i have updated today 10:00 morning , now im using ntopng Community v.2.0.150910 (Package ntopng-2.0.150910-430.x86_64) so i will open a bug on github.
From: [email protected] Date: Thu, 10 Sep 2015 16:52:18 +0200 To: [email protected] Subject: Re: [Ntop-misc] does someone using ntopng categorizes hosts? On 10 Sep 2015, at 15:17, alek markus <[email protected]> wrote:Hey , but where i can see that ntopng has detected malicious traffic ? i mean i have entered to alert section in ntopng and i can see only ntopng will generate an alert Alert FunctionThresholdbytes > = < Bytes delta (sent + received)dns > = < DNS traffic delta bytes (sent + received)p2p > = < Peer-to-peer traffic delta bytes (sent + received)packets 1. btw , my ntopng is sending data to ElasticSearch+Kibana , is there any way to see if malicious traffic detected ? we can mark this traffic as bad in kibana. Please file an enhancement request 2. how can i send more information to elastichSearch ? i want to create Tile Map , when i select Aggregation i have an error message : No Compatible Fields: The "ntopng-*" index pattern does not contain any of the following field types: geo_point please upgrade ntopng then if the problem persists file a bug on github Luca Best Regards,Alek From: [email protected] Date: Fri, 4 Sep 2015 07:44:03 +0200 To: [email protected] Subject: Re: [Ntop-misc] does someone using ntopng categorizes hosts? Alekwhen you see an alert like the one you reported it means that ntopng has detected malicious traffic towards such host. In the alerts section inside ntopng you can see the list of flows that have been reported as malicious, otherwise using -F you can dump them to a database for later analysis Luca On 03 Sep 2015, at 10:46, alek markus <[email protected]> wrote: hello, does someone using ntopng categorizes hosts? i have read in ntopng DOCS In order to use these categorization services you need to obtain a key from Googleat https://developers.google.com/safe-browsing/key_signup Once you have the key available, you can startntopng -c KEY ... well i have a google key and ntopng is runing with this configuration : 03/Sep/2015 11:42:54Enabled Host categorization with key03/Sep/2015 11:42:54Working directory: /var/tmp/ntopng.old03/Sep/2015 11:42:54Scripts/HTML pages directory: /usr/share/ntopng03/Sep/2015 11:42:54Welcome to ntopng x86_64 v.2.0.150827 - (C) 1998-15 ntop.org03/Sep/2015 11:42:54Built on CentOS release 6.6 (Final) i have entered to this malicious site : anfette.org (at your risk) but i cant understand where can i see if the host entred to malicious site or not ? Best Regards, _______________________________________________Ntop-misc mailing [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc_______________________________________________Ntop-misc mailing [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
