Thank you for your answer Simone. When I start ntopng it does not automatically load previous hosts if these hosts are idle (do not send or receive packets). It does load some statistics when the host starts begin active but the "first seen" value is reseted. Is there a way to load every local hosts even if they are not living on the network anymore and load the "first_seen" value also.
Thank you very much for your answers I really appreciate it. Mathieu 2016-03-23 10:23 GMT+01:00 Simone Mainardi <[email protected]>: > Mathieu, redis host persistency is enabled by default for local and system > hosts. They are dumped on exit and loaded back on startup. > > Simone > > On Wed, Mar 23, 2016 at 10:10 AM, Mathieu Fourcroy < > [email protected]> wrote: > >> Hello, >> Can you tell me if there is a way to save host information (via redis or >> mysql) and load it automatically when starting ntopng ? >> >> Best reguards, >> Mathieu >> >> 2016-03-22 9:59 GMT+01:00 Simone Mainardi <[email protected]>: >> >>> Mathieu, >>> >>> Please, feel free to contribute the additional page on github, we would >>> like to consider integrating it in our code. >>> >>> To answer your question, the present data structure only allows to keep >>> first and last seen overall. >>> >>> Simone >>> >>> On Mon, Mar 21, 2016 at 10:00 PM, Mathieu Fourcroy < >>> [email protected]> wrote: >>> >>>> The first method works very well. I am trying to add a page to the >>>> host_details.lua which would display an activity map or a timeline showing >>>> the periods where the host was using an IP address. It would look something >>>> like: >>>> >>>> IP1 |xxxxxxxxxx xxxxxxxxx | >>>> IP2 | xxxxxx | >>>> IP3 | xx| >>>> >>>> It's easy to get the first seen and last seen time for a given host (IP >>>> address) but do you know a way to get periods of time >>>> Like if the (sticky) host is active from 5am to 10am, then idle until >>>> 1pm and active again until now: do you know a way to get something like: >>>> [{"start": 5am, "end": 10am}, {"start": 10am, "end": 1pm}, {"start": >>>> 1pm, "end": null}] >>>> >>>> I don't know if it is possible with the actual host data structure but >>>> please let me know if it is possible. >>>> >>>> Thanks in advance, >>>> Mathieu >>>> >>>> >>>> 2016-03-16 18:05 GMT+01:00 Simone Mainardi <[email protected]>: >>>> >>>>> Mathieu, there are at least two ways you can accomplish this: >>>>> >>>>> 1. make local hosts sticky and then navigate to >>>>> page hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF is >>>>> the >>>>> MAC address of interest. Since local hosts will not be purged, you will >>>>> find here the whole list of IP addresses seen with the given MAC >>>>> 2. export flows to Elastic Search, there will be two fields named >>>>> IN_SRC_MAC and OUT_DST_MAC that you can search against a MAC of interest >>>>> to >>>>> see the list of IP addresses that have used it. >>>>> >>>>> Simone >>>>> >>>>> On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I'm new to ntopng and I wonder if it is possible for a given local >>>>>> host (MAC address) to obtain or display a list of its successive IP >>>>>> addresses on the network. >>>>>> If a network card is using a first IP address on the network then it >>>>>> stops using this one and use a second, different, IP address on the >>>>>> network. Will ntopng distinguish two hosts with same MAC and differen IP >>>>>> or >>>>>> will it just overwrite the first IP address for the single host ? >>>>>> >>>>>> Thanks in advance, >>>>>> Mathieu >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
