If you configure rrd you can get historical data there - its not as easy to find as the realtime/24 hour data. You can also dump the collected data using several options and store it for history reference. Generally speaking it takes some effort for historical data!
Keep in mind that many tools including ntop won't catch all p2p traffic as it seems everything is using http as a transport. Often times you'll need something that can look beyond layer 4 to properly classify traffic. If you have cisco stuff check out NBAR. Gary ----- Original Message ----- From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Fri Mar 27 03:47:57 2009 Subject: Re: [Ntop] Ntop Usage M.A. TAMON > I’m using ntop on a SuSE box. > > I noticed that it appears I can only look at real-time information, not > historical when it comes to viewing something like All Protocols -> > Traffic. Is this true? True ... only information stored within the memory structures is displayed ... ie realtime. > > The only thing that appears to be historical is the summary page. > > The issue is this…. We are a school and I’m trying to find out who is using > P2P software. I am unable to drill down in the summary to find out which > hosts were responsible for running a P2P software. If you want to be able to drill down into the past, I will suggest u take a look at trisul [http://www.unleashnetworks.com/news-and-events/open-source-trisul-launched.html] > > Am I missing something? Is there a better way to do this? The only way so > far is for me to actually monitor All Protocols -> Traffic and catch it > while it’s happening. > > > Thanks, > > S Elliott > > > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
