-b=2
-V=10
-G
-1="192.168.0.0/24@1,0.0.0.0/0@2"
--bi-directional
-n=10.1.1.1:5001
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
%OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES
%FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
%PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC
%SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC
%APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL
%FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"


NProbe collector configuration file:
-b=2
-n=none
-P=/home/nprobe/data/
-D=d
--no-promisc
--bi-directionnal
-V=10
-G
--collector-port=5001
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
%OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES
%FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
%PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC
%SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC
%APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL
%FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"



Logs form collector startup:
22/Feb/2011 11:50:29 [nprobe.c:2647] Welcome to nprobe v.6.1.6
($Revision: 1831 $) for i686-pc-linux-gnu
22/Feb/2011 11:50:29 [nprobe.c:2666] Tracing enabled
22/Feb/2011 11:50:29 [nprobe.c:2702] Dumping flow files every 60 sec
into directory /home/nprobe-prod/data
22/Feb/2011 11:50:29 [plugin.c:132] Loading plugins...
22/Feb/2011 11:50:29 [plugin.c:147] Loading plugins [.so] from ./plugins
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsipPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libl7Plugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded
'./plugins/libsmtpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded
'./plugins/libdumpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/librtpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdbPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded
'./plugins/libmysqlPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libbgpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [plugin.c:436] Loaded
'./plugins/libhttpPlugin-6.1.6.so'
22/Feb/2011 11:50:29 [sipPlugin.c:70] Initialized SIP plugin
22/Feb/2011 11:50:29 [l7Plugin.c:100] Initialized L7 plugin
22/Feb/2011 11:50:29 [smtpPlugin.c:48] Initialized SMTP plugin
22/Feb/2011 11:50:29 [dumpPlugin.c:50] Initialized dump plugin
22/Feb/2011 11:50:29 [rtpPlugin.c:106] Initialized RTP plugin
22/Feb/2011 11:50:29 [dbPlugin.c:174] WARNING: DB support is not enabled
(disabled at compile time)
22/Feb/2011 11:50:29 [mysqlPlugin.c:118] Initialized MySQL plugin
22/Feb/2011 11:50:29 [bgpPlugin.c:377] BGP plugin is disabled
(--bgp-port has not been specified)
22/Feb/2011 11:50:29 [httpPlugin.c:130] Initialized HTTP plugin
22/Feb/2011 11:50:29 [plugin.c:195] 9 plugin(s) loaded [9 delete][9 packet].
22/Feb/2011 11:50:29 [nprobe.c:3609] Welcome to nprobe v.6.1.6 for
i686-pc-linux-gnu
22/Feb/2011 11:50:29 [nprobe.c:3255] Compiling flow templates...
22/Feb/2011 11:50:29 [nprobe.c:3425] Scanning flow template...
22/Feb/2011 11:50:29 [nprobe.c:3435] IPv4 Template [id=257]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_SRC_ADDR [id 8][4
bytes][total 4 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_DST_ADDR [id
12][4 bytes][total 8 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_NEXT_HOP [id
15][4 bytes][total 12 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id
10][2 bytes][total 14 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id
14][2 bytes][total 16 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id
32][2 bytes][total 18 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4
bytes][total 22 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4
bytes][total 26 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id
24][4 bytes][total 30 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id
23][4 bytes][total 34 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id
22][4 bytes][total 38 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id
21][4 bytes][total 42 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2
bytes][total 44 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id
11][2 bytes][total 46 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1
bytes][total 47 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1
bytes][total 48 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1
bytes][total 49 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id
82][4 bytes][total 53 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id
83][4 bytes][total 57 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id
84][4 bytes][total 61 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id
85][4 bytes][total 65 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id
86][4 bytes][total 69 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id
87][4 bytes][total 73 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id
60][1 bytes][total 74 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id
61][1 bytes][total 75 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id
34][4 bytes][total 79 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id
105][2 bytes][total 81 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id
165][8 bytes][total 89 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id
180][64 bytes][total 153 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id
56][6 bytes][total 159 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id
80][6 bytes][total 165 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3435] IPv6 Template [id=258]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_SRC_ADDR [id
27][16 bytes][total 16 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_DST_ADDR [id
28][16 bytes][total 32 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_NEXT_HOP [id
62][16 bytes][total 48 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id
10][2 bytes][total 50 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id
14][2 bytes][total 52 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id
32][2 bytes][total 54 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4
bytes][total 58 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4
bytes][total 62 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id
24][4 bytes][total 66 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id
23][4 bytes][total 70 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id
22][4 bytes][total 74 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id
21][4 bytes][total 78 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2
bytes][total 80 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id
11][2 bytes][total 82 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1
bytes][total 83 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1
bytes][total 84 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1
bytes][total 85 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id
82][4 bytes][total 89 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id
83][4 bytes][total 93 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id
84][4 bytes][total 97 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id
85][4 bytes][total 101 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id
86][4 bytes][total 105 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id
87][4 bytes][total 109 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id
60][1 bytes][total 110 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id
61][1 bytes][total 111 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id
34][4 bytes][total 115 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id
105][2 bytes][total 117 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id
165][8 bytes][total 125 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id
180][64 bytes][total 189 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id
56][6 bytes][total 195 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id
80][6 bytes][total 201 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3470] Scanning option template...
22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_FLOWS_EXP [id
42][4 bytes][total 4 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_PKTS_EXP [id
41][4 bytes][total 8 bytes]
22/Feb/2011 11:50:29 [nprobe.c:3499] Each flow is 201 bytes long
22/Feb/2011 11:50:29 [nprobe.c:3500] The # packets per flow has been set
to 6
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SIP
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin L7 Protocol Recognition
22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin L7 Protocol Recognition
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SMTP Protocol Dissector
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin dump
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin RTP
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL DB
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL Plugin
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin BGP Update Listener
22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin HTTP Protocol Dissector
22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin HTTP Protocol Dissector
22/Feb/2011 11:50:29 [plugin.c:625] 2 plugin(s) enabled
22/Feb/2011 11:50:29 [nprobe.c:3733] The flows hash has 32768 buckets
22/Feb/2011 11:50:29 [nprobe.c:3735] Flows older than 120 seconds will
be exported
22/Feb/2011 11:50:29 [nprobe.c:3741] Flows inactive for at least 30
seconds will be exported
22/Feb/2011 11:50:29 [nprobe.c:3744] Expired flows will be checked every
30 seconds
22/Feb/2011 11:50:29 [nprobe.c:3746] Expired flows will not be queued
for more than 30 seconds
22/Feb/2011 11:50:29 [nprobe.c:3750] Exported flows with engineType 0
and engineId 245
22/Feb/2011 11:50:29 [nprobe.c:3777] Flows ASs will not be computed
22/Feb/2011 11:50:29 [nprobe.c:3785] After 1 flow packets are sent,
we'll delay at least 1 ms
22/Feb/2011 11:50:29 [nprobe.c:3805] Flows will be emitted in IPFIX format
22/Feb/2011 11:50:29 [nprobe.c:3810] Max payload length set to 32 bytes
22/Feb/2011 11:50:29 [nprobe.c:3812] Payload export policy (-x) for
TCP: payload only with SYN set
22/Feb/2011 11:50:29 [nprobe.c:3814] Payload export policy (-x) for
UDP: no payload
22/Feb/2011 11:50:29 [nprobe.c:3816] Payload export policy (-x) for
ICMP: no payload
22/Feb/2011 11:50:29 [nprobe.c:3818] Payload export policy (-x) for
OTHER: no payload
22/Feb/2011 11:50:29 [nprobe.c:3838] Flow input interface index is set to 0
22/Feb/2011 11:50:29 [nprobe.c:3844] Flow output interface index is set to 0
22/Feb/2011 11:50:29 [util.c:2282] INIT: Bye bye: I'm becoming a daemon...
22/Feb/2011 11:50:29 [util.c:2285] INIT: Parent process is exiting (this
is normal)




_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: nprobe probe/collector empty fields (out_bytes and http_url) [ In reply to ]
Sylvain
please file a bug on https://www.ntop.org/bugzilla3/

Luca

On Feb 22, 2011, at 12:03 PM, Sylvain Mouly wrote:

> Hello,
>
> I'm using NProbe v6.1.6 as probe on a linux router and as a collector on a server(which collect flows from several routers).
> Everything works fine except the OUT_BYTES/PACKETS and HTTP plugin information not sent to the collector (the OUT_BYTES is 0 and HTTP_URL is empty). I use sqlite output format, but the same problem appears with text output.
> When logging localy on the router (with the -P option used and no -n option) the fields are correctly set and have proper values.
>
> Any help will be greatly appreciated.
> Thank you
>
> Sylvain
>
>
> Nprobe client/router configuration file:
> -i=eth0
> -b=2
> -V=10
> -G
> -1="192.168.0.0/24@1,0.0.0.0/0@2"
> --bi-directional
> -n=10.1.1.1:5001
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL %FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
>
>
> NProbe collector configuration file:
> -b=2
> -n=none
> -P=/home/nprobe/data/
> -D=d
> --no-promisc
> --bi-directionnal
> -V=10
> -G
> --collector-port=5001
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL %FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
>
>
>
> Logs form collector startup:
> 22/Feb/2011 11:50:29 [nprobe.c:2647] Welcome to nprobe v.6.1.6 ($Revision: 1831 $) for i686-pc-linux-gnu
> 22/Feb/2011 11:50:29 [nprobe.c:2666] Tracing enabled
> 22/Feb/2011 11:50:29 [nprobe.c:2702] Dumping flow files every 60 sec into directory /home/nprobe-prod/data
> 22/Feb/2011 11:50:29 [plugin.c:132] Loading plugins...
> 22/Feb/2011 11:50:29 [plugin.c:147] Loading plugins [.so] from ./plugins
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsipPlugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libl7Plugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsmtpPlugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdumpPlugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/librtpPlugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdbPlugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libmysqlPlugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libbgpPlugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libhttpPlugin-6.1.6.so'
> 22/Feb/2011 11:50:29 [sipPlugin.c:70] Initialized SIP plugin
> 22/Feb/2011 11:50:29 [l7Plugin.c:100] Initialized L7 plugin
> 22/Feb/2011 11:50:29 [smtpPlugin.c:48] Initialized SMTP plugin
> 22/Feb/2011 11:50:29 [dumpPlugin.c:50] Initialized dump plugin
> 22/Feb/2011 11:50:29 [rtpPlugin.c:106] Initialized RTP plugin
> 22/Feb/2011 11:50:29 [dbPlugin.c:174] WARNING: DB support is not enabled (disabled at compile time)
> 22/Feb/2011 11:50:29 [mysqlPlugin.c:118] Initialized MySQL plugin
> 22/Feb/2011 11:50:29 [bgpPlugin.c:377] BGP plugin is disabled (--bgp-port has not been specified)
> 22/Feb/2011 11:50:29 [httpPlugin.c:130] Initialized HTTP plugin
> 22/Feb/2011 11:50:29 [plugin.c:195] 9 plugin(s) loaded [9 delete][9 packet].
> 22/Feb/2011 11:50:29 [nprobe.c:3609] Welcome to nprobe v.6.1.6 for i686-pc-linux-gnu
> 22/Feb/2011 11:50:29 [nprobe.c:3255] Compiling flow templates...
> 22/Feb/2011 11:50:29 [nprobe.c:3425] Scanning flow template...
> 22/Feb/2011 11:50:29 [nprobe.c:3435] IPv4 Template [id=257]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_SRC_ADDR [id 8][4 bytes][total 4 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_DST_ADDR [id 12][4 bytes][total 8 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_NEXT_HOP [id 15][4 bytes][total 12 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id 10][2 bytes][total 14 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id 14][2 bytes][total 16 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id 32][2 bytes][total 18 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4 bytes][total 22 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4 bytes][total 26 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id 24][4 bytes][total 30 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id 23][4 bytes][total 34 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id 22][4 bytes][total 38 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id 21][4 bytes][total 42 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2 bytes][total 44 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id 11][2 bytes][total 46 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1 bytes][total 47 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1 bytes][total 48 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1 bytes][total 49 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id 82][4 bytes][total 53 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id 83][4 bytes][total 57 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id 84][4 bytes][total 61 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id 85][4 bytes][total 65 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id 86][4 bytes][total 69 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id 87][4 bytes][total 73 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id 60][1 bytes][total 74 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id 61][1 bytes][total 75 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id 34][4 bytes][total 79 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id 105][2 bytes][total 81 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id 165][8 bytes][total 89 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id 180][64 bytes][total 153 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id 56][6 bytes][total 159 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id 80][6 bytes][total 165 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3435] IPv6 Template [id=258]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_SRC_ADDR [id 27][16 bytes][total 16 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_DST_ADDR [id 28][16 bytes][total 32 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_NEXT_HOP [id 62][16 bytes][total 48 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id 10][2 bytes][total 50 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id 14][2 bytes][total 52 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id 32][2 bytes][total 54 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4 bytes][total 58 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4 bytes][total 62 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id 24][4 bytes][total 66 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id 23][4 bytes][total 70 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id 22][4 bytes][total 74 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id 21][4 bytes][total 78 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2 bytes][total 80 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id 11][2 bytes][total 82 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1 bytes][total 83 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1 bytes][total 84 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1 bytes][total 85 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id 82][4 bytes][total 89 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id 83][4 bytes][total 93 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id 84][4 bytes][total 97 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id 85][4 bytes][total 101 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id 86][4 bytes][total 105 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id 87][4 bytes][total 109 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id 60][1 bytes][total 110 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id 61][1 bytes][total 111 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id 34][4 bytes][total 115 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id 105][2 bytes][total 117 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id 165][8 bytes][total 125 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id 180][64 bytes][total 189 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id 56][6 bytes][total 195 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id 80][6 bytes][total 201 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3470] Scanning option template...
> 22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_FLOWS_EXP [id 42][4 bytes][total 4 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_PKTS_EXP [id 41][4 bytes][total 8 bytes]
> 22/Feb/2011 11:50:29 [nprobe.c:3499] Each flow is 201 bytes long
> 22/Feb/2011 11:50:29 [nprobe.c:3500] The # packets per flow has been set to 6
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SIP
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin L7 Protocol Recognition
> 22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin L7 Protocol Recognition
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SMTP Protocol Dissector
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin dump
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin RTP
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL DB
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL Plugin
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin BGP Update Listener
> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin HTTP Protocol Dissector
> 22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin HTTP Protocol Dissector
> 22/Feb/2011 11:50:29 [plugin.c:625] 2 plugin(s) enabled
> 22/Feb/2011 11:50:29 [nprobe.c:3733] The flows hash has 32768 buckets
> 22/Feb/2011 11:50:29 [nprobe.c:3735] Flows older than 120 seconds will be exported
> 22/Feb/2011 11:50:29 [nprobe.c:3741] Flows inactive for at least 30 seconds will be exported
> 22/Feb/2011 11:50:29 [nprobe.c:3744] Expired flows will be checked every 30 seconds
> 22/Feb/2011 11:50:29 [nprobe.c:3746] Expired flows will not be queued for more than 30 seconds
> 22/Feb/2011 11:50:29 [nprobe.c:3750] Exported flows with engineType 0 and engineId 245
> 22/Feb/2011 11:50:29 [nprobe.c:3777] Flows ASs will not be computed
> 22/Feb/2011 11:50:29 [nprobe.c:3785] After 1 flow packets are sent, we'll delay at least 1 ms
> 22/Feb/2011 11:50:29 [nprobe.c:3805] Flows will be emitted in IPFIX format
> 22/Feb/2011 11:50:29 [nprobe.c:3810] Max payload length set to 32 bytes
> 22/Feb/2011 11:50:29 [nprobe.c:3812] Payload export policy (-x) for TCP: payload only with SYN set
> 22/Feb/2011 11:50:29 [nprobe.c:3814] Payload export policy (-x) for UDP: no payload
> 22/Feb/2011 11:50:29 [nprobe.c:3816] Payload export policy (-x) for ICMP: no payload
> 22/Feb/2011 11:50:29 [nprobe.c:3818] Payload export policy (-x) for OTHER: no payload
> 22/Feb/2011 11:50:29 [nprobe.c:3838] Flow input interface index is set to 0
> 22/Feb/2011 11:50:29 [nprobe.c:3844] Flow output interface index is set to 0
> 22/Feb/2011 11:50:29 [util.c:2282] INIT: Bye bye: I'm becoming a daemon...
> 22/Feb/2011 11:50:29 [util.c:2285] INIT: Parent process is exiting (this is normal)
>
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

---
If you can not measure it, you can not improve it - Lord Kelvin

_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: nprobe probe/collector empty fields (out_bytes and http_url) [ In reply to ]
Ok Luca.
Bug created: https://www.ntop.org/bugzilla3/show_bug.cgi?id=38

Any idea about the difficulty to solve the issue ?

Thank you for your help


Sylvain


Le 22/02/11 17:37, Luca Deri a écrit :
> Sylvain
> please file a bug on https://www.ntop.org/bugzilla3/
>
> Luca
>
> On Feb 22, 2011, at 12:03 PM, Sylvain Mouly wrote:
>
>> Hello,
>>
>> I'm using NProbe v6.1.6 as probe on a linux router and as a collector on a server(which collect flows from several routers).
>> Everything works fine except the OUT_BYTES/PACKETS and HTTP plugin information not sent to the collector (the OUT_BYTES is 0 and HTTP_URL is empty). I use sqlite output format, but the same problem appears with text output.
>> When logging localy on the router (with the -P option used and no -n option) the fields are correctly set and have proper values.
>>
>> Any help will be greatly appreciated.
>> Thank you
>>
>> Sylvain
>>
>>
>> Nprobe client/router configuration file:
>> -i=eth0
>> -b=2
>> -V=10
>> -G
>> -1="192.168.0.0/24@1,0.0.0.0/0@2"
>> --bi-directional
>> -n=10.1.1.1:5001
>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL %FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
>>
>>
>> NProbe collector configuration file:
>> -b=2
>> -n=none
>> -P=/home/nprobe/data/
>> -D=d
>> --no-promisc
>> --bi-directionnal
>> -V=10
>> -G
>> --collector-port=5001
>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL %FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
>>
>>
>>
>> Logs form collector startup:
>> 22/Feb/2011 11:50:29 [nprobe.c:2647] Welcome to nprobe v.6.1.6 ($Revision: 1831 $) for i686-pc-linux-gnu
>> 22/Feb/2011 11:50:29 [nprobe.c:2666] Tracing enabled
>> 22/Feb/2011 11:50:29 [nprobe.c:2702] Dumping flow files every 60 sec into directory /home/nprobe-prod/data
>> 22/Feb/2011 11:50:29 [plugin.c:132] Loading plugins...
>> 22/Feb/2011 11:50:29 [plugin.c:147] Loading plugins [.so] from ./plugins
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsipPlugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libl7Plugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsmtpPlugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdumpPlugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/librtpPlugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdbPlugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libmysqlPlugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libbgpPlugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libhttpPlugin-6.1.6.so'
>> 22/Feb/2011 11:50:29 [sipPlugin.c:70] Initialized SIP plugin
>> 22/Feb/2011 11:50:29 [l7Plugin.c:100] Initialized L7 plugin
>> 22/Feb/2011 11:50:29 [smtpPlugin.c:48] Initialized SMTP plugin
>> 22/Feb/2011 11:50:29 [dumpPlugin.c:50] Initialized dump plugin
>> 22/Feb/2011 11:50:29 [rtpPlugin.c:106] Initialized RTP plugin
>> 22/Feb/2011 11:50:29 [dbPlugin.c:174] WARNING: DB support is not enabled (disabled at compile time)
>> 22/Feb/2011 11:50:29 [mysqlPlugin.c:118] Initialized MySQL plugin
>> 22/Feb/2011 11:50:29 [bgpPlugin.c:377] BGP plugin is disabled (--bgp-port has not been specified)
>> 22/Feb/2011 11:50:29 [httpPlugin.c:130] Initialized HTTP plugin
>> 22/Feb/2011 11:50:29 [plugin.c:195] 9 plugin(s) loaded [9 delete][9 packet].
>> 22/Feb/2011 11:50:29 [nprobe.c:3609] Welcome to nprobe v.6.1.6 for i686-pc-linux-gnu
>> 22/Feb/2011 11:50:29 [nprobe.c:3255] Compiling flow templates...
>> 22/Feb/2011 11:50:29 [nprobe.c:3425] Scanning flow template...
>> 22/Feb/2011 11:50:29 [nprobe.c:3435] IPv4 Template [id=257]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_SRC_ADDR [id 8][4 bytes][total 4 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_DST_ADDR [id 12][4 bytes][total 8 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_NEXT_HOP [id 15][4 bytes][total 12 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id 10][2 bytes][total 14 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id 14][2 bytes][total 16 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id 32][2 bytes][total 18 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4 bytes][total 22 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4 bytes][total 26 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id 24][4 bytes][total 30 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id 23][4 bytes][total 34 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id 22][4 bytes][total 38 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id 21][4 bytes][total 42 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2 bytes][total 44 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id 11][2 bytes][total 46 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1 bytes][total 47 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1 bytes][total 48 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1 bytes][total 49 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id 82][4 bytes][total 53 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id 83][4 bytes][total 57 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id 84][4 bytes][total 61 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id 85][4 bytes][total 65 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id 86][4 bytes][total 69 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id 87][4 bytes][total 73 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id 60][1 bytes][total 74 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id 61][1 bytes][total 75 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id 34][4 bytes][total 79 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id 105][2 bytes][total 81 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id 165][8 bytes][total 89 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id 180][64 bytes][total 153 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id 56][6 bytes][total 159 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id 80][6 bytes][total 165 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3435] IPv6 Template [id=258]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_SRC_ADDR [id 27][16 bytes][total 16 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_DST_ADDR [id 28][16 bytes][total 32 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_NEXT_HOP [id 62][16 bytes][total 48 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id 10][2 bytes][total 50 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id 14][2 bytes][total 52 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id 32][2 bytes][total 54 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4 bytes][total 58 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4 bytes][total 62 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id 24][4 bytes][total 66 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id 23][4 bytes][total 70 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id 22][4 bytes][total 74 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id 21][4 bytes][total 78 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2 bytes][total 80 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id 11][2 bytes][total 82 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1 bytes][total 83 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1 bytes][total 84 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1 bytes][total 85 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id 82][4 bytes][total 89 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id 83][4 bytes][total 93 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id 84][4 bytes][total 97 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id 85][4 bytes][total 101 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id 86][4 bytes][total 105 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id 87][4 bytes][total 109 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id 60][1 bytes][total 110 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id 61][1 bytes][total 111 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id 34][4 bytes][total 115 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id 105][2 bytes][total 117 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id 165][8 bytes][total 125 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id 180][64 bytes][total 189 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id 56][6 bytes][total 195 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id 80][6 bytes][total 201 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3470] Scanning option template...
>> 22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_FLOWS_EXP [id 42][4 bytes][total 4 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_PKTS_EXP [id 41][4 bytes][total 8 bytes]
>> 22/Feb/2011 11:50:29 [nprobe.c:3499] Each flow is 201 bytes long
>> 22/Feb/2011 11:50:29 [nprobe.c:3500] The # packets per flow has been set to 6
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SIP
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin L7 Protocol Recognition
>> 22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin L7 Protocol Recognition
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SMTP Protocol Dissector
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin dump
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin RTP
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL DB
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL Plugin
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin BGP Update Listener
>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin HTTP Protocol Dissector
>> 22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin HTTP Protocol Dissector
>> 22/Feb/2011 11:50:29 [plugin.c:625] 2 plugin(s) enabled
>> 22/Feb/2011 11:50:29 [nprobe.c:3733] The flows hash has 32768 buckets
>> 22/Feb/2011 11:50:29 [nprobe.c:3735] Flows older than 120 seconds will be exported
>> 22/Feb/2011 11:50:29 [nprobe.c:3741] Flows inactive for at least 30 seconds will be exported
>> 22/Feb/2011 11:50:29 [nprobe.c:3744] Expired flows will be checked every 30 seconds
>> 22/Feb/2011 11:50:29 [nprobe.c:3746] Expired flows will not be queued for more than 30 seconds
>> 22/Feb/2011 11:50:29 [nprobe.c:3750] Exported flows with engineType 0 and engineId 245
>> 22/Feb/2011 11:50:29 [nprobe.c:3777] Flows ASs will not be computed
>> 22/Feb/2011 11:50:29 [nprobe.c:3785] After 1 flow packets are sent, we'll delay at least 1 ms
>> 22/Feb/2011 11:50:29 [nprobe.c:3805] Flows will be emitted in IPFIX format
>> 22/Feb/2011 11:50:29 [nprobe.c:3810] Max payload length set to 32 bytes
>> 22/Feb/2011 11:50:29 [nprobe.c:3812] Payload export policy (-x) for TCP: payload only with SYN set
>> 22/Feb/2011 11:50:29 [nprobe.c:3814] Payload export policy (-x) for UDP: no payload
>> 22/Feb/2011 11:50:29 [nprobe.c:3816] Payload export policy (-x) for ICMP: no payload
>> 22/Feb/2011 11:50:29 [nprobe.c:3818] Payload export policy (-x) for OTHER: no payload
>> 22/Feb/2011 11:50:29 [nprobe.c:3838] Flow input interface index is set to 0
>> 22/Feb/2011 11:50:29 [nprobe.c:3844] Flow output interface index is set to 0
>> 22/Feb/2011 11:50:29 [util.c:2282] INIT: Bye bye: I'm becoming a daemon...
>> 22/Feb/2011 11:50:29 [util.c:2285] INIT: Parent process is exiting (this is normal)
>>
>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> ---
> If you can not measure it, you can not improve it - Lord Kelvin
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: nprobe probe/collector empty fields (out_bytes and http_url) [ In reply to ]
Sylvain
a patch is on the way to you...

Luca

On Feb 22, 2011, at 6:26 PM, Sylvain Mouly wrote:

>
> Ok Luca.
> Bug created: https://www.ntop.org/bugzilla3/show_bug.cgi?id=38
>
> Any idea about the difficulty to solve the issue ?
>
> Thank you for your help
>
>
> Sylvain
>
>
> Le 22/02/11 17:37, Luca Deri a écrit :
>> Sylvain
>> please file a bug on
>> https://www.ntop.org/bugzilla3/
>>
>>
>> Luca
>>
>> On Feb 22, 2011, at 12:03 PM, Sylvain Mouly wrote:
>>
>>
>>> Hello,
>>>
>>> I'm using NProbe v6.1.6 as probe on a linux router and as a collector on a server(which collect flows from several routers).
>>> Everything works fine except the OUT_BYTES/PACKETS and HTTP plugin information not sent to the collector (the OUT_BYTES is 0 and HTTP_URL is empty). I use sqlite output format, but the same problem appears with text output.
>>> When logging localy on the router (with the -P option used and no -n option) the fields are correctly set and have proper values.
>>>
>>> Any help will be greatly appreciated.
>>> Thank you
>>>
>>> Sylvain
>>>
>>>
>>> Nprobe client/router configuration file:
>>> -i=eth0
>>> -b=2
>>> -V=10
>>> -G
>>> -1=
>>> "192.168.0.0/24@1,0.0.0.0/0@2"
>>>
>>> --bi-directional
>>> -n=10.1.1.1:5001
>>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL %FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
>>>
>>>
>>> NProbe collector configuration file:
>>> -b=2
>>> -n=none
>>> -P=/home/nprobe/data/
>>> -D=d
>>> --no-promisc
>>> --bi-directionnal
>>> -V=10
>>> -G
>>> --collector-port=5001
>>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %ICMP_TYPE %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC %IP_PROTOCOL_VERSION %DIRECTION %SAMPLING_INTERVAL %FLOW_PROTO_PORT %L7_PROTO %HTTP_URL %IN_SRC_MAC %OUT_DST_MAC"
>>>
>>>
>>>
>>> Logs form collector startup:
>>> 22/Feb/2011 11:50:29 [nprobe.c:2647] Welcome to nprobe v.6.1.6 ($Revision: 1831 $) for i686-pc-linux-gnu
>>> 22/Feb/2011 11:50:29 [nprobe.c:2666] Tracing enabled
>>> 22/Feb/2011 11:50:29 [nprobe.c:2702] Dumping flow files every 60 sec into directory /home/nprobe-prod/data
>>> 22/Feb/2011 11:50:29 [plugin.c:132] Loading plugins...
>>> 22/Feb/2011 11:50:29 [plugin.c:147] Loading plugins [.so] from ./plugins
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsipPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libl7Plugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libsmtpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdumpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/librtpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libdbPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libmysqlPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libbgpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [plugin.c:436] Loaded './plugins/libhttpPlugin-6.1.6.so'
>>> 22/Feb/2011 11:50:29 [sipPlugin.c:70] Initialized SIP plugin
>>> 22/Feb/2011 11:50:29 [l7Plugin.c:100] Initialized L7 plugin
>>> 22/Feb/2011 11:50:29 [smtpPlugin.c:48] Initialized SMTP plugin
>>> 22/Feb/2011 11:50:29 [dumpPlugin.c:50] Initialized dump plugin
>>> 22/Feb/2011 11:50:29 [rtpPlugin.c:106] Initialized RTP plugin
>>> 22/Feb/2011 11:50:29 [dbPlugin.c:174] WARNING: DB support is not enabled (disabled at compile time)
>>> 22/Feb/2011 11:50:29 [mysqlPlugin.c:118] Initialized MySQL plugin
>>> 22/Feb/2011 11:50:29 [bgpPlugin.c:377] BGP plugin is disabled (--bgp-port has not been specified)
>>> 22/Feb/2011 11:50:29 [httpPlugin.c:130] Initialized HTTP plugin
>>> 22/Feb/2011 11:50:29 [plugin.c:195] 9 plugin(s) loaded [9 delete][9 packet].
>>> 22/Feb/2011 11:50:29 [nprobe.c:3609] Welcome to nprobe v.6.1.6 for i686-pc-linux-gnu
>>> 22/Feb/2011 11:50:29 [nprobe.c:3255] Compiling flow templates...
>>> 22/Feb/2011 11:50:29 [nprobe.c:3425] Scanning flow template...
>>> 22/Feb/2011 11:50:29 [nprobe.c:3435] IPv4 Template [id=257]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_SRC_ADDR [id 8][4 bytes][total 4 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_DST_ADDR [id 12][4 bytes][total 8 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV4_NEXT_HOP [id 15][4 bytes][total 12 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id 10][2 bytes][total 14 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id 14][2 bytes][total 16 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id 32][2 bytes][total 18 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4 bytes][total 22 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4 bytes][total 26 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id 24][4 bytes][total 30 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id 23][4 bytes][total 34 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id 22][4 bytes][total 38 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id 21][4 bytes][total 42 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2 bytes][total 44 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id 11][2 bytes][total 46 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1 bytes][total 47 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1 bytes][total 48 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1 bytes][total 49 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id 82][4 bytes][total 53 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id 83][4 bytes][total 57 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id 84][4 bytes][total 61 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id 85][4 bytes][total 65 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id 86][4 bytes][total 69 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id 87][4 bytes][total 73 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id 60][1 bytes][total 74 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id 61][1 bytes][total 75 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id 34][4 bytes][total 79 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id 105][2 bytes][total 81 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id 165][8 bytes][total 89 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id 180][64 bytes][total 153 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id 56][6 bytes][total 159 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id 80][6 bytes][total 165 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3435] IPv6 Template [id=258]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_SRC_ADDR [id 27][16 bytes][total 16 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_DST_ADDR [id 28][16 bytes][total 32 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IPV6_NEXT_HOP [id 62][16 bytes][total 48 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found INPUT_SNMP [id 10][2 bytes][total 50 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUTPUT_SNMP [id 14][2 bytes][total 52 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found ICMP_TYPE [id 32][2 bytes][total 54 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_PKTS [id 2][4 bytes][total 58 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_BYTES [id 1][4 bytes][total 62 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_PKTS [id 24][4 bytes][total 66 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_BYTES [id 23][4 bytes][total 70 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FIRST_SWITCHED [id 22][4 bytes][total 74 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found LAST_SWITCHED [id 21][4 bytes][total 78 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_SRC_PORT [id 7][2 bytes][total 80 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L4_DST_PORT [id 11][2 bytes][total 82 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found TCP_FLAGS [id 6][1 bytes][total 83 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found PROTOCOL [id 4][1 bytes][total 84 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SRC_TOS [id 5][1 bytes][total 85 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_SEC [id 82][4 bytes][total 89 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found CLIENT_NW_DELAY_USEC [id 83][4 bytes][total 93 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_SEC [id 84][4 bytes][total 97 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SERVER_NW_DELAY_USEC [id 85][4 bytes][total 101 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_SEC [id 86][4 bytes][total 105 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found APPL_LATENCY_USEC [id 87][4 bytes][total 109 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IP_PROTOCOL_VERSION [id 60][1 bytes][total 110 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found DIRECTION [id 61][1 bytes][total 111 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found SAMPLING_INTERVAL [id 34][4 bytes][total 115 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found FLOW_PROTO_PORT [id 105][2 bytes][total 117 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found L7_PROTO [id 165][8 bytes][total 125 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found HTTP_URL [id 180][64 bytes][total 189 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found IN_SRC_MAC [id 56][6 bytes][total 195 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3443] Found OUT_DST_MAC [id 80][6 bytes][total 201 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3470] Scanning option template...
>>> 22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_FLOWS_EXP [id 42][4 bytes][total 4 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3476] Found TOTAL_PKTS_EXP [id 41][4 bytes][total 8 bytes]
>>> 22/Feb/2011 11:50:29 [nprobe.c:3499] Each flow is 201 bytes long
>>> 22/Feb/2011 11:50:29 [nprobe.c:3500] The # packets per flow has been set to 6
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SIP
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin L7 Protocol Recognition
>>> 22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin L7 Protocol Recognition
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin SMTP Protocol Dissector
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin dump
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin RTP
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL DB
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin MySQL Plugin
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin BGP Update Listener
>>> 22/Feb/2011 11:50:29 [plugin.c:580] Scanning plugin HTTP Protocol Dissector
>>> 22/Feb/2011 11:50:29 [plugin.c:613] Enabling plugin HTTP Protocol Dissector
>>> 22/Feb/2011 11:50:29 [plugin.c:625] 2 plugin(s) enabled
>>> 22/Feb/2011 11:50:29 [nprobe.c:3733] The flows hash has 32768 buckets
>>> 22/Feb/2011 11:50:29 [nprobe.c:3735] Flows older than 120 seconds will be exported
>>> 22/Feb/2011 11:50:29 [nprobe.c:3741] Flows inactive for at least 30 seconds will be exported
>>> 22/Feb/2011 11:50:29 [nprobe.c:3744] Expired flows will be checked every 30 seconds
>>> 22/Feb/2011 11:50:29 [nprobe.c:3746] Expired flows will not be queued for more than 30 seconds
>>> 22/Feb/2011 11:50:29 [nprobe.c:3750] Exported flows with engineType 0 and engineId 245
>>> 22/Feb/2011 11:50:29 [nprobe.c:3777] Flows ASs will not be computed
>>> 22/Feb/2011 11:50:29 [nprobe.c:3785] After 1 flow packets are sent, we'll delay at least 1 ms
>>> 22/Feb/2011 11:50:29 [nprobe.c:3805] Flows will be emitted in IPFIX format
>>> 22/Feb/2011 11:50:29 [nprobe.c:3810] Max payload length set to 32 bytes
>>> 22/Feb/2011 11:50:29 [nprobe.c:3812] Payload export policy (-x) for TCP: payload only with SYN set
>>> 22/Feb/2011 11:50:29 [nprobe.c:3814] Payload export policy (-x) for UDP: no payload
>>> 22/Feb/2011 11:50:29 [nprobe.c:3816] Payload export policy (-x) for ICMP: no payload
>>> 22/Feb/2011 11:50:29 [nprobe.c:3818] Payload export policy (-x) for OTHER: no payload
>>> 22/Feb/2011 11:50:29 [nprobe.c:3838] Flow input interface index is set to 0
>>> 22/Feb/2011 11:50:29 [nprobe.c:3844] Flow output interface index is set to 0
>>> 22/Feb/2011 11:50:29 [util.c:2282] INIT: Bye bye: I'm becoming a daemon...
>>> 22/Feb/2011 11:50:29 [util.c:2285] INIT: Parent process is exiting (this is normal)
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>>
>>> Ntop-misc@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>> ---
>> If you can not measure it, you can not improve it - Lord Kelvin
>>
>> _______________________________________________
>> Ntop-misc mailing list
>>
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

---
Bildung ist kein Verbrechen




_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc