Complete rebuild from scratch fixed it for me.

@Grimson said in ntopng more than 3 months out of date -- GeoIP / AS features broken, simple update all that's needed:

You paid for hardware that is tested and guaranteed to work with current and future pfSense versions, during it's lifetime. The software itself is free.

If we're going to be pedantic, hardware support for the device itself also would not be complimentary for any period after purchase.

Any pull request against the code would be simply doing that. But I can't make that happen -- only the pfSense package maintainers can.

Everyone can make pull requests: https://docs.netgate.com/pfsense/en/latest/development/submitting-a-pull-request-via-github.html

But not everyone can merge that pull request and build a new package. I don't see how submitting a PR for something as simple as pulling in the latest version of a third party tool would be any different than filing the ticket in Redmine (which is what Netgate support instructed me was the proper thing to do).

Anyway -- I find the debate with you pointless. My only hopes were to make others aware of what was going on with ntopng, and perhaps catch the eye of a package maintainer -- since Redmine doesn't seem to do the trick and Netgate support says they can't help.

When I put Bypass Proxy for these Source IPs. I can make it work on the computer. I do not know how to solve it.

ntop is NOT working on latest 2.4.4-RELEASE-p2
and running ntoppng 0.8.13_3

ntop started fine but cant access on https://<router-ip>:3000

I don't use it myself so I can't try it out easily, but some other threads show that the user is 'Admin', not 'admin'. Others have said they can't login with Chrome but Firefox works fine.

As @Gertjan writes, the GUI will cover that. The messages you saw were from the package installation (on shell level) and are triggered by the package maintainer of vnstat to remind the user after installation that one has to setup the package accordingly. You have the GUI for that :)

UPD:

Context:

The package manifest: /usr/local/pkg/ntopng.xml uses: Config: /usr/local/pkg/ntopng.xml which includes: Include: /usr/local/pkg/ntopng.inc which includes: Include: /etc/inc/certs.inc which holds the cert-functions

The cert-functions are then used like this:

$cert = lookup_cert($config['system']['webgui']['ssl-certref']); ntopng_write_cert_file("/usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem", $cert);

Which is the problem I guess, as the ['ssl-certref'] is used alone, without any dependent intermediate certs.

@MyKroFt Did you read the announcements for Dev Version 2.4.5 and the migration to FreeBSD 12? If not, please do so. You can expect package problems while switching major OS releases underneath for sure.

Agree, I was forced to use Netflix via LTE in Germany at one point as the WiFi on site was so bad and accidentally startet a 4k stream. Wasn't so bad at all, as compression, codecs, audio etc. all have to come together to get you to ~15Mbps. If it's a fairly good codec and the pictures are good to compress I'd guess with stereo or a reduced audio band you can get it done with around 3-5Mbps. Add in caching etc. and you won't get near the expected numbers :)

LAN and LAN is probably what you want there.

Bandwidthd looks at traffic on one interface only but can filter the data by subnet. If you had more than one subnet routed through that interface you could select them there.

Steve

Works fine for me here. Are both ntopng and redis running?

not that I am aware of no... I just looked through the man for it.. And see no option for such setting.

Can confirm that this is still an open issue for most recent, as received a slew of these in the logs:

Postgresql logging selected but postgresql support is not compiled into binary. Please check the documentation in README, distributed with this software.

Without support to write the data to PostgreSQL, bandwidthd is consuming vasts amounts of CPU to generate output that would be better handled elsewhere and "as needed".

You won't get ANY https traffic in transparent mode unless you install a trusted cert on every single last client that will use your proxy.

This topic is quite old but. Me too. Im new on ntopng how can I save data on my drive ? I want to check usage data mouth by mouth.

@mgittelman said in Ntop time series graph in bytes now:

Looks like this issue: https://github.com/ntop/ntopng/issues/1960

You seem to be right. I see the same here. I thought it must have been some glitch but MBits vs Mbytes makes more sense.

Now in 2.4.4-p1 I reinstalled NTOPNG, and CPU usage has dropped and stays much more stable (low).
So seems to be fixed.

I realize this is an old post. I thought I would respond so others will find a solution.

The issue is usually two fold.

New browser versions do not like mismatched certificates and your firewall software may also be blocking the SSL certificate.

First here is a link to some general information on deactivating SSL scanning on some firewall softwares. (scroll down to the middle bottom of this page for that section) https://ugetfix.com/ask/how-to-fix-err_ssl_version_or_cipher_mismatch-error/

Second and a more permanent fix is to create a new CA and Certificate then adding the CA to windows or the browser. Doing this will allow you to keep your firewall SSL scanning active and still allow you access to pfsense. Just be certain to follow the instructions precisely. https://www.ceos3c.com/pfsense/pfsense-generate-ssl-certificate-https-pfsense/

NOTE: You may find that you need to flush your DNS cache on Chrome afterwards to get things going again. Also possibly a browser reset. I also found some Chrome extensions do not play well with certain sites. So also try Incognito Mode (which disables extensions for that session) to see if an extension might be causing trouble.

EDIT NOTE: Also if you happen to have the latest version of Bitdefender they changed the name of Scan SSL. I'm attaching screenshots of that setting. It is the same setting.

0_1543333617481_BitdefenderScanSSLissue01.PNG

Hope this helps.

I have not seen that happen here but are you sure it passed on your credentials? IIRC the ntopng process will try to fetch some external resources and it's entirely possible they have those password protected using some other stored credentials.

You might install it again and capture outbound traffic going to that server, then load it up in wireshark and see what it's doing.

It probably is not doing anything nefarious, but a packet capture would tell you that definitively.

It's entirely possible but I've never had any issue with it before and using the same browser. It's possible it's local but as it's working right now I'm unsure what to do to make it fail.

Only thing I have extended to Chrome is uBlock Origin, then again I haven't cleared cookies/cache in a very long time.

If I have it again I will try to use IE or Edge to disprove extensions/cache.

I appreciate the help so far if you need any logs/etc to help figure out what it may have been let me know and I can provide them.

Same here with pfsense 2.4.4-RELEASE (amd64)
kompiliert am: Thu Sep 20 09:03:12 EDT 2018
FreeBSD 11.2-RELEASE-p3

pid 81079 (ntopng), uid 0: exited on signal 11 (core dumped)

:(

uninstalled with deleting settings, reinstalled, no change.
I'm using squid and squidguard, snort and lightsquid...

@johnpoz Hi John first congrats with the Moderator status 👍

@johnpoz said in More control on egress:

Just curious with so many different nodes - do you have these devices broken out into different vlans... For example you mention iot - do you have that isolated and locked down in any way?

Yes, these nodes are across 10 VLAN's (to name but a few IoT, Printers, Guests etc.). The reason is just as you mentioned, IoT's are locked down. Printers for instance are accessible from LAN, WLAN and Guest and to let them be accessible for IOS I have Avahi Enabled (Bonjour/Zeroconf proxy).

@johnpoz said in More control on egress:

What your going to find is pretty much all traffic going to be http/https.. Unless you have a lot of console game play or something? Are you actually using pop/smtp? You use fat clients for emails? Ie like outlook or thunderbird or something?

Yes, pop/smtp is used, maybe soon IMAP .

@johnpoz said in More control on egress:

Most of the traffic is prob going to be https traffic - so unless you plan on doing mitm on your own devices.. Other than say seeing that iot device phoned home via https to some amazon IP your not going to get much info, etc.

You are right https will not be readable and MiTM (man-in-the-middle) is not what I am planning on my own devices ;)

I was having an issue with Lets Encrypt certs as well. They worked fine for PFSense GUI, they just were not working for ntopng. As other's have indicated, when using the LE certs, the browser was giving a "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" and the process core dumps when restarting. When using other SSL/TLS testing tools (like testssl.sh), the port was open by no TLS handshake was happening, no cipher was being offered.

Originally I was using a 384bit ECDSA LE certificate.

What seems to have allowed me to work around the issue was switching to a 2048 bit RSA certificate. Earlier in the thread @spambait mentioned that didn't help him, so not sure why it's working for me. I did manually cat the key and fullchain into the ntopng/httpdocs/ssl/ntopng-cert.pem file.

Switching certificate types in the existing certificate did not seem to actually change the type of certificate being generated. I had to create an entirely new certificate (Services -> Acme Certificates -> Certificates -> + Add).

@highc said in Report of network traffic by email:

You can do this with vnstat (the Status_Traffic_Totals package) and the mailreport package.

Install both, get vnstat going, and then under Status -> Email reports add a line that will mail you regularly (e.g., daily at midnight) the output of the commands

/usr/local/bin/vnstat -i pppoe0; /usr/local/bin/vnstat -i pppoe0 -h

which in this case would be the statistics for the pppoe0 interface.

For mailreport to work, you need to have setup System -> Advanced -> Notifications (the SMTP part there).

Better still create a shell script and run it with what ever options you want:-

[2.4.4-RELEASE][admin@pfsense] /root/scripts: more vnstat-daily
#!/bin/csh
foreach int ( igb0.2 igb0.3 igb0.4 igb0.5 igb0.6 igb0.7 enc0 pppoe0 )
echo
/usr/local/bin/vnstat -i $int -h
echo
end

Then don't do MitM. Use squid explicitly in conjunction with WPAD.