No traffic on FastNetMon 1.2.7
104 views
Skip to first unread message
v v
Dec 3, 2024, 3:16:34 AM12/3/24
to FastNetMon user group
Hi There,
I have deploy the FastNetMon 1.2.7 but when monitor via fastnetmon_client i does not see any traffic and flows. Could you help me ?
/etc/networks_list
logging_level = info
logging_local_syslog_logging = off
logging_remote_syslog_logging = off
logging_remote_syslog_server = 10.10.10.10
logging_remote_syslog_port = 514
disable_usage_report = off
enable_ban = on
enable_ban_ipv6 = on
process_incoming_traffic = on
process_outgoing_traffic = on
dump_all_traffic = on
dump_other_traffic = off
ban_details_records_count = 20
ban_time = 1900
unban_only_if_attack_finished = on
networks_list_path = /etc/networks_list
white_list_path = /etc/networks_whitelist
check_period = 1
enable_connection_tracking = on
ban_for_pps = on
ban_for_bandwidth = on
ban_for_flows = off
threshold_pps = 20000
threshold_mbps = 1000
threshold_flows = 3500
threshold_tcp_mbps = 100000
threshold_udp_mbps = 100000
threshold_icmp_mbps = 100000
threshold_tcp_pps = 100000
threshold_udp_pps = 100000
threshold_icmp_pps = 100000
ban_for_tcp_bandwidth = off
ban_for_udp_bandwidth = off
ban_for_icmp_bandwidth = off
ban_for_tcp_pps = off
ban_for_udp_pps = off
ban_for_icmp_pps = off
mirror_afpacket = off
mirror_afxdp = off
poll_mode_xdp = off
xdp_set_promisc = on
zero_copy_xdp = off
force_native_mode_xdp = off
xdp_read_packet_length_from_ip_header = off
microcode_xdp_path = /etc/xdp_kernel.o
mirror_af_packet_custom_sampling_rate = 1
mirror_af_packet_fanout_mode = cpu
af_packet_read_packet_length_from_ip_header = off
mirror_netmap = off
netmap_sampling_ratio = 1
netmap_read_packet_length_from_ip_header = off
pcap = off
netflow = on
sflow = off
interfaces = eth3,eth4
average_calculation_time = 5
speed_calculation_delay = 1
netflow_port = 2055
netflow_host = 0.0.0.0
netflow_sampling_ratio = 1
sflow_port = 6343
sflow_host = 0.0.0.0
sflow_read_packet_length_from_ip_header = off
notify_script_path = /usr/local/bin/notify_about_attack.sh
collect_attack_pcap_dumps = off
redis_enabled = off
redis_port = 6379
redis_host = 127.0.0.1
redis_prefix = mydc1
mongodb_enabled = off
mongodb_host = localhost
mongodb_port = 27017
mongodb_database_name = fastnetmon
exabgp = off
exabgp_command_pipe = /var/run/exabgp.cmd
exabgp_community = 65001:666
exabgp_next_hop = 10.0.3.114
exabgp_announce_host = on
exabgp_announce_whole_subnet = off
gobgp = off
gobgp_next_hop = 0.0.0.0
gobgp_announce_host = on
gobgp_announce_whole_subnet = off
gobgp_community_host = 65001:666
gobgp_community_subnet = 65001:777
gobgp_next_hop_ipv6 = 100::1
gobgp_announce_host_ipv6 = on
gobgp_announce_whole_subnet_ipv6 = off
gobgp_community_host_ipv6 = 65001:666
gobgp_community_subnet_ipv6 = 65001:777
influxdb = on
influxdb_host = 127.0.0.1
influxdb_port = 8086
influxdb_database = fastnetmon
influxdb_auth = off
influxdb_user = fastnetmon
influxdb_password = secure
influxdb_push_period = 1
graphite = on
graphite_host = 127.0.0.1
graphite_port = 2003
graphite_prefix = fastnetmon
graphite_push_period = 1
monitor_local_ip_addresses = on
monitor_openvz_vps_ip_addresses = off
my_hosts_enable_ban = off
my_hosts_ban_for_pps = off
my_hosts_ban_for_bandwidth = off
my_hosts_ban_for_flows = off
my_hosts_threshold_pps = 100000
my_hosts_threshold_mbps = 1000
my_hosts_threshold_flows = 3500
pid_path = /var/run/fastnetmon.pid
cli_stats_file_path = /tmp/fastnetmon.dat
cli_stats_ipv6_file_path = /tmp/fastnetmon_ipv6.dat
enable_api = on
kafka_traffic_export = off
kafka_traffic_export_topic = fastnetmon
kafka_traffic_export_format = json
kafka_traffic_export_brokers = 10.154.0.1:9092,10.154.0.2:9092
prometheus = on
prometheus_port = 9209
prometheus_host = 127.0.0.1
sort_parameter = packets
max_ips_in_list = 7
logging_local_syslog_logging = off
logging_remote_syslog_logging = off
logging_remote_syslog_server = 10.10.10.10
logging_remote_syslog_port = 514
disable_usage_report = off
enable_ban = on
enable_ban_ipv6 = on
process_incoming_traffic = on
process_outgoing_traffic = on
dump_all_traffic = on
dump_other_traffic = off
ban_details_records_count = 20
ban_time = 1900
unban_only_if_attack_finished = on
networks_list_path = /etc/networks_list
white_list_path = /etc/networks_whitelist
check_period = 1
enable_connection_tracking = on
ban_for_pps = on
ban_for_bandwidth = on
ban_for_flows = off
threshold_pps = 20000
threshold_mbps = 1000
threshold_flows = 3500
threshold_tcp_mbps = 100000
threshold_udp_mbps = 100000
threshold_icmp_mbps = 100000
threshold_tcp_pps = 100000
threshold_udp_pps = 100000
threshold_icmp_pps = 100000
ban_for_tcp_bandwidth = off
ban_for_udp_bandwidth = off
ban_for_icmp_bandwidth = off
ban_for_tcp_pps = off
ban_for_udp_pps = off
ban_for_icmp_pps = off
mirror_afpacket = off
mirror_afxdp = off
poll_mode_xdp = off
xdp_set_promisc = on
zero_copy_xdp = off
force_native_mode_xdp = off
xdp_read_packet_length_from_ip_header = off
microcode_xdp_path = /etc/xdp_kernel.o
mirror_af_packet_custom_sampling_rate = 1
mirror_af_packet_fanout_mode = cpu
af_packet_read_packet_length_from_ip_header = off
mirror_netmap = off
netmap_sampling_ratio = 1
netmap_read_packet_length_from_ip_header = off
pcap = off
netflow = on
sflow = off
interfaces = eth3,eth4
average_calculation_time = 5
speed_calculation_delay = 1
netflow_port = 2055
netflow_host = 0.0.0.0
netflow_sampling_ratio = 1
sflow_port = 6343
sflow_host = 0.0.0.0
sflow_read_packet_length_from_ip_header = off
notify_script_path = /usr/local/bin/notify_about_attack.sh
collect_attack_pcap_dumps = off
redis_enabled = off
redis_port = 6379
redis_host = 127.0.0.1
redis_prefix = mydc1
mongodb_enabled = off
mongodb_host = localhost
mongodb_port = 27017
mongodb_database_name = fastnetmon
exabgp = off
exabgp_command_pipe = /var/run/exabgp.cmd
exabgp_community = 65001:666
exabgp_next_hop = 10.0.3.114
exabgp_announce_host = on
exabgp_announce_whole_subnet = off
gobgp = off
gobgp_next_hop = 0.0.0.0
gobgp_announce_host = on
gobgp_announce_whole_subnet = off
gobgp_community_host = 65001:666
gobgp_community_subnet = 65001:777
gobgp_next_hop_ipv6 = 100::1
gobgp_announce_host_ipv6 = on
gobgp_announce_whole_subnet_ipv6 = off
gobgp_community_host_ipv6 = 65001:666
gobgp_community_subnet_ipv6 = 65001:777
influxdb = on
influxdb_host = 127.0.0.1
influxdb_port = 8086
influxdb_database = fastnetmon
influxdb_auth = off
influxdb_user = fastnetmon
influxdb_password = secure
influxdb_push_period = 1
graphite = on
graphite_host = 127.0.0.1
graphite_port = 2003
graphite_prefix = fastnetmon
graphite_push_period = 1
monitor_local_ip_addresses = on
monitor_openvz_vps_ip_addresses = off
my_hosts_enable_ban = off
my_hosts_ban_for_pps = off
my_hosts_ban_for_bandwidth = off
my_hosts_ban_for_flows = off
my_hosts_threshold_pps = 100000
my_hosts_threshold_mbps = 1000
my_hosts_threshold_flows = 3500
pid_path = /var/run/fastnetmon.pid
cli_stats_file_path = /tmp/fastnetmon.dat
cli_stats_ipv6_file_path = /tmp/fastnetmon_ipv6.dat
enable_api = on
kafka_traffic_export = off
kafka_traffic_export_topic = fastnetmon
kafka_traffic_export_format = json
kafka_traffic_export_brokers = 10.154.0.1:9092,10.154.0.2:9092
prometheus = on
prometheus_port = 9209
prometheus_host = 127.0.0.1
sort_parameter = packets
max_ips_in_list = 7
v v
Dec 3, 2024, 3:17:17 AM12/3/24
to FastNetMon user group
Pavel Odintsov
Dec 3, 2024, 3:53:04 AM12/3/24
to v v, FastNetMon user group
Hello!
FastNetMon definitely receives traffic but it's too low to cause spikes on graphs.
--
Follow us on social media: Twitter: https://twitter.com/fastnetmon | Facebook: https://www.facebook.com/fastnetmon/ | LinkedIn: https://www.linkedin.com/company/fastnetmon/
---
You received this message because you are subscribed to the Google Groups "FastNetMon user group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fastnetmon+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/fastnetmon/b82833c3-d6ed-4055-8856-364a5b8da0e7n%40googlegroups.com.
--
v v
Dec 3, 2024, 4:28:29 AM12/3/24
to FastNetMon user group
Hello
Is it normal ?
Pavel Odintsov
Dec 3, 2024, 4:53:38 AM12/3/24
to v v, FastNetMon user group
Hello!
If traffic is coming from IP which belongs to your networks list to IP which belongs to networks list too then it will be completely ignored and tracked as "internal".
Sincerely yours, Pavel Odintsov
To view this discussion visit https://groups.google.com/d/msgid/fastnetmon/2ef00ee5-f790-4dec-825d-042c991b490dn%40googlegroups.com.
v v
Dec 3, 2024, 8:53:30 AM12/3/24
to FastNetMon user group
Hello,
I don't understand what you mean, all machines run on EVE-NG, does that have an effect on it?
Pavel Odintsov
Dec 3, 2024, 10:04:10 AM12/3/24
to v v, FastNetMon user group
Hello!
It's not related to the tool you use to generate traffic. It is caused by source and destination IPs.
To test FastNetMon you need to send traffic from IP which is not mentioned in /etc/networks_list
To view this discussion visit https://groups.google.com/d/msgid/fastnetmon/ca8d37a4-1f1d-4432-bb66-d73e8230fb03n%40googlegroups.com.
Sincerely yours, Pavel Odintsov
v v
Dec 3, 2024, 10:17:09 AM12/3/24
to FastNetMon user group
Thank you very much!!!!
Reply all
Reply to author
Forward
0 new messages