Hello all, We catch statistics thru netflow from our border gateway, but I don't understand how to ntop\netflow plug-in distinguish local from remote networks. Even if I specify local networks in -m switch, all networks are considered as local.
I enabled ADDRESS_DEBUG in global_defines.h and the log shows (I masqueraded our networks to a.a.a.0 and b.b.b.0): Aug 5 08:10:50 dc7800-img ntop[5108]: Address: 59.190.167.225 Aug 5 08:10:50 dc7800-img ntop[5108]: Network: a.a.a.0 Aug 5 08:10:50 dc7800-img ntop[5108]: NetMask: 255.255.255.0 Aug 5 08:10:50 dc7800-img ntop[5108]: DEBUG: 59.190.167.225 comparing [b.b.b.0/255.255.255.0] Aug 5 08:10:50 dc7800-img ntop[5108]: **WARNING** ADDRESS_DEBUG: 59.190.167.225 is NOT pseudolocal Aug 5 08:10:50 dc7800-img ntop[5108]: DEBUG: 59.190.167.225 comparing [a.a.a.0/255.255.255.0] Aug 5 08:10:50 dc7800-img ntop[5108]: **WARNING** ADDRESS_DEBUG: 59.190.167.225 is NOT pseudolocal Aug 5 08:10:50 dc7800-img ntop[5108]: **WARNING** ADDRESS_DEBUG: 59.190.167.225 [deviceId=1] is remote And in the same time http://dc7800-img:3000/59.190.167.225.html? reports that the host is in local: ... Host Location Local (inside specified/local subnet or known network list) ... As result I can't get the correct reports re L->R, L->L traffic. All hosts are local. In the same time if I specify -g (--track-local-hosts), all remote networks are gone and I see hosts in networks specified in -m only. But actually it is not what I want, since the purpose is to have traffic reports between local and remote networks... Am I doing something wrong? Regards, Nickolai _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
