In this scenerio, the nProbe configuration is essential the same as above, however, with a slight modification. There are cases where you may require nProbe to act as a sort of “hub” for collection, such as behind a NAT. Once this configuration is saved and the services started, you are ready to start viewing flow data in ntopng. Here we select the NetFlow version, as well as any fields we want to decode from the flow. The final step, is to configure the “Flow Export Format”. Local UDP Collector Port: Use the same port as configured in the router (I used 9996). NetFlow Device Name: Any name you like, I choose DD-WRT. Click on 'NetFlow' in the Configure column. We will now instruct nProbe to create this socket by setting the “ZeroMQ Endpoint” to “tcp://127.0.0.1:5556”. In the Active column click on 'NO' next to NetFlow to enable the plugin. In the previous step, we configured ntop to connect to a ZMQ socket on localhost. The listening port is where the NetFlow exporter should send to. Here we configure our “Listening Port”, and “ZMQ Endpoint”, and “Flow Export Format”. In the nBox UI, navigate to “Appplication > nProbe”, and select the “Proxy” tab. We must now configure nProbe to listen for incoming NetFlow traffic, decode it, and publish it to ntopng. Once the changes are saved, we will see this in the list of Interfaces in ntop. In our case, we have nProbe running on the same machine, so we will be connecting to a socket on localhost.
![ntopng plugins netflow ntopng plugins netflow](https://blog.ichasco.com/wp-content/uploads/2015/10/graylog-netflow-768x501.png)
We then specify our address for the “Collector Endpoints”. Under Interfaces, we will select “Collector Only” In this example, we are going to use ntopng only as a NetFlow collector. This will be a connection to a ZeroMQ socket that we will configure nProbe to create in the next step.įrom the nBox UI, navigate to “Applications > ntopng”, and select the configuration tab. Im dumping netflow, so I went to plugins -> netflow and enabled it. Our first task is to configure an interface for ntopng to listen on. NTOP is a netflow collector, or it can be used to promiscuously sniff on a port. Ntopng and nProbe utilize ZeroMQ. This gives us greater control over how our flow data can be distributed to collectors. In this article we will cover two ways to configure nProbe using proxy mode using the nBox graphical interface, so that we may forward flows to either ntopng or another collector such as SolarWinds NTA.
![ntopng plugins netflow ntopng plugins netflow](https://www.info-stor.co.uk/wp-content/uploads/2020/01/ntop-nProbe-Pro-with-Plugin-Support.jpg)
![ntopng plugins netflow ntopng plugins netflow](https://i2.wp.com/www.ntop.org/wp-content/uploads/2020/03/Hosts.png)
The use of ntopng in combination with nProbe is described in Section Using ntopng with nProbe. sFlow/NetFlow Collection ntopng, in combination with nProbe, can be used to collect sFlow/NetFlow. There are numerous ways to configure nProbe to work with NetFlow. sFlow/NetFlow Collection ntopng 5.3 documentation 3.