Gene, ntop accepts BPF filters (do man tcpdump) Regards, Luca
Gene Anderson wrote: > Good day. I'm new to using ntop and have been using it to monitor some > site uplinks - very handy tool. I am hoping to find out if ntop can send > email alerts if specific traffic is detected, like say a port scan or if a > client is doing a massive DoS attack, etc. > > So I tried adding: > > -B "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit 10 action alarm > rearm 90" > > and > > --filter-expression "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit > 10 action alarm rearm 90" > > and neither expression works in my /etc/ntop.conf config file. I'm new to > using Linux and even newer still to stuff like ntop and I know enough to > be dangerous. So I'm not sure what I'm doing wrong. Can someone please > point out what I'm sure is obvious and tell me what I'm doing wrong in > trying to have ntop filter expressions? TIA. > > > Gene Anderson > Computer Technician, Microsoft Certified Professional > Pembina Hills Regional Division No.7 > Phone: (780) 674-8535 ext 6860 > email: [EMAIL PROTECTED] > > "Passwords are like bubble gum, strongest when fresh, should never be > used by groups and create a sticky mess when left laying around" > > -anon > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > -- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ skype://lucaderi/ Don't be encumbered by past history. Go off and do something wonderful - Robert Noyce _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
