You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am not entirely sure if this is a bug or if this is intended by design. I noticed another bug ticket that mention egress 0 but they are configured in mirror mode - and our design is not in mirror mode.
What happened:
Upon adding the --local-networks flag with LAN IPs only to our network the egress no longer shows data (In Dashboard Reports, Interface Details).
It almost seems like it is instead adding the egress to the ingress data - but that is hard to say as I am not running two instances side by side and only able to compare 10 minute increments between the various flags I tested.
This is what I observed:
no --local-networks, all hosts treated as remote - graphs look correct (however since they are not local-networks ntopng does not generate host based traffic information in influxdb.
--local-networks=10.100.0.0/16 this treats the hosts in that subnet as Local, as expected, however now all their egress traffic seems to be counting under ingress instead now (or it could be that it's just not counting it at all, im not sure since I cannot compare them side-by-side as I have to change local networks and restart ntopng to see the changes).
--local-networks=0.0.0.0/0 now all hosts are treated as local and hosts are generated however now they show as L for all hosts and show up under local instead of remote (expected behavior)
Ideally the desired outcome is:
--local-networks=10.100.0.0/16 is set
hosts show ingress/egress traffic timeseries
Local/Remote hosts are correctly labeled
influxdb is updated with data for those hosts (aka hosts:... metrics).
How did you reproduce it?
add --local-networks "x.x.x.x/x,x:x::/x"
to the ntopng command.
Current ntopng/nprobe flags (without --local-networks)
System is setup with nprobe in collector mode forwarding palo alto netflows to ntopng
[root@ntopng ~]# systemctl status ntopng
● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
Loaded: loaded (/usr/lib/systemd/system/ntopng.service; enabled; preset: disabled)
Active: active (running) since Thu 2025-02-20 21:13:46 UTC; 28min ago
Process: 67995 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore && /usr/bin/ntopng-utils-manage-config -a restore || true (code=exited, status=0/SUCCESS)
Process: 68009 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf > /run/ntopng.conf.raw (code=exited, status=0/SUCCESS)
Process: 68011 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf.d/*.conf >> /run/ntopng.conf.raw 2>/dev/null || true (code=exited, status=0/SUCCESS)
Process: 68013 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|[ ]*--pid.*/s/^/#/" /run/ntopng.conf.raw > /run/ntopng.conf (code=exited, status=0/SUCCESS)
Main PID: 68015 (ntopng-main)
Tasks: 37 (limit: 100224)
Memory: 569.8M
CPU: 8min 52.130s
CGroup: /system.slice/ntopng.service
└─68015 /usr/bin/ntopng /run/ntopng.conf
Feb 20 21:13:51 ntopng.example.com ntopng[68015]: 20/Feb/2025 21:13:51 [startup.lua:143] Initializing alerts...
Feb 20 21:13:51 ntopng.example.com ntopng[68015]: 20/Feb/2025 21:13:51 [startup.lua:152] Initializing timeseries...
Feb 20 21:13:51 ntopng.example.com ntopng[68015]: 20/Feb/2025 21:13:51 [startup.lua:210] Importing ClickHouse dumps...
Feb 20 21:13:52 ntopng.example.com ntopng[68015]: 20/Feb/2025 21:13:52 [startup.lua:253] Completed startup.lua
Feb 20 21:13:52 ntopng.example.com ntopng[68015]: 20/Feb/2025 21:13:52 [NetworkInterface.cpp:3820] Started packet polling on interface 'tcp://x.x.x.x:2056' [id: 0]...
Feb 20 21:13:53 ntopng.example.com ntopng[68015]: 20/Feb/2025 21:13:53 [ZMQCollectorInterface.cpp:261] Collecting flows on tcp://x.x.x.x:2056
Feb 20 21:30:00 ntopng.example.com ntopng[68015]: [LINT] validateParameter failed for parameter [probe_ip][function]
Feb 20 21:30:00 ntopng.example.com ntopng[68015]: string null
Feb 20 21:30:00 ntopng.example.com ntopng[68015]: [LINT] validateParameter failed for parameter [probe_ip][function]
Feb 20 21:30:00 ntopng.example.com ntopng[68015]: string null
This is what it looks like when I have --local-networks not set to anything (however this makes them all remote, and thus the hosts time series tabels are not generated for influx).
This is what it looks like when i have --local-networks set to a specific CIRD like 10.100.0.0/16 (the local ips are in the subnet), as well as what it looks like when i have --local-networks set to wildcard (0.0.0.0/0)
The latter allows for the hosts table to be updated on influx (while it includes remote thats not the worst case scenario) - however it would be nice to supply the local networks and see the egress traffic as well in our graphs (the top graph in the header also shows ~0 egress when local networks is restricted to the specific subnets that are local - while my screenshots don't reflect this - i grabbed the screenshots after converting the --local-networks to any IP cidr.
The text was updated successfully, but these errors were encountered:
Environment:
I am not entirely sure if this is a bug or if this is intended by design. I noticed another bug ticket that mention egress 0 but they are configured in mirror mode - and our design is not in mirror mode.
What happened:
Upon adding the
--local-networksflag with LAN IPs only to our network the egress no longer shows data (In Dashboard Reports, Interface Details).It almost seems like it is instead adding the egress to the ingress data - but that is hard to say as I am not running two instances side by side and only able to compare 10 minute increments between the various flags I tested.
This is what I observed:
--local-networks, all hosts treated as remote - graphs look correct (however since they are not local-networks ntopng does not generate host based traffic information in influxdb.--local-networks=10.100.0.0/16this treats the hosts in that subnet as Local, as expected, however now all their egress traffic seems to be counting under ingress instead now (or it could be that it's just not counting it at all, im not sure since I cannot compare them side-by-side as I have to change local networks and restart ntopng to see the changes).--local-networks=0.0.0.0/0now all hosts are treated as local and hosts are generated however now they show as L for all hosts and show up under local instead of remote (expected behavior)Ideally the desired outcome is:
--local-networks=10.100.0.0/16is sethosts:...metrics).How did you reproduce it?
add --local-networks "x.x.x.x/x,x:x::/x"
to the ntopng command.
Current ntopng/nprobe flags (without --local-networks)
System is setup with nprobe in collector mode forwarding palo alto netflows to ntopng
Debug Information:
This is what it looks like when I have --local-networks not set to anything (however this makes them all remote, and thus the hosts time series tabels are not generated for influx).
This is what it looks like when i have --local-networks set to a specific CIRD like 10.100.0.0/16 (the local ips are in the subnet), as well as what it looks like when i have --local-networks set to wildcard (0.0.0.0/0)
The latter allows for the hosts table to be updated on influx (while it includes remote thats not the worst case scenario) - however it would be nice to supply the local networks and see the egress traffic as well in our graphs (the top graph in the header also shows ~0 egress when local networks is restricted to the specific subnets that are local - while my screenshots don't reflect this - i grabbed the screenshots after converting the --local-networks to any IP cidr.
The text was updated successfully, but these errors were encountered: