Doug,
Many things in your email...
> open source software the documentation is extremely sparse but I guess =
> thats a common=20
> occupational hazard :) I've searched through the mailing list archives =
Well there IS some documnetation with Ntop, and mailing list is a kind
of interactive documentation too.
> for hours without finding
> any information of use, and the specific FreeBSD link is apparently =
> broken ... at least email
Agreed.
> Both were installed using the "ports" facility. There doesn't appear to =
> be a command to=20
> check exactly what versions I have, but judging from the =
> /usr/ports/net/ntop/README.html=20
> files, both machines appear to have ntop version 1.1
You should be able to get a newer version from the web site
(WWW.NTOP.ORG).
> every machiine on local LAN, but only gives results in table format (I =
> can't figure how to=20
> get graphs). This machine has no functional CVS.
Only very recent versions of Ntop (released during December) include
all libraries needed for drawing graphs. Graphs are based on GD
library, that is based on several libraries (zlib, jpeg,
png...). Latest versions of Ntop come with all libraries bundled.
One more reason to get latest verion.
CVS client is a standard in FreeBSD.
> Second machine is the POP site, 4.1 RELEASE running an ethernet link to =
> an ISP .... it=20
> starts OK in the interactive mode but apparently only monitors the "x10" =
> link to the ISP
> from whom we buy our internet connectivity ... no data for the 26 serial =
> interfaces can be=20
Did you try to specify a -I option (well I think that's the option to
specify what interface you want to monitor).
> viewed. When I try starting webmode I get "-w is disabled for security =
> reasons"
What port number did you use with option -w? In order to use a port
number lower than 1024 (priviledged port), you must run Ntop as root.
Talking about security reason, allowing some software like Ntop to run
on a server is a bigger security risk, as it means you must be able to
set the interface in promicuity mode. In my opinion this mode should
not be allowed in the kernel of a server.
> There is no .ntop file, and it certainly hasn't been told to disable =
> anything bar some non-essential
> services that we consider a security risk (telnet / rlogin / etc
.ntop is not essential, I never set one.
Best regards,
Olivier
