Kaiser it means that host 192.168.112.88 has created, as client, an excessive number of new flow requests (i.e. connections on different ports) in the past few seconds. The flow reported is just an example
We're still tuning the algorithm, but in the future ntopng will be able to identify hosts that are likely to misbehave, and of course to avoid generating alerts for server hosts Luca On 01/22/2014 03:58 PM, [email protected] wrote: > Hi, > > We found a Queue Alter in our ntopng installation, > > something like > Wed Jan 22 17:47:32 2014 Error Flows Flood Host 192.168.112.88 on > flow UDP 192.168.112.88:28462 > 111.221.77.159:40011 [proto: 0/Unknown][1/0 > pkts][181/0 bytes] [27 hits] > > > > what is [1/0 pkts][181/0 bytes] [27 hits] means? Anyone know it? > > br, > kaiser > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
