b) I don't understand if when restart the server with ntop, the archives of data is lose.
Read the FAQ entry on -S at http://snapshot.ntop.org - you are correct, ntop does not store ALL of the data - what's stored is the "static" information. Check out util.c: 1767 void storeHostTrafficInstance() {} which calls util.c: 1813 void resetHostsVariables() {} you'll see that most of the data is in fact not stored void resetHostsVariables(HostTraffic* el) { FD_ZERO(&(el->flags)); resetUsageCounter(&el->contactedSentPeers); resetUsageCounter(&el->contactedRcvdPeers); resetUsageCounter(&el->contactedRouters); el->fullDomainName = NULL; el->dotDomainName = NULL; el->hostSymIpAddress[0] = '\0'; el->osName = NULL; el->nbHostName = NULL; el->nbDomainName = NULL; el->nbDescr = NULL; /* Fix courtesy of Francis Pintos <[EMAIL PROTECTED]> */ el->atNodeName = NULL; memset(el->atNodeType, 0, sizeof(el->atNodeType)); el->routedTraffic = NULL; el->ipxHostName = NULL; el->numIpxNodeTypes = 0; el->portsUsage = NULL; el->protoIPTrafficInfos = NULL; el->tcpSessionList = NULL; el->udpSessionList = NULL; el->nextDBupdate = 0; el->icmpInfo = NULL; el->dnsStats = NULL; el->httpStats = NULL; el->dhcpStats = NULL; resetUsageCounter(&el->contactedSentPeers); resetUsageCounter(&el->contactedRcvdPeers); resetUsageCounter(&el->contactedRouters); el->secHostPkts = NULL; } where /* Host Traffic */ typedef struct hostTraffic { u_int hashListBucket; u_int16_t numUses; HostSerial hostSerial; struct in_addr hostIpAddress; time_t firstSeen; time_t lastSeen; /* time when this host has sent/rcvd some data */ time_t nextDBupdate; /* next time when the DB entry for this host will be updated */ u_char ethAddress[ETHERNET_ADDRESS_LEN]; u_char lastEthAddress[ETHERNET_ADDRESS_LEN]; /* used for remote addresses */ char ethAddressString[18]; char hostNumIpAddress[17], *fullDomainName; char *dotDomainName, hostSymIpAddress[MAX_HOST_SYM_NAME_LEN], *osName; u_short minTTL, maxTTL; /* IP TTL (Time-To-Live) */ struct timeval minLatency, maxLatency; /* NetBIOS */ char nbNodeType, *nbHostName, *nbAccountName, *nbDomainName, *nbDescr; /* AppleTalk*/ u_short atNetwork; u_char atNode; char *atNodeName, *atNodeType[MAX_NODE_TYPES]; /* IPX */ char *ipxHostName; u_short numIpxNodeTypes, ipxNodeType[MAX_NODE_TYPES]; fd_set flags; TrafficCounter pktSent, pktRcvd, pktDuplicatedAckSent, pktDuplicatedAckRcvd; TrafficCounter lastPktSent, lastPktRcvd; TrafficCounter pktBroadcastSent, bytesBroadcastSent; TrafficCounter pktMulticastSent, bytesMulticastSent, pktMulticastRcvd, bytesMulticastRcvd; TrafficCounter lastBytesSent, lastHourBytesSent, bytesSent, bytesSentLoc, bytesSentRem; TrafficCounter lastBytesRcvd, lastHourBytesRcvd, bytesRcvd, bytesRcvdLoc, bytesRcvdFromRem; float actualRcvdThpt, lastHourRcvdThpt, averageRcvdThpt, peakRcvdThpt, actualSentThpt, lastHourSentThpt, averageSentThpt, peakSentThpt; float actualRcvdPktThpt, averageRcvdPktThpt, peakRcvdPktThpt, actualSentPktThpt, averageSentPktThpt, peakSentPktThpt; unsigned short actBandwidthUsage; TrafficCounter lastCounterBytesSent, last24HoursBytesSent[25], lastDayBytesSent, lastCounterBytesRcvd, last24HoursBytesRcvd[25], lastDayBytesRcvd; /* Routing */ RoutingCounter *routedTraffic; /* IP */ PortUsage **portsUsage; /* 0...TOP_ASSIGNED_IP_PORTS */ TrafficCounter ipBytesSent, ipBytesRcvd; TrafficCounter tcpSentLoc, tcpSentRem, udpSentLoc, udpSentRem, icmpSent, ospfSent, igmpSent; TrafficCounter tcpRcvdLoc, tcpRcvdFromRem, udpRcvdLoc, udpRcvdFromRem, icmpRcvd, ospfRcvd, igmpRcvd; TrafficCounter tcpFragmentsSent, tcpFragmentsRcvd, udpFragmentsSent, udpFragmentsRcvd, icmpFragmentsSent, icmpFragmentsRcvd; /* Interesting Packets */ SecurityHostProbes *secHostPkts; /* non IP */ IcmpHostInfo *icmpInfo; TrafficCounter stpSent, stpRcvd; /* Spanning Tree */ TrafficCounter ipxSent, ipxRcvd; TrafficCounter osiSent, osiRcvd; TrafficCounter dlcSent, dlcRcvd; TrafficCounter arp_rarpSent, arp_rarpRcvd; TrafficCounter arpReqPktsSent, arpReplyPktsSent, arpReplyPktsRcvd; TrafficCounter decnetSent, decnetRcvd; TrafficCounter appletalkSent, appletalkRcvd; TrafficCounter netbiosSent, netbiosRcvd; TrafficCounter qnxSent, qnxRcvd; TrafficCounter otherSent, otherRcvd; ProtoTrafficInfo *protoIPTrafficInfos; /* info about IP traffic generated/rcvd by this host */ IpGlobalSession *tcpSessionList, *udpSessionList; /* list of sessions initiated/rcvd by this host */ UsageCounter contactedSentPeers; /* peers that talked with this host */ UsageCounter contactedRcvdPeers; /* peers that talked with this host */ UsageCounter contactedRouters; /* routers contacted by this host */ ServiceStats *dnsStats, *httpStats; DHCPStats *dhcpStats; /* *************** IMPORTANT *************** If you add a pointer to this struct please go to resurrectHostTrafficInstance() and add a NULL to each pointer you added in the newly resurrected. *************** IMPORTANT *************** */ } HostTraffic; This leaves the following set: actBandwidthUsage actualRcvdPktThpt actualRcvdThpt actualSentPktThpt actualSentThpt appletalkRcvd appletalkSent arp_rarpRcvd arp_rarpSent arpReplyPktsRcvd arpReplyPktsSent arpReqPktsSent atNetwork atNode averageRcvdPktThpt averageRcvdThpt averageSentPktThpt averageSentThpt bytesBroadcastSent bytesMulticastRcvd bytesMulticastSent bytesRcvd bytesRcvdFromRem bytesRcvdLoc bytesSent bytesSentLoc bytesSentRem decnetRcvd decnetSent dlcRcvd dlcSent ethAddress[ETHERNET_ADDRESS_LEN] ethAddressString[18] firstSeen hashListBucket hostIpAddress hostNumIpAddress[17] hostSerial icmpFragmentsRcvd icmpFragmentsSent icmpRcvd icmpSent igmpRcvd igmpSent ipBytesRcvd ipBytesSent ipxNodeType[MAX_NODE_TYPES] ipxRcvd ipxSent last24HoursBytesRcvd[25] last24HoursBytesSent[25] lastBytesRcvd lastBytesSent lastCounterBytesRcvd lastCounterBytesSent lastDayBytesRcvd lastDayBytesSent lastEthAddress[ETHERNET_ADDRESS_LEN] lastHourBytesRcvd lastHourBytesSent lastHourRcvdThpt lastHourSentThpt lastPktRcvd lastPktSent lastSeen maxLatency maxTTL minLatency minTTL nbAccountName nbNodeType netbiosRcvd netbiosSent numUses osiRcvd osiSent ospfRcvd ospfSent otherRcvd otherSent peakRcvdPktThpt peakRcvdThpt peakSentPktThpt peakSentThpt pktBroadcastSent pktDuplicatedAckRcvd pktDuplicatedAckSent pktMulticastRcvd pktMulticastSent pktRcvd pktSent qnxRcvd qnxSent stpRcvd stpSent tcpFragmentsRcvd tcpFragmentsSent tcpRcvdFromRem tcpRcvdLoc tcpSentLoc tcpSentRem udpFragmentsRcvd udpFragmentsSent udpRcvdFromRem udpRcvdLoc udpSentLoc udpSentRem If you read the names, these are all simple, basic counts about the HOST's traffic. Not the sessions between hosts and not the network loads... So, you get situations like this: Info about host swallowtail IP Address 192.168.42.3 [unicast] First/Last Seen 04/18/02 07:33:53 - 04/18/02 07:38:22 [4:29] ... Report created on Thu Apr 18 07:38:22 2002 [1:21] (Notice ntop has been up 1:21 but the time span for information about the host is 4:29 - that's -S data) -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pellegrini Giuliano Sent: Thursday, April 18, 2002 5:05 AM To: [EMAIL PROTECTED] Subject: [Ntop] Ntop Question. Italian: Salva e tutti amici della lista, vi scrivo perch� avrei un paio di questioni da chiedervi in merito ad Ntop. a) Avrei la necessit� di poter determinare il traffico totale in un periodo di tempo: es: dal 01/01/2002 al 01/02/2002 per verificare il consumo mensile. E' possibile ? Se non � fattibile � possibile utilizzare qualche altra applicazione che si "agganci" ad Ntop ? b) Non ho capito se nel momento in cui ntop si riavvia ( riavvio server ) tutto lo storico viene perso. Io ho impostato S=1,ma non ho la certezza di poter avere sempre lo storico. c) Nella sezione Stats/Plugins � solo attivo l' icmpWatch, � corretto ? English: Hi list, I write to you because I have a questions. a) For my work, is important to know the total traffic in the range period. Example. Is possible to know the totale traffic from 1 January 2002 to 26 April 2002 ? For my work is important to know the total traffic for mounth. If isn't possible this option, can I insert another program that work with ntop for give me the report in the period range ? b) I don't understand if when restart the server with ntop, the archives of data is lose. I have try to set the flag S=1 but I'm not sure if this the correct way. c) In the section Stats/Plugin is active only icmpWatch, is right or wrong ? Grazie a tutti per l'attenzione. Thanking in advance and sorry for my english. Giuliano. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
