Agent Configuration¶

nProbe Agent supports a few options (command line parameters), to see an updated list please simply enter the command nprobe-agent -h. Example:

-h                          | Print this help
-v                          | Verbose output
[-z|--zmq <option>]         | Specify the ZMQ endpoint to which JSON data will be delivered
[-k|--kafka <broker>,<topic>]
                            | Exports flows to the specified Kafka <topic>, using the list of
                            | brokers retrieved from the metadata obtained from <broker>
-e                          | Disable eBPF polling
-n                          | Disable Netlink polling
-l                          | Discard loopback information
-L                          | Discard listening sockets
[-V|--version]              | Display probe version
[-C|--check-license]        | Checks if the license is present and valid
[-M|--check-maintenance]    | Checks the maintenance status

The most important parameters are briefly discussed in the sections below.

ZMQ Export¶

-z|--zmq <socket>

Specify an endpoint (e.g., tcp://\*:5556) that will be used to deliver flows to subscribers polling the socket. Example:
nprobe-agent --zmq tcp://\*:5556
ntopng can be used to analyze the flows generated by nProbe Agent in JSON format through ZMQ. When used with ntopng, nProbe Agent can act as a remote and light probe and ntopng as a central network monitoring console. Example:
ntopng -i tcp://*:1234c -m "192.168.2.0/24"

Kafka Export¶

-k|--kafka <broker>,<topic>

Export data to the specified Kafka <topic>. The list of brokers which will be used for the export is obtained from the metadata retrieved from <broker>.

Currently, eBPF and Netlink data is exported to the same <topic>.

Assuming a topic named test is available through a broker on 127.0.0.1:9092, one can use the following configuration
nprobe-agent -k 127.0.0.1:9092,test

Working Mode¶

-e

Disables eBPF polling. eBPF provides information about traffic flows (creation, deletion, and updates). This includes accept/connect/connection-failed/close/retransmit events for TCP, send/recv for UDP. Admin rights (root) are required in order to run eBPF.

-n

Disables Netlink polling. Netlink provides periodic network status information (e.g. established connections) and traffic statistics on interfaces.

-l

Discards information for the loopback interface.

-L

Discards information for listening sockets.

License¶

--check-license

Checks if the configured license is valid.

--check-maintenance

Checks if the configured license is valid and shows maintenance information.

-V|--version

This flag is used to print the nProbe Agent version number and date, as well as other information.

Misc¶

-v

Using this flag, nProbe Agent generates verbose output.

-h: print help

Prints the nProbe Agent help.