Gary, et al,
Yeah - I was wondering about the NAT thing. Our Cisco routers can only export to a total of 2 flow destinations. Also, each router we have has several networks, each run by different entities. One entity isn't supposed to see ntop data from the other entity. So, the idea was to set up a ntop process for each entity/network and then limit access to that ntop process on a username/password basis. However, since we can only have two export destinations per router and a router might have 5-20 networks on it, I thought I'd just export one flow to the ntop box, it'd parse things out and each process could "share" the data and do its own thing. Maybe not :-( Thank you though - I'll look into the NAT idea.... --Greg Redder -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten Sent: Tuesday, February 12, 2008 1:21 PM To: [email protected] Subject: Re: [Ntop] 2 ntop processes each running netflow listening on sameport.... If you can't change the udp port ntop listens on I'm not sure what to do. I have a couple instances both listening to maybe... 8 - 10 different ports for different netflows. If there's nothing "requiring" you to run multiple instances, don't do it. If you can't change the netflow port the router sends to, MAYBE you could do some NAT on the ntop box to make the ports unique before ntop see the traffic? So router a.b.c.d:2055 doesn't get nat'd, but router w.x.y.z:2055 get's nat'd to w.x.y.z:2056? This should work - might take a loopback interface or something... Gary -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Redder,Greg Sent: Tuesday, February 12, 2008 2:15 PM To: [EMAIL PROTECTED] Subject: [Ntop] 2 ntop processes each running netflow listening on sameport.... Dear NTOP community, I am running ntop3.2 on Fedora Core 6. I have two ntop processes running using different config files and listening on different http ports. One process is configured to listen on one ethernet card and the other on another ethernet card. Each card has a separate network spanned (mirrored) to it. This works great. What I ran into is that I'm trying to do the same thing in another spot on our network where I can't do a span port. So, instead, I feed the ntop box flows from one of our Cisco routers to port 2055. This works fine for one process, but when I start up the other - the first process stops processing data. It looks like it's working, but none of the data actually changes anymore - it's static from the time the other process was started. What appears to be happening is that the last netflow plugin to get started trumps the previous one. Sending data from the router to two different ports isn't an option in my environment :-( I have each netflow plugin configured with a different device name and different data directories. So, I don't think the conflict is in that part. Thus, I'm wondering if there's anyway to get two ntop processes to coexist... each using their netflow plugin and reading in netflow data from the same port? Thank you --Greg Redder Network Analyst Colorado State University ======================================================================== ======= Greg Redder Academic Computing & Networking Services Colorado State University, ACNS Phone:(970)491-7222 FAX: (970)491-1958 601 S. Howes, Room 625 E-mail: [EMAIL PROTECTED] Fort Collins, CO 80523 PGP Fprint:CD62EAE6227D96FC7C232B16DFE3B5D9B2F64352 ======================================================================== ======= _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
