qk. I said that it now works. The problem now is that the data which it shows disappeare at the next refresh. So the data is recieved and processed, but is not persistent between two browser refreshes, as is the case when using the eth0, not the netflow-device. The point is if it's mandatory to use persistente-database like mysql or rrd when using netflow-device.
Thanks On Mon, May 10, 2004 at 01:34:27PM -0500, Burton M. Strauss III wrote: > Have actually read what I wrote? > > I said "The flows data you're looking at is useless. It's just a count of > packets captured by libpcap which it sends into the plugin via the handle > packet interface. Since netFlow doesn't have one, of course it's zero." > > Useless. Don't worry about it being zero. It's USELESS. > > > You still haven't answered my implicit question, so I'll make it explicit: > > Is there data in the protocol counts from netFlow?? Specifically All > Protocols | Traffic and IP Summary | Traffic? > > If so, netFlow is working correctly... > > > Now, if you are finding that using --disable-instantsessionpurge isn't > working, that may be because netFlow doesn't track sessions. I don't > remember - there was a discussion on the mailing list a while back about > this, although I can't put my fingers on it. > > > If you read man ntop: > > --disable-instantsessionpurge > ntop sets completed sessions as "timed out" and then purge them > almost > instantly, which is not the behavior you might expect from the > discus- > sions about purge timeouts. This switch makes ntop respect the > time- > outs for completed sessions. It is NOT the default because a busy > web > server may have 100s or 1000s of completed sessions and this > would > significantly increase the amount of memory ntop uses. > > > "...and then purge them almost instantly". Purged data isn't shown (it's > PURGED), so even if netFlow IS tracking sessions, all you SHOULD expect to > see is the few long-duration connections such as ssh. Not the http > connections - those live only a few ms. > > > -----Burton > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > thefly > > Sent: Monday, May 10, 2004 12:41 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Ntop] ntop+netflow > > > > > > What is actually happening, is that the information i got inside > > summary->hosts are shown, but soon after cancelled (or sometimes even > > not shown, if it happens between two refreshes), they aren't stored > > somewhere. That's why it seamed they weren't processed at all. The > > Summary->Netflows is 0 anyway. I guess the only solution would be to put > > data inside a database, but i find this behaviour strange anyway. And > > anyway, why the stats are 0? Is it for the problem you pointed out > > before? i tryed starting it with --disable-instantsessionpurge, but > > maybe it doesn't mean anything to it. > > > > > > On Mon, May 10, 2004 at 12:03:32PM -0500, Burton M. Strauss III wrote: > > > See in-line... > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > > > thefly > > > > Sent: Monday, May 10, 2004 10:45 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [Ntop] ntop+netflow > > > > > > <snip /> > > > > > > > Thanks, now everything is clear. > > > > > > Yes, but it would be helpful to others to have that data... > > > > > > > I must admit i don't have the problem clear at this point. What i'm > > > > using is a FreeBSD router with ng_netflow. With my tcpdump i see the > > > > flow starting to my workstation, at the end of each www connection i'm > > > > doing here and there, for test. Ntop should show me these connections, > > > > thery are normal www. But what i get in Summpary->Traffic and > > others is > > > > NULL, as i told you about the Summpary->Netflow stats. Being my > > > > situations *standard* i don't know what's wrong with it, and therefore > > > > can't understand what i should trace inside the code, i mean, i don't > > > > know what to look for. Or maybe you'r just telling me that my > > > > configuration isn't standard, and that's why i should put some > > > > traceEvent to see what's wrong? > > > > > > There are two possibilities - > > > > > > 1. If there's other data but just no closed sessions, read the > > docs/FAQ and > > > man ntop discussion about --disable-instantsessionpurge > > > > > > > > > 2. If there's no data period, then somehow you're not getting counters > > > incremented and the place I showed in the code is the one that > > would 'drop' > > > them without a message. So what I was telling you to do was to put that > > > message in there so we could see which path is being taken.... > > > > > > -----Burton > > > > > > > > > > > > > > TIA > > > > > > _______________________________________________ > > > Ntop mailing list > > > [EMAIL PROTECTED] > > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > > > > > -- > > Claudio "thefly" Martella > > [EMAIL PROTECTED] > > GNU/PG keyid: 0x8EA95625 > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > > -- Claudio "thefly" Martella [EMAIL PROTECTED] GNU/PG keyid: 0x8EA95625
signature.asc
Description: Digital signature
