I'll take a crack at it. -mel via cell
On Jun 12, 2010, at 12:29 PM, "Tomas Larsson" <[email protected]<mailto:[email protected]>> wrote: Yes I have ideas, my thoughts are that warnings with no purpose, makes you missing the correct ones. If I had the knowledge, I would happily contribute, but the lacks thereof, makes it quite impossible. With Best regards Tomas Larsson Sweden www.ebaman.com<http://www.ebaman.com> Från: [email protected]<mailto:[email protected]> [mailto:[email protected]] För Burton Strauss III Skickat: den 12 juni 2010 19:28 Till: <mailto:[email protected]> [email protected]<mailto:[email protected]> Ämne: Re: [Ntop] Warning flags? Read the man page and FAQ. Search Google… <http://www.mail-archive.com/[email protected]/msg07003.html>http://www.mail-archive.com/[email protected]/msg07003.html "Q. What are High/Medium/Low risk flags A. They are set in reportUtils.c based on fairly self-obvious functions: Medium: hasWrongNetmask() High: hasDuplicatedMac() Often seen if you are monitoring a backbone or common network (high) or if you have cloned MAC addresses for, say, a home Firewall box." It sounds like you’ve got some good ideas for both documentation and/or changing the behavior of ntop. It’s pretty simple: make ntop do what YOU want and submit the patch to Luca. If it solves a general problem, then he’s always happy to have the help. -----Burton From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Tomas Larsson Sent: Saturday, June 12, 2010 11:51 AM To: <mailto:[email protected]> [email protected]<mailto:[email protected]> Subject: Re: [Ntop] Warning flags? Then an explanation why it thinks its an warning would be a good idea. For example, why should it warn for “wrong netmask” I ´cant figure out why this warning is there. Warnings (or errors) that are not correct does not fill any purpose. Why should it warn for susoicius behavior on tom many host contacts, when the actual hoos shuld have many contacts. Some sort of configuration for these warnings would be good, otherwise they fill absolutely no purpose, just dead code that weights to much. With Best regards Tomas Larsson Sweden www.ebaman.com<http://www.ebaman.com> Från: [email protected]<mailto:[email protected]> [mailto:[email protected]] För Burton Strauss III Skickat: den 12 juni 2010 18:35 Till: <mailto:[email protected]> [email protected]<mailto:[email protected]> Ämne: Re: [Ntop] Warning flags? That’s why they are warnings, vs. errors – we don’t KNOW it’s a problem, but it has tripped a simple-minded test. -----Burton From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Tomas Larsson Sent: Saturday, June 12, 2010 10:31 AM To: <mailto:[email protected]> [email protected]<mailto:[email protected]> Subject: Re: [Ntop] Warning flags? Whats the point with them, since they obviously aren’t correct anyway. With Best regards Tomas Larsson Sweden www.ebaman.com<http://www.ebaman.com> Från: [email protected]<mailto:[email protected]> [mailto:[email protected]] För Gary Gatten Skickat: den 12 juni 2010 16:23 Till: '[email protected]<mailto:'[email protected]>' Ämne: Re: [Ntop] Warning flags? Somethings can be tweaked, and maybe disabled in "globals-defines.h", which will require a recompile. Others I think are deeper in the source. To my knowledge there is no "easy" way to get rid of / tune these, but check the man, FAQ, and online (embedded) doc to be sure. ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Sent: Sat Jun 12 08:10:37 2010 Subject: [Ntop] Warning flags? How do I disable all these ”error” flags that reports errors when there aren’t any. I.E • <image001.gif>Wrong network mask or bridging enabled • <image001.gif>Suspicious activities: too many host contacts With Best regards Tomas Larsson Sweden www.ebaman.com<http://www.ebaman.com> Från: [email protected]<mailto:[email protected]> [mailto:[email protected]] För Tomas Larsson Skickat: den 12 juni 2010 12:33 Till: <mailto:[email protected]> [email protected]<mailto:[email protected]> Ämne: Re: [Ntop] Possible errors in the latest release. Compiled and up and running, since half an hour or so. One thing I’ve noticed, it only sees half of the hosts on the local network Furthermore, my CENTOS 5.3(5) router/GW is identified as Win95 My CENTOS 5.3 server is identified as linux 2.4 With Best regards Tomas Larsson Sweden www.ebaman.com<http://www.ebaman.com> Från: [email protected]<mailto:[email protected]> [mailto:[email protected]] För Tomas Larsson Skickat: den 10 juni 2010 12:48 Till: <mailto:[email protected]> [email protected]<mailto:[email protected]> Ämne: Re: [Ntop] Possible errors in the latest release. Thanks, will do over the weekend. For now, I’ve deleted everything in the data-dir (/var/ntop) except the ntop–pw.db file, restarted, and it seems to work, at least for now. My guess is that ntop screwed up something and couldn’t recover from it. With Best regards Tomas Larsson Sweden www.ebaman.com<http://www.ebaman.com> Från: [email protected]<mailto:[email protected]> [mailto:[email protected]] För Luca Deri Skickat: den 10 juni 2010 10:21 Till: <mailto:[email protected]> [email protected]<mailto:[email protected]> Ämne: Re: [Ntop] Possible errors in the latest release. Tomas I have put in SVN a fix for the problem you reported. Please resync, delete your prefs and let me know Cheers Luca On 06/09/2010 02:01 PM, Tomas Larsson wrote: Mon Jun 7 21:18:13 2010 [rrdPlugin.c:2810] **WARNING** RRD: rrd_update(/var/ntop/rrd/interfaces/eth0/IP_DNSFlows.rrd) error: Unable to connect to rrdcached: failed to resolve address `(null)' (port 42217): Name or service not known Mon Jun 7 21:18:13 2010 [rrdPlugin.c:2810] **WARNING** RRD: rrd_update(/var/ntop/rrd/interfaces/eth1/throughput.rrd) error: Unable to connect to rrdcached: failed to resolve address `(null)' (port 42217): Name or service not known make sure that you have configured the rrd plugin NOT to use rrdcached daemon Regards Luca How do I do that can't find any info, would that configuration change by itself? Regards Tomas _______________________________________________ Ntop mailing list <mailto:[email protected]>[email protected]<mailto:[email protected]> <http://listgateway.unipi.it/mailman/listinfo/ntop>http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
