iT邦幫忙

0

[網管] ntopng搭配sflow

  • 分享至 

  • xImage

各位大大好:
最近公司發生,各樓層的switch(L2)下載量頻寬到達限額(20M)導致當天網路非常慢,這部分我從將各個switch開啟snmp 用zabbix檢視,但他無法看出來ip使用的流量
所以我在總出口的switch(L3)設定sflow
https://ithelp.ithome.com.tw/upload/images/20191115/20097057NiRlhGHs9O.jpg
ntopng主機測試6343port是否有sflow出來(應該是有的,但不知道正不正常)

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:15:06.390061 IP gateway.6a44 > Flow-166.146.sflow: sFlowv5, IPv4 agent 0.0.0.0, agent-id 0, length 220
18:15:08.376552 IP gateway.6a44 > Flow-166.146.sflow: sFlowv5, IPv4 agent 0.0.0.0, agent-id 0, length 168
18:15:16.377294 IP gateway.6a44 > Flow-166.146.sflow: sFlowv5, IPv4 agent 0.0.0.0, agent-id 0, length 220
18:15:19.379686 IP gateway.6a44 > Flow-166.146.sflow: sFlowv5, IPv4 agent 0.0.0.0, agent-id 0, length 164
18:15:20.377685 IP gateway.6a44 > Flow-166.146.sflow: sFlowv5, IPv4 agent 0.0.0.0, agent-id 0, length 608

然後看到網路教學 ntopng 搭配sflow要用
mkdir /ntopng
chown -R nobody.nobody /ntopng

[root@Flow-166 ~]# ntopng -i tcp://127.0.0.1:5556 -d /ntopng -w 3000 -v >> /var/log/ntopng.log
ntopng: option requires an argument -- 'v'
[root@Flow-166 ~]# ntopng -i tcp://127.0.0.1:5556 -d /ntopng -w 3000-v >> /var/log/ntopng.log
ntopng -i tcp://127.0.0.1:5556 -d /ntopng -w 3000 -v >> /var/log/ntopng.log

ntopng.log好像有些問題
15/Nov/2019 18:17:31 [NtopPro.cpp:307] [LICENSE] Reading license from Redis
15/Nov/2019 18:17:31 [NtopPro.cpp:382] [LICENSE] Unable to validate license [Empty license file]
15/Nov/2019 18:17:31 [NtopPro.cpp:447] WARNING: [LICENSE] Invalid license [Empty license file]
15/Nov/2019 18:17:31 [NtopPro.cpp:464] WARNING: [LICENSE] ntopng will now run in enterprise edition for 10 minutes
15/Nov/2019 18:17:31 [NtopPro.cpp:466] WARNING: [LICENSE] before returning to community mode
15/Nov/2019 18:17:31 [NtopPro.cpp:468] WARNING: [LICENSE] You can buy a permanent license at http://shop.ntop.org
15/Nov/2019 18:17:31 [NtopPro.cpp:470] WARNING: [LICENSE] or run ntopng in community mode starting
15/Nov/2019 18:17:31 [NtopPro.cpp:471] WARNING: [LICENSE] ntopng --community
15/Nov/2019 18:17:32 [Ntop.cpp:2040] Registered interface tcp://127.0.0.1:5556 [id: 3]
15/Nov/2019 18:17:32 [main.cpp:321] PID stored in file /var/run/ntopng.pid
15/Nov/2019 18:17:32 [HTTPserver.cpp:1036] ERROR: [HTTP] set_ports_option: cannot bind to 3000: Address already in use
15/Nov/2019 18:17:32 [mongoose.c:4591] ERROR: set_ports_option: cannot bind to 3000: Success
15/Nov/2019 18:17:32 [HTTPserver.cpp:1306] ERROR: Unable to start HTTP server (IPv4) on ports 3000
15/Nov/2019 18:17:32 [HTTPserver.cpp:1312] ERROR: Either port in use or another ntopng instance is running (using the same port)

nprobe –collector-port 6343 –zmq tcp://127.0.0.1:5556 >> /var/log/nprobe.log
demo好像有限制
15/Nov/2019 18:17:59 [nprobe.c:9301] ERROR: * NOTE: This is a DEMO version limited to 25000 flows export. *
15/Nov/2019 18:17:59 [nprobe.c:9302] ERROR:
nProbe started successfully

這是網頁的畫面,想確認這樣是否正常,查看每個ip的用量好像都不大..但我自己的ip跟監控的ip流量都比較高(是看Total bytes嗎?),安裝有教學,但整個要怎麼看好像沒有特別教學
謝謝
https://ithelp.ithome.com.tw/upload/images/20191115/200970570ap0O1egRk.png

圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友回答

立即登入回答