Did read the FAQ, but completely misinterpreted it. Thought it meant single quotes, not double quotes.
Silly me, and thanks for the help. Kurt On 4/25/06, Burton Strauss <[EMAIL PROTECTED]> wrote: > Read docs/FAQ - you need "s around the filter expression. > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kurt > Buff > Sent: Tuesday, April 25, 2006 2:34 PM > To: [email protected] > Subject: [Ntop] Adding BPF expression to ntop.sh > > Howdy, > > I'm trying to add a filter to exclude the traffic between a firewall and its > management station, and have the following problem. > > ntop.sh with the following line works just fine (without the surrounding > double quotes): > > "additional_args='-U -a -o -P /home/ntop/ntop -m 192.168.8.0/24'" > > ntop.sh with the following line (again, without the surrounding double > quotes) dies - logs below my sig: > > "additional_args='-U -a -o -P /home/ntop/ntop -m 192.168.8.0/24 -B not ((src > host 192.168.8.2 and dst host 192.168.10.88) or (src host > 192.168.10.88 and dst host 192.168.8.2))'" > > If I put more single quotes after -B, it dies an even worse death, talking > about mismatched parens, and suchlike. > > Anyone have a clue for me? I'm running FreeBSD 6.0-RELEASE, ntop 3.2, from > ports > > Kurt > > Apr 25 12:14:41 zntop ntop[51624]: CLEANUP[t147189248]: ntop caught signal > 15 > Apr 25 12:14:41 zntop ntop[51624]: THREADMGMT[t147189248]: ntop > RUNSTATE: SHUTDOWN(7) > Apr 25 12:14:41 zntop ntop[51624]: CLEANUP[t147189248] catching > thread is unknown > Apr 25 12:14:41 zntop ntop[51624]: CLEANUP: Running threads NPA SFP > SIH WEB DNSAR1 NPS1 > Apr 25 12:14:41 zntop ntop[51624]: THREADMGMT[t134613504]: NPA: > network packet analyzer (packet pr > ocessor) thread terminated [p51624] > Apr 25 12:14:41 zntop ntop[51624]: THREADMGMT[t147185664]: DNSAR(1): > Address resolution thread ter > minated [p51624] > Apr 25 12:14:41 zntop ntop[51624]: STATS: 892,356 packets received > by filter on xl0 > Apr 25 12:14:41 zntop ntop[51624]: STATS: 3,304 packets dropped > (according to libpcap) > Apr 25 12:14:41 zntop ntop[51624]: STATS: 0 packets dropped (by ntop) > Apr 25 12:14:41 zntop kernel: xl0: promiscuous mode disabled > Apr 25 12:14:41 zntop ntop[51624]: THREADMGMT[t147187200]: > NPS(1,xl0): pcapDispatch thread termina > ted [p51624] > Apr 25 12:14:41 zntop ntop[51624]: CLEANUP: Locking purge mutex (may > block for a little while) > Apr 25 12:14:41 zntop ntop[51624]: CLEANUP: Locked purge mutex, > continuing shutdown > Apr 25 12:14:41 zntop ntop[51624]: CLEANUP: Continues (still running > SFP SIH WEB) > Apr 25 12:14:41 zntop ntop[51624]: FREE_HOST: Start, 2 device(s) > Apr 25 12:14:41 zntop ntop[51624]: FREE_HOST: End, freed 1228 > Apr 25 12:14:41 zntop ntop[51624]: FREE_HOST: Start, 2 device(s) > Apr 25 12:14:41 zntop ntop[51624]: FREE_HOST: End, freed 0 > Apr 25 12:14:41 zntop ntop[51624]: PLUGIN_TERM: Unloading plugins (if any) > Apr 25 12:14:41 zntop ntop[51624]: LASTSEEN: Thanks for using LsWatch > Apr 25 12:14:42 zntop ntop[51624]: LASTSEEN: Done > Apr 25 12:14:42 zntop ntop[51624]: ICMP: Thanks for using icmpWatch > Apr 25 12:14:42 zntop ntop[51624]: ICMP: Done > Apr 25 12:14:42 zntop ntop[51624]: NETFLOW: Terminating NetFlow > Apr 25 12:14:42 zntop ntop[51624]: NETFLOW: terminating device > NetFlow-device.2 > Apr 25 12:14:42 zntop ntop[51624]: NETFLOW: Thanks for using ntop NetFlow > Apr 25 12:14:42 zntop ntop[51624]: NETFLOW: Done > Apr 25 12:14:42 zntop ntop[51624]: RRD: Shutting down, locking mutex > (may block for a little while > ) > Apr 25 12:14:42 zntop ntop[51624]: RRD: Locked mutex, continuing shutdown > Apr 25 12:14:42 zntop ntop[51624]: THREADMGMT[t147189248]: RRD: > killThread(rrdThread) succeeded > Apr 25 12:14:42 zntop ntop[51624]: THREADMGMT[t147189248]: RRD: > killThread(rrdTrafficThread) succe > eded > Apr 25 12:14:42 zntop ntop[51624]: THREADMGMT[t147189248]: RRD: > Waiting 12 seconds for threads to > stop > Apr 25 12:14:48 zntop ntop[51624]: THREADMGMT[t134614528]: SIH: Idle > host scan thread terminated [ > p51624] > Apr 25 12:14:49 zntop ntop[51624]: THREADMGMT[t134610944]: Main > thread shutting down > Apr 25 12:14:50 zntop ntop[51624]: THREADMGMT[t134614016]: SFP: > Fingerprint scan thread terminated > [p51624] > Apr 25 12:14:50 zntop ntop[51624]: THREADMGMT[t147186176]: WEB: > Server connection thread terminate > d [p51624] > Apr 25 12:14:50 zntop ntop[51624]: THREADMGMT[t147186688]: RRD: Data > collection thread stopping [p > 51624] State>RUN > Apr 25 12:14:50 zntop ntop[51624]: THREADMGMT[t147186688]: RRD: Data > collection thread terminated > [p51624] > Apr 25 12:14:54 zntop ntop[51624]: THREADMGMT[t147189248]: RRD: > Plugin shutdown continuing > Apr 25 12:14:54 zntop ntop[51624]: RRD: Thanks for using the rrdPlugin > Apr 25 12:14:54 zntop ntop[51624]: RRD: Done > Apr 25 12:14:55 zntop ntop[51624]: CLEANUP: Freeing device xl0 (idx=0) > Apr 25 12:14:55 zntop ntop[51624]: CLEANUP: Freeing device > NetFlow-device.2 (idx=1) > Apr 25 12:14:55 zntop ntop[51624]: TERM: Removed pid file > (/home/ntop/ntop/ntop.pid) > Apr 25 12:14:55 zntop ntop[51624]: CLEANUP: Clean up complete > Apr 25 12:14:55 zntop ntop[51624]: THREADMGMT[t147189248]: ntop > RUNSTATE: TERM(8) > Apr 25 12:14:55 zntop ntop[51624]: =================================== > Apr 25 12:14:55 zntop ntop[51624]: ntop is shutdown... > Apr 25 12:14:55 zntop ntop[51624]: =================================== > Apr 25 12:15:02 zntop ntop[51726]: THREADMGMT[t134610944]: ntop > RUNSTATE: PREINIT(1) > Apr 25 12:15:02 zntop ntop[51726]: THREADMGMT[t134610944]: ntop > RUNSTATE: INIT(2) > Apr 25 12:17:59 zntop ntop[51736]: THREADMGMT[t134610944]: ntop > RUNSTATE: PREINIT(1) > Apr 25 12:17:59 zntop ntop[51736]: THREADMGMT[t134610944]: ntop > RUNSTATE: INIT(2) > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
