Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent/Non-existent historical data #8733

Open
dpkano opened this issue Sep 29, 2024 · 5 comments
Open

Inconsistent/Non-existent historical data #8733

dpkano opened this issue Sep 29, 2024 · 5 comments
Assignees
@MatteoBiscosi
Labels
Ready to Test a feedback is needed on a proposal or implementation

Comments

@dpkano
Copy link

dpkano commented Sep 29, 2024

Environment:

  • OS name: Debian GNU/Linux (Raspberry PI OS)
  • OS version: 12 (bookworm)
  • Architecture: aarch64 (Raspberry Pi 4 Model B Rev 1.5)
  • ntopng version/revision: 6.3.240929 [Enterprise/Professional build]
  • ntopng edition: Professional Embedded
  • nprobe version/revision: 10.7.240928
  • nprobe edition: nProbe Embedded

ntopng.conf:

-G=/var/run/ntopng.pid
-i=tcp://127.0.0.1:5556
--local-networks=10.0.0.0/8

nprobe.conf

-i=none
-n=none
-3=2055
-T="@NTOPNG@"
--ntopng=zmq://127.0.0.1:5556

Setup (https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/):
image

What happened:
The historical data for hosts rarely displays data. For most of my hosts, when I click the chart icon in the hosts page, nothing is displayed. For a very few hosts (e.g. my local DNS server), it shows inconsistent data like the chart below:
image

How did you reproduce it?

  • Go to: [ntopng host]:3000/lua/host_details.lua?host=[any host]
  • Click the historical data icon:
    image
  • This is what's displayed for the majority of my hosts:
    image

Debug Information:

"systemctl status ntopng"
image
@dpkano
Copy link
Author

dpkano commented Oct 6, 2024

Extra info: I've disabled nprobe and started sending mirrored traffic to ntopng's interface. Nothing changed in the historical data. I still can't see anything. There are no errors in the ntopng logs. Are there any tips where I can start debugging this?

@MatteoBiscosi
Copy link
Member

Hi @dpkano could you please send a screenshot of an host details that has that issue?
image

@dpkano
Copy link
Author

dpkano commented Oct 11, 2024

Yep, here it they are:
image

The MAC one:
image

And the empty historical chart:
image

@MatteoBiscosi
Copy link
Member

Hi, probably the reason is because you did not enable the One Way Traffic Timeseries option from the settings (see below).
By default is disabled because in case of ddos attacks or scans it could lead to a huge amount of timeseries created and possibly to full the disk of the machine, so keep in mind this point. In case you are not intersted in this possibility just simpli enable the preference just like in the screenshot.
image

@dpkano
Copy link
Author

dpkano commented Oct 14, 2024

yes. This seems to be the case. Now I can see traffic for many (if not all) of the hosts that had never displayed traffic before. But why? It's not clear from that screen that enabling it would allow traffic to be recorded for all hosts.

Thanks!

@MatteoBiscosi MatteoBiscosi added Ready to Test a feedback is needed on a proposal or implementation and removed In Progress labels Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MatteoBiscosi MatteoBiscosi

Labels
Ready to Test a feedback is needed on a proposal or implementation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dpkano @MatteoBiscosi