Look into the rrd plugin - it creates time series databases of the ntop data.
Snort does lose packets - that's the subject of the thread pointer I sent you in the last message. ---------- Original Message ---------------------------------- From: rmkml <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Thu, 12 Dec 2002 10:52:09 +0100 >Thanks, > >example : >I start ntop on 01Dec >I stop ntop on 10 Dec > >ok I view pcap stats on 10 Dec (when ntop stop) > >I find pcap stats on daily ? > >I like snort, because : >snort start, >killall -USR1 snort >->I view pcap stats, and I view if snort (or kernel) drop packets ... >snort always run (just view pcap stats) > >Regards > > > >"Burton M. Strauss III" wrote: > >> I'm still not following you... try using more words and a bigger/better >> example... >> >> As a guess - If you're having libpcap problems, you might do a google >> search... >> http://archives.neohapsis.com/archives/snort/2002-07/0364.html sounded >> interesting >> >> If the NIC or the OS can't keep up, then they'll drop packets. S'be'it ... >> you need enough hardware to keep up with the network traffic. >> >> Once the NIC receives a packet, it's queued to libpcap which handles them as >> it can. Unless you're running a woefully underpowered system, libpcap >> doesn't usually drop packets - I mean, it can, given that it runs in user >> space (it could run out of buffer memory, etc.), but it's rare. Most packet >> capturing systems don't run much else. >> >> Once the packet is given to libpcap, it passes them on based on who is >> capturing what (the bpf filters). In the case of ntop, that means feeding >> them into the ntop queue for processing. You can lose packets here - ntop >> counts them (info.html). Still, if you aren't completely maxed out, you'll >> eventually catch up - we've discussed this on the list in the past and it's >> in the docs/FAQ -- 'Q. How much horsepower do I need to run ntop on a >> network of size x?' >> >> -----Burton >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf >> Of rmkml >> Sent: Wednesday, December 11, 2002 4:50 PM >> To: [EMAIL PROTECTED] >> Subject: Re: [Ntop-dev] question about pcap stats on ntop ... >> >> Thanks for reply, >> >> ok ntop use libpcap library, >> >> but libcpcap drop packet on heavy load network, >> >> and I access on pcap stat on shutdown ntop process ? >> >> I find this pcap stat Ten minutes (example) >> >> Regards. >> >> _______________________________________________ >> Ntop-dev mailing list >> [EMAIL PROTECTED] >> http://listgateway.unipi.it/mailman/listinfo/ntop-dev > >_______________________________________________ >Ntop-dev mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop-dev > ____________________________________________________________ Free 20MB Web Site Hosting and Personalized E-mail Service! Get It Now At Doteasy.com http://www.doteasy.com/et/ _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
