Hello, Can you tell me if there is a way to save host information (via redis or mysql) and load it automatically when starting ntopng ?
Best reguards, Mathieu 2016-03-22 9:59 GMT+01:00 Simone Mainardi <[email protected]>: > Mathieu, > > Please, feel free to contribute the additional page on github, we would > like to consider integrating it in our code. > > To answer your question, the present data structure only allows to keep > first and last seen overall. > > Simone > > On Mon, Mar 21, 2016 at 10:00 PM, Mathieu Fourcroy < > [email protected]> wrote: > >> The first method works very well. I am trying to add a page to the >> host_details.lua which would display an activity map or a timeline showing >> the periods where the host was using an IP address. It would look something >> like: >> >> IP1 |xxxxxxxxxx xxxxxxxxx | >> IP2 | xxxxxx | >> IP3 | xx| >> >> It's easy to get the first seen and last seen time for a given host (IP >> address) but do you know a way to get periods of time >> Like if the (sticky) host is active from 5am to 10am, then idle until 1pm >> and active again until now: do you know a way to get something like: >> [{"start": 5am, "end": 10am}, {"start": 10am, "end": 1pm}, {"start": 1pm, >> "end": null}] >> >> I don't know if it is possible with the actual host data structure but >> please let me know if it is possible. >> >> Thanks in advance, >> Mathieu >> >> >> 2016-03-16 18:05 GMT+01:00 Simone Mainardi <[email protected]>: >> >>> Mathieu, there are at least two ways you can accomplish this: >>> >>> 1. make local hosts sticky and then navigate to >>> page hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF is the >>> MAC address of interest. Since local hosts will not be purged, you will >>> find here the whole list of IP addresses seen with the given MAC >>> 2. export flows to Elastic Search, there will be two fields named >>> IN_SRC_MAC and OUT_DST_MAC that you can search against a MAC of interest to >>> see the list of IP addresses that have used it. >>> >>> Simone >>> >>> On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I'm new to ntopng and I wonder if it is possible for a given local host >>>> (MAC address) to obtain or display a list of its successive IP addresses on >>>> the network. >>>> If a network card is using a first IP address on the network then it >>>> stops using this one and use a second, different, IP address on the >>>> network. Will ntopng distinguish two hosts with same MAC and differen IP or >>>> will it just overwrite the first IP address for the single host ? >>>> >>>> Thanks in advance, >>>> Mathieu >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
