Re: [Ntop] Warning flags?

[Burton Strauss III]

Read the man page and FAQ.  Search Google…

 

http://www.mail-archive.com/n...@unipi.it/msg07003.html

 

"Q. What are High/Medium/Low risk flags

A. They are set in reportUtils.c based on fairly self-obvious functions:

      Medium: hasWrongNetmask()

      High: hasDuplicatedMac()

   Often seen if you are monitoring a backbone or common network (high)

   or if you have cloned MAC addresses for, say, a home Firewall box."

 

It sounds like you’ve got some good ideas for both documentation and/or 
changing the behavior of ntop.  It’s pretty simple: make ntop do what YOU want 
and submit the patch to Luca.  If it solves a general problem, then he’s always 
happy to have the help.

 

-----Burton

 

From: ntop-boun...@listgateway.unipi.it 
[mailto:ntop-boun...@listgateway.unipi.it] On Behalf Of Tomas Larsson
Sent: Saturday, June 12, 2010 11:51 AM
To: n...@unipi.it
Subject: Re: [Ntop] Warning flags?

 

Then an explanation why it thinks its an warning would be a good idea.

For example, why should it warn for “wrong netmask” I ´cant figure out why this 
warning is there.

Warnings (or errors) that are not correct does not fill any purpose.

Why should it warn for susoicius behavior on tom many host contacts, when the 
actual hoos shuld have many contacts.

Some sort of configuration for these warnings would be good, otherwise they 
fill absolutely no purpose, just dead code that weights to much.

 

With Best regards

Tomas Larsson

Sweden

www.ebaman.com

 

Från: ntop-boun...@listgateway.unipi.it 
[mailto:ntop-boun...@listgateway.unipi.it] För Burton Strauss III
Skickat: den 12 juni 2010 18:35
Till: n...@unipi.it
Ämne: Re: [Ntop] Warning flags?

 

That’s why they are warnings, vs. errors – we don’t KNOW it’s a problem, but it 
has tripped a simple-minded test.

 

-----Burton

 

From: ntop-boun...@listgateway.unipi.it 
[mailto:ntop-boun...@listgateway.unipi.it] On Behalf Of Tomas Larsson
Sent: Saturday, June 12, 2010 10:31 AM
To: n...@unipi.it
Subject: Re: [Ntop] Warning flags?

 

Whats the point with them, since they obviously aren’t correct anyway.

 

With Best regards

Tomas Larsson

Sweden

www.ebaman.com

 

Från: ntop-boun...@listgateway.unipi.it 
[mailto:ntop-boun...@listgateway.unipi.it] För Gary Gatten
Skickat: den 12 juni 2010 16:23
Till: 'n...@unipi.it'
Ämne: Re: [Ntop] Warning flags?

 

Somethings can be tweaked, and maybe disabled in "globals-defines.h", which 
will require a recompile. Others I think are deeper in the source. To my 
knowledge there is no "easy" way to get rid of / tune these, but check the man, 
FAQ, and online (embedded) doc to be sure.

 

  _____  

From: ntop-boun...@listgateway.unipi.it <ntop-boun...@listgateway.unipi.it> 
To: n...@unipi.it <n...@unipi.it> 
Sent: Sat Jun 12 08:10:37 2010
Subject: [Ntop] Warning flags? 

How do I disable all these ”error” flags that reports errors when there aren’t 
any.

I.E 

·  Medium RiskWrong network mask or bridging enabled

·  Medium RiskSuspicious activities: too many host contacts

 

With Best regards

Tomas Larsson

Sweden

www.ebaman.com

 

Från: ntop-boun...@listgateway.unipi.it 
[mailto:ntop-boun...@listgateway.unipi.it] För Tomas Larsson
Skickat: den 12 juni 2010 12:33
Till: n...@unipi.it
Ämne: Re: [Ntop] Possible errors in the latest release.

 

Compiled and up and running, since half an hour or so.

One thing I’ve noticed, it only sees half of the hosts on the local network

Furthermore, my CENTOS 5.3(5) router/GW is identified as Win95

My CENTOS 5.3 server  is identified as linux 2.4

 

With Best regards

Tomas Larsson

Sweden

www.ebaman.com

 

Från: ntop-boun...@listgateway.unipi.it 
[mailto:ntop-boun...@listgateway.unipi.it] För Tomas Larsson
Skickat: den 10 juni 2010 12:48
Till: n...@unipi.it
Ämne: Re: [Ntop] Possible errors in the latest release.

 

Thanks, will do over the weekend.

For now, I’ve deleted everything in the data-dir (/var/ntop) except the 
ntop–pw.db file, restarted, and it seems to work, at least for now.

My guess is that ntop screwed up something and couldn’t recover from it.

 

With Best regards

Tomas Larsson

Sweden

www.ebaman.com

 

Från: ntop-boun...@listgateway.unipi.it 
[mailto:ntop-boun...@listgateway.unipi.it] För Luca Deri
Skickat: den 10 juni 2010 10:21
Till: n...@unipi.it
Ämne: Re: [Ntop] Possible errors in the latest release.

 

Tomas
I have put in SVN a fix for the problem you reported. Please resync, delete 
your prefs and let me know

Cheers Luca


On 06/09/2010 02:01 PM, Tomas Larsson wrote: 

 
 
  

Mon Jun  7 21:18:13 2010  [rrdPlugin.c:2810] **WARNING** RRD:
      

rrd_update(/var/ntop/rrd/interfaces/eth0/IP_DNSFlows.rrd) error: Unable to
connect to rrdcached: failed to resolve address `(null)' (port 42217): Name
or service not known
  

Mon Jun  7 21:18:13 2010  [rrdPlugin.c:2810] **WARNING** RRD:
      

rrd_update(/var/ntop/rrd/interfaces/eth1/throughput.rrd) error: Unable to
connect to rrdcached: failed to resolve address `(null)' (port 42217): Name
or service not known
  

   
      

 
  

make sure that you have configured the rrd plugin NOT to use rrdcached 
daemon
    

 
  

Regards Luca
    

 
How do I do that can't find any info, would that configuration change by
itself?
 
Regards Tomas
 
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
  

 

<<image001.gif>>

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop