Alek when you see an alert like the one you reported it means that ntopng has detected malicious traffic towards such host. In the alerts section inside ntopng you can see the list of flows that have been reported as malicious, otherwise using -F you can dump them to a database for later analysis
Luca > On 03 Sep 2015, at 10:46, alek markus <[email protected]> wrote: > > > hello, > > does someone using ntopng categorizes hosts? > > i have read in ntopng DOCS > > In order to use these categorization services you need to obtain a key from > Google > at https://developers.google.com/safe-browsing/key_signup > <https://developers.google.com/safe-browsing/key_signup> > > Once you have the key available, you can start > ntopng -c KEY ... > > > well i have a google key and ntopng is runing with this configuration : > > 03/Sep/2015 11:42:54 Enabled Host categorization with key > 03/Sep/2015 11:42:54 Working directory: /var/tmp/ntopng.old > 03/Sep/2015 11:42:54 Scripts/HTML pages directory: /usr/share/ntopng > 03/Sep/2015 11:42:54 Welcome to ntopng x86_64 v.2.0.150827 - (C) 1998-15 > ntop.org <http://ntop.org/> > 03/Sep/2015 11:42:54 Built on CentOS release 6.6 (Final) > > > i have entered to this malicious site : anfette.org <http://anfette.org/> > (at your risk) > > but i cant understand where can i see if the host entred to malicious site or > not ? > > Best Regards, > > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
