That works for the 2.5 GB download. But I have another download - a replication job, that lasts ~12 hours. A real time flow display shows it in progress, but a historical view of the same time frame does not show that replication job at all. Is that because the flow has been in progress for 12+hours ??
On Tue, Sep 16, 2014 at 10:37 AM, Filippo Fontanelli <[email protected]> wrote: > Neil, > As you can read in the ntopng user guide, ntopng save the expired flows > every five minute in a SQLite db. > > Probably in your case, if the downloading process during more than 5 > minute, you have to set the time interval from 9:30 to 9:40. > > Please can you try and let me know? > > Regards > Filippo > > On Tuesday, September 16, 2014, Neil Page <[email protected]> wrote: > >> NtopNG v. 1.2.2 (r8210) >> I'm seeing a huge inconsistency between what is displayed in a live flow >> compared to what is displayed in a 5-minute historical flow on the same >> interface during the same time frame. >> >> This is all done using a second NIC, in promiscuous mode, sniffing >> traffic on a mirrored port on a switch. >> >> I've been experimenting with this a lot lately, and it's 100% >> reproducible. I set my ntopng collector interface to eth1 (the sniffing >> interface). Ntopng runs fine - and the live flows are very accurate. I use >> a test host to download a very large 2.5 GB file from the internet. The >> live flow shows this download very accurately. The download starts at 09:30 >> and takes just over 5 minutes to complete. I wait until around 09:45 then I >> change the ntopng interface to "Historical". I then load the data between >> 09:30 and 09:35. I then examine the flows; there is _NOTHING_ there >> regarding that huge 2.5 GB download. The host never shows up, the download >> itself is never listed. Nothing. >> >> Can you help me understand why this might happen? I need the historical >> dumps to be accurate for diagnostic purposes. >> >> Thanks in advance, >> Neil >> > > > -- > Filippo > > Sent from my iPhone, > sorry for typos. > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
