Hi Luca, Thanks for your answer, it explains the behavior I mentioned. There is any way to keep historical information for non-local hosts?
If I wanted to make a backup from the historical information, which folder/folders should I backup "/storage/nProbe"? Thanks, Daniel On 8 January 2014 10:59, Luca Deri <[email protected]> wrote: > Daniel, > only local hosts are stored in cache for later restore. This to avoid > caching too much stuff. Might this explain the behaviour you are observing? > > Regards Luca > > > > On 01/08/2014 10:47 AM, Daniel Gomez wrote: > > Hi Neil, > > I am seeing a similar behaviour. A host that appeared on the list of hosts > and from which I could retrieve information (total traffic, protocols, > activity patterns, ASN, geo, etc.) is after "some" inactivity not anymore > accessible. > > Most probably as you said the host drops from cache due to lack of > recent activity. > > Unfortunately I cannot find any like to retrieve the information from > cache, it just appears a: > > Host xx.xx.xx.xx cannot be found.Perhaps this host has been previously > purged from memory or it has never been observed by this ntopng instance. > > I am also interested on a way to debug this "feature". > > Regards, > > Daniel > > > On 8 January 2014 04:03, Neil Bartlett <[email protected]> wrote: > >> Hi Guys >> >> I have some unexpected behaviour from my ntopng installation. I've very >> recently started using ntopng, so I'm not sure if what I'm observing is >> correct or an issue. >> >> I'm running an instance ntopng that I built from r7148 on Raspberry Pi. >> I've configured ntopng to listen to an interface (interface 3, eth1) that >> is a port mirror of my WAN connection via a Netgear GS108E switch. The >> connection is lightly loaded at approx 100MB over 30 mins. >> >> Is the following behaviour working correctly ... ? >> >> Packet data is accumulated. Looking at a particular host via the web >> interface, all looks good. I can see sensible total traffic, protocols, >> activity patterns, ASN, geo, etc. The behaviour I'm interested in occurs >> when the host drops from cache due to lack of recent activity -- maybe even >> after just a few minutes of inactivity. >> >> If I search for the host using the search input box on the main web >> interface, the returned web page correctly states that the host is not in >> cache and provides a link to force the return of the host information from >> cache. If I select the link, the host information re-appears (note there is >> sometimes a grey busy icon along side the ip address for a few seconds -- I >> assume to indicate that the host info is being retrieved). So far so good. >> >> However, the host information is missing the previous data. >> >> If I now force the host to generate packets (eg browse a web site from >> the host), the original host (before the cache miss) data reappears. >> However, under these circumstances, the "First Seen" time is as of the most >> recent set of packets -- even though the traffic and the protocol tabs >> "correctly" contain the full set of information since ntopng was restarted. >> (Obviously, I'm assuming this information is correct -- at the very least >> it appears sensible). >> >> In addition once this state has occurred the "historical" tab contains >> incorrect information. The exact state of "incorrectness" is variable, but >> most often the manifestation is that the "Total Traffic" information is >> lower than the original total traffic before the cache miss, but often much >> more than the traffic that has occurred since the recent "First Seen" time. >> ie it sits somewhere between the two. >> >> BTW The above behaviour is repeatable and I've now seen it four times >> despite reboots and rebuilds. >> >> So is the above correct behaviour? I'm assuming it is incorrect; I >> would have assumed that the search return from cache should have >> re-instantiated the cache miss data in the first place. If the behaviour is >> not correct, is there any recommended approach I should take to debug it ? >> I looked for an option to debug build ntopng but didn't find one. >> >> Anyhow, I'm really liking the ntopng so far. It looks great and has >> already helped me achieve part of my aim of figuring out the cause of some >> unexplained bandwidth usage at Chez Bartlett. >> >> Thx >> Neil Bartlett >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> > > > -- > *The Flow is a mystery to many, and it may only be visible when it is not > presen*t. > > > _______________________________________________ > Ntop mailing > [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > -- *The Flow is a mystery to many, and it may only be visible when it is not presen*t.
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
