On Jun 23, "Scott Cameron" wrote: > Hi guys, > > I'm curious if there is a simple method of aggregating data between what I > like to consider "groups". A group will consist of subnet(s) within the > netflow data, for which I want to see data on, as opposed to "the big > picture". > > Let's say I want to set group A as 172.16.10.0/22. I want to set group B as > 172.16.0.0/23. I want to be able to see the details for each group, rather > than host-based data. I realize this isn't really what ntop was designed > for, but I like what ntop is capable of and the fact that it is free. > > I am also curious if it's possible to change the rrdtool plugin to > accomplish this? As it stands, it will create an RRA for each host. I'd > like to do some aggregation, but not sure where to begin. > > Or, if there's similar tools which will accomplish this for netflow v5, I'd > love to know about it.
I don't have an ntop answer for you, but flow-tools can do a lot of what you're asking for. You can use flow-capture or flow-receive to catch the flows, funnel them through flow-tag to get your subnets, flow-xlate them to mask out the host bits, then send them to ntop. Does anybody know what ntop would think of seeing a source or destination address with the last n bits masked out? Mike _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
