It's not easy. ntop doesn't maintain history in a simple array, rather it keeps buckets that refer to the current minute and the 60 prior ones, the 24 prior hours and the 30 prior days.
It then uses internal timers to roll data over into these buckets from current values. Unfortunately, this means that there is no way to "fool" the clock with old xFlow data. At least not one I can think of off hand... -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:ntop-admin@;unipi.it]On Behalf Of Martin Hierling Sent: Thursday, October 24, 2002 6:43 AM To: NTop Liste Subject: [Ntop] ntop reads wrong date from netflows Hi, me again. testing it and so it comes that i found some things concerning me. I've set up my box to capture all netflows to disk (with flow-tools). NTop seems to be a tool for short time analysis. So, when i want some graphs from last month i tried: flow-cat 2002-08 | flow-send -V5 127.0.0.1/127.0.0.1/5555 that sends all flows from 2000-08 (about 400Gig real traffic, not flows) to ntop. but ntop (listening on port 5555) sadly reads system date and not FlowDate. As shown in http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_installation _guide_chapter09186a0080080e30.html#11770 the date is in Byte 08-11. So, the stats are somehow wrong (not that it is so baaaad th have 280MBit/s on our E3) because ntops getting the months traffic in about 3 hours. Something easy to fix, i think. regards Martin -- ---------------------------------------------------------------- DOS never says "EXCELLENT command or filename, Dude!" ---------------------------------------------------------------- _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
