Re: [Ntop] Historical IP and/or protocol reports

Warren, are you using the latest dev version? On Tue, Mar 7, 2017 at 9:32 AM, Warren Daly (OPUS) wrote: > Hi, > > there is no log entry in /var/log/ntopng/ntopng.log > > I have 2 issues: > > > ISSUE A: > > /lua/if_stats.lua?id=36&page=historical > The chart works. > Talkers = No Results Found >

Re: [Ntop] ntopng+nprobe+cisco asa netflow - now all times = asa reboot time.

set up using the repo from > apt-ntop-stable.deb instead of apt-ntop.deb. I did not realize the > un-tagged version was a development branch when I first set up. > > > > > > > > -- > *From:* ntop-boun...@listgateway.unipi.it unipi.it> on behalf

Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

; > It seems like the existing repositories at http://packages.ntop.org/ > apt/16.04/​ are nightly builds, not stable releases. > > > > -- > *From:* ntop-boun...@listgateway.unipi.it unipi.it> on behalf of Simone Mainardi > *Sent:* Friday, M

Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

cs/inc/hosts_stats_bottom.inc > > > > Not sure if the “null interface” and “no allowed interface” bits are the > issue. > > > > My browser-inspect isn’t showing any obvious errors. > > > > *From:* ntop-boun...@listgateway.unipi.it [mailto: > ntop-boun...@listgate

Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

ds suggests they're being exported > often. > Please, start ntopng in foreground and inspect the console for any error that may occur when visiting the hosts page. Also use your browser to search for any possible JS errors (right-click and inspect element before visiting the empty host

Re: [Ntop] ntopng+nprobe+cisco asa netflow - no hosts..

Hi, Is the clock of the ASA set properly? How often flows are exported? My guess is that timestamps of received flows are not in sync with the ntopng clock and thus hosts are considered idle and not shown in the web UI. You may also want to increase idle timeouts from the ntopng preferences web p

Re: [Ntop] Cento - Is it possible to send sampled rate

Jesse, What would you have to send to the collectors? Sampled flows (e.g., one out of ten flows)? Or do you have to sample packets before sending the flows? However, sampling is not currently implemented in cento so please file a feature request in https://github.com/ntop/nProbe and try to explai

Re: [Ntop] question about nprobe/ntopng sampling rate/scaling factor

Hi, You should use use option --sample-rate with '@' as you want nprobe to rescale statistics from sampled packets but not to sample itself. In your case this should work: --sample-rate @10:1 See the help: [--sample-rate|-S] : | Packet capture sampling rate

Re: [Ntop] Cento round robin or full flow to multiple destinations

ee nprobe has the > option to send full flows by using the “-a” flag. Is there, or will > there be, such an option for Cento? > > > > Kind regards, > > > > Jesse > > > > > > *From:* ntop-boun...@listgateway.unipi.it [mailto:ntop-bounces@ > listgat

Re: [Ntop] Cento round robin or full flow to multiple destinations

Hi Jesse, In cento you should specify multiple collectors by repeating the option (e.g., --v9) multiple times to have flows delivered to each collector in round robin. Regards, Simone On Tue, Feb 28, 2017 at 6:41 PM, Jesse Alexander wrote: > Hello, > > We are using Cento to send netflow to mul

Re: [Ntop] Traffic Amount of Host Summary

Hi Daniel, Just put the subnet "192.168.55.0/24" in "Historical Data Explorer" host field. We have added search support by subnet recently. This feature is available in the dev version. Regards, Simone On Mon, Feb 20, 2017 at 5:59 AM, Daniel Weeber wrote: > Hi Luca, > > no idea how to do th

Re: [Ntop] Historical Data Explorer sometimes is not present

If ntopng starts inPro mode for the first ten minutes, the icon will show up during this time interval. Once the demo mode is expired and ntopng goes back to the community edition, the icon will disappear as it is a pro-only feature. If you want to start ntopng right in community mode, use flag '-

Re: [Ntop] Reset Interface Stats

#x27;t see the buttons you mention anywhere on > the interface page. I am running version 2.4.170202 - Pro Small Business > Edition. > > Thanks, > Chris. > > On 15 February 2017 at 20:40, Simone Mainardi wrote: > >> Hi, >> >> Presently, you have buttons to re

Re: [Ntop] Historical IP and/or protocol reports

Hi, that is definitely possible. You can have this kind of reports in the Professional version. You can generate historical reports (e.g., top applications / ip / AS / etc) as well as obtain detailed per-host reports. The latter requires MySQL flow export to be enabled. See http://www.ntop.org/nt

Re: [Ntop] Reset Interface Stats

Hi, Presently, you have buttons to reset bytes and drops from the interface page (if_stats). We have an enhancement open https://github.com/ntop/ntopng/issues/914 to extend the counters that can be reset. Regards, Simone On Wed, Feb 15, 2017 at 9:35 AM, It Manager wrote: > Hello, > > My fir

Re: [Ntop] Historical Data Update please?

> > Warren > > On 18/05/16 14:57, Warren Daly (OPUS) wrote: > > Thanks Simone, this is fantastic news. More great features to an already > top product. > Thanks. > > > On 18/05/16 14:36, Simone Mainardi wrote: > > Hello Warren, > > The new stable -- whi

Re: [Ntop] automated reports

Not yet, but it's on our todos. Regards, Simone On Thu, Feb 9, 2017 at 3:46 PM, Nicolas Valera wrote: > Hi there! > Is there an automatic way to mail daily reports? > Thanks in advance... > Nicolás. > ___ > Ntop mailing list > Ntop@listgateway.unipi.i

Re: [Ntop] TX/RX display always identical.

Hi, If all the hosts seen fall in local networks, then you will see identical counters local2remote and remote2local. Indeed, the same amount of traffic is counted as egress (i.e., from a local network) and as ingress (i.e., to a local network). Can you please verify if flow src and dst are alway

Re: [Ntop] Sampling factor for Flows

Marat, Typically Cisco ASA emits flows on the basis of an event such as, for example, "a Flow is deleted" or "a Flow is denied". You have to configure your ASA in order to get proper flow exports for the events you care. This is the Cisco ASA NetFlow implementation that explains in detail: https:

Re: [Ntop] Sampling factor for Flows

ontain that option so very likely you have an outdated guide. Regards, Simone > > Cheers!! > > > > *From:* ntop-boun...@listgateway.unipi.it [mailto:ntop-bounces@ > listgateway.unipi.it] *On Behalf Of *Simone Mainardi > *Sent:* 26 January 2017 14:44 > *To:* n...@unip

Re: [Ntop] Sampling factor for Flows

Robert, See option [--collector-sample-rate]| Specify the bytes/pkts collection sample rate (NetFlow only). Regards, Simone On Thu, Jan 26, 2017 at 1:09 PM, Robert Williams wrote: > Hi, > > I’ve just bought a license for nprobe so I can test without the 25k flow > limit, the setup is sim

Re: [Ntop] usage report

the 1M report the WebGUI hangs with half the screen partially > populated, am I asking ntopng to do too much? It’s running on a Dell Power > Edge 1950, Dual Xeon 3GHz, 16GB, PERC RAID 1 > > Dave > > > > *From:* ntop-boun...@listgateway.unipi.it [mailto:ntop-bounces@ > li

Re: [Ntop] usage report

Dear Dave, The Professional version of ntopng contains a report module that allows you to print reports that include top hosts and all the information you mentioned. ntopng, by default, starts in professional mode and stays in that mode for the first 10 minutes of execution. This should enable yo

Re: [Ntop] Excluding hosts or a subnet from being monitored

e --zmq > tcp://*:5556 -b 2 -3 6343 > --as-list=/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat > --city-list=/usr/share/ntopng/httpdocs/geoip/GeoLiteCity.dat -G > --pid-file /var/run/nprobe/nprobe.pid > > Gerhard, > > > On Jan 18, 2017, at 4:01 AM, Simone Mainardi wro

Re: [Ntop] Excluding hosts or a subnet from being monitored

7 [util.c:2278] INIT: Parent process is exiting (this > is normal) > 17/Jan/2017 14:05:57 [util.c:2271] INIT: Bye bye: I'm becoming a daemon... > 17/Jan/2017 14:05:57 [util.c:4036] Initializing ZMQ as server > 17/Jan/2017 14:05:57 [util.c:4079] Succesfully created ZMQ endpoint >

Re: [Ntop] Excluding hosts or a subnet from being monitored

one, > > > > BPF is not supported for collector interfaces. If you want to use it > then specify it on the nProbe. > > Can you show me an example, because I'm not able to do it on nprobe with > the -f option. > > > Gerhard Mourani >

Re: [Ntop] Excluding hosts or a subnet from being monitored

ws on > tcp://127.0.0.1:5556 [ntopng->nprobe] > 13/Jan/2017 15:20:16 [NetworkInterface.cpp:1058] Invalid packet received > [len: 2934][MTU: 1518]. > 13/Jan/2017 15:20:16 [NetworkInterface.cpp:1059] WARNING: If you have > TSO/GRO enabled, please disable it > 13/Jan/2017 15:20:16 [

Re: [Ntop] ntopng zmq format reference

Dear Marat, The quickest thing you can do to figure out the message format is jumping directly to the source code of ntopng. Specifically, look at class CollectorInterface for the ZMQ communication logic, and at class ParserInterface for the actual parsing of data sent through ZMQ. Presently, th

Re: [Ntop] Excluding hosts or a subnet from being monitored

Did you run ntopng with the filter directly from the command line or via > the configuration file? I think the problem happens when the filter is in > the configuration file and you run ntopng to read it in this file. > > Gerhard, > > > On Jan 11, 2017, at 5:13 PM, Simone Mainar

Re: [Ntop] Excluding hosts or a subnet from being monitored

mePrefs.cpp:34] Dumping alerts into syslog > 10/Jan/2017 16:22:02 [Ntop.cpp:531] Adding 169.254.0.0/16 as IPv4 local > network for eth3 > 10/Jan/2017 16:22:02 [Ntop.cpp:561] Adding fe80::250:56ff:fe90:7661/64 as > IPv6 local network for eth3 > 10/Jan/2017 16:22:02 [NetworkInterface.cp

Re: [Ntop] Excluding hosts or a subnet from being monitored

.161013 > - (C) 1998-2016 ntop.org > 09/Jan/2017 14:43:49 [Ntop.cpp:276] Built on CentOS release 6.8 (Final) > 09/Jan/2017 14:43:49 [PeriodicActivities.cpp:53] Started periodic > activities loop... > 09/Jan/2017 14:43:49 [RuntimePrefs.cpp:34] Dumping alerts into syslog > 09/Jan/20

Re: [Ntop] Excluding hosts or a subnet from being monitored

into syslog > 09/Jan/2017 14:43:49 [NetworkInterface.cpp:1538] Started packet polling on > interface tcp://127.0.0.1:5556 [id: 1]... > 09/Jan/2017 14:43:50 [CollectorInterface.cpp:104] Collecting flows on > tcp://127.0.0.1:5556 [ntopng->nprobe] > > Gerhard, > > On Jan 9, 2017,

Re: [Ntop] Excluding hosts or a subnet from being monitored

ttawa 613 689-1539 | Toronto 416 645-5626 > facebook.com/Prival-230867980323343 > linkedin.com/company/prival > > > On Jan 8, 2017, at 5:36 AM, Simone Mainardi wrote: > > Gerhard, > > The filter is correct and properly parsed by ntopng. So what is the issue > you are exper

Re: [Ntop] 2.5.17xxxx - No flows shown, when used with nprobe

Martin, On Sun, Jan 8, 2017 at 5:32 PM, Martin List-Petersen wrote: > After upgrading to 2.5.170108-2130 I have no flows in the flows view .. at > all. > > I have tried to downgrade to 2.5.170106 as I had a copy of that lying > around on a host, that listens on a different network without the us

Re: [Ntop] Excluding hosts or a subnet from being monitored

imone. > > I will try that tomorrow morning. > > Much appreciated. > > > > On January 5, 2017 6:40:25 PM GMT+02:00, Simone Mainardi < > maina...@ntop.org> wrote: > > Brett, the filter is not complete. If you want to exclude 10.0.50.246 > set: > > --packet-fi

Re: [Ntop] Excluding hosts or a subnet from being monitored

/var/run/ntopng.pid > --daemon= > --local-networks="10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" > --packet-filter 10.0.50.246 > -m "10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" > --track-local-hosts > > Regards, > > Brett > > From: Simone Mainardi [mailt

Re: [Ntop] Filtering not working properly

Dear Brett, The filter you have indicated is not valid as reported by ntopng: Simones-MBP:ntopng simone$ sudo ./ntopng -i en0 --packet-filter="ip and not (ip multicast || ether broadcast) and not (src net 10.0.50.200/26)" 08/Jan/2017 11:19:50 [Ntop.cpp:1131] Setting local networks to 127.0.0.0/8

Re: [Ntop] Excluding hosts or a subnet from being monitored

> --packet-filter 10.0.50.246 > > -m "10.0.50.0/25,10.0.50.128/26,10.0.50.193/30" > > --track-local-hosts > > > > Regards, > > > > Brett > > > > *From:* Simone Mainardi [mailto:maina...@ntop.org] > *Sent:* Thursday, January 05,

Re: [Ntop] Excluding hosts or a subnet from being monitored

Hi, --packet-filter is the proper way to do that. Can you please report the exact filter you specified? Also check (and paste) ntopng output. ntopng prints a confirmation message if it has successfully parsed the filter. Regards Simone On Thu, Jan 5, 2017 at 11:14 AM, Brett Stiell (CCIH) < brett

Re: [Ntop] libntapi.so and libntos.so have recently gone missing from the Ubuntu 14.04 pfring deb

6.4.1 and > would conflict with pfring 6.5.0. A number of folks in the Security Onion > community use ntopng in this way, and I have come up with a workaround for > them that separately fetches those library files. I'm just checking in > with you all to seek a more permanent solution.

Re: [Ntop] libntapi.so and libntos.so have recently gone missing from the Ubuntu 14.04 pfring deb

Kevin, that should already been fixed: https://github.com/ntop/PF_RING/commit/f8ec4e582eea852bacc836eb16abd995143080c6 Regards, Simone On Thu, Dec 22, 2016 at 6:50 PM, Kevin Branch wrote: > The pfring deb used to put those libs into /usr/local/lib. > > Specifically, they are missing from > > h

Re: [Ntop] Ntop package for arch linux

Dear Chris, Presently that is not on our roadmap. If you are interested in leading this integration, please see https://github.com/ntop/ntopng/tree/dev/packages and add arch linux package creation for the opensource version. We will be happy to review and test a pull request. If it works then we c

Re: [Ntop] ntop pro reporting on pcap interface

Chris, Reports are generated by crunching statistics collected over time and thus are not supported for pcap files. Traffic traces contained in pcaps are fully processed immediately, hence no historical timeseries (and reports) are available. Regards, Simone On Fri, Dec 9, 2016 at 4:09 AM, Chris

Re: [Ntop] Info request (continued)

ntop-ow...@listgateway.unipi.it > > > > When replying, please edit your Subject line so it is more specific than > "Re: Contents of Ntop digest..." > > > > > > Today's Topics: > > > >1. info request (AIDOUN Mohamed) > >2

Re: [Ntop] info request

Hi, Please see below, On Thu, Nov 24, 2016 at 2:32 PM, AIDOUN Mohamed wrote: > Hi, > > > > First of all sorry for my English… > > > > I’m a new user of Ntop. I’ve installed in on a Ubuntu server 16.04 via > “apt-get install ntopng”. So I do not have the last version. > > Could you please help m

Re: [Ntop] BigIP load balancer with ntopng question

sFlow is designed to only send samples of traffic. For this reason it is not possible to obtain accurate values in the 'realtime top application traffic' as only a fraction of all the packets is actually sent to the nProbe. To obtain accurate information you should use netflow or mirror/tap the Bi

Re: [Ntop] Unknown L7 Protocols

quot;HTTP_URL": "crl.microsoft.com/pki/crl/ > products/MicCodSigPCA_08-31-2010.crl > <http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl> > ", > - "HTTP_METHOD": "GET", > - "HTTP_H

Re: [Ntop] Can't login with chrome browser

For the sake of completeness, these are the login-related issues that have already been solved: https://github.com/ntop/ntopng/issues/700 https://github.com/ntop/ntopng/issues/706 Regards, Simone On Sat, Oct 29, 2016 at 11:34 AM, Luca Deri wrote: > Hi all, > can you please open an issue on git

Re: [Ntop] nprobe and snmp interface numbers

James, you are using an obsolete parameter for nProbe. See this issue: https://github.com/ntop/nProbe/issues/96 Please, use the new parameter --collector-port Regards, Simone On Mon, Oct 31, 2016 at 8:59 PM, James A. Klun wrote: > > I am currently working with nprobe - a new user. > > nProbe

Re: [Ntop] Unknown L7 Protocols

Hi, Please, explain how to reproduce. Enclose a pcap if you think it will help as well. Simone On Fri, Oct 28, 2016 at 10:46 AM, Lutfi Oduncuoglu < lutfioduncuo...@gmail.com> wrote: > Hello, > > I am trying to get L7_PROTO_NAME with nprobe. I am using the nprobe as > below > > nprobe -G -t 60

Re: [Ntop] I can't see the "Search criteria" option

Roberto, The search criteria (this page: https://i1.wp.com/www.ntop.org/wp-content/uploads/2015/10/Screen-Shot-2015-10-11-at-10.44.53.png) are available only in the Professional version of ntopng. Simone On Thu, Oct 20, 2016 at 3:12 PM, Roberto Carna wrote: > Dear, I've installed Ntopng 2.4 on

Re: [Ntop] Adding new services / protocols

Stuart, push your changes in a branch that belongs to your github account. Then, provided that you have forked the repo from ntop/nDPI, then you will be able to send us a pull request. simone On Fri, Oct 14, 2016 at 10:51 AM, Stuart Bailey wrote: > Thanks for your reply Luca, > > I've tried pu

Re: [Ntop] Avoid to start ntopng automatically

ommunity --local-network "mynetwork1/22, munetwork2/22" > > Starts in pro mode ¿?¿?¿? > > > Thanks for all the help. > > ------ > *De:* ntop-boun...@listgateway.unipi.it > en nombre de Simone Mainardi > *Enviado:* jueves, 22 de septiembr

Re: [Ntop] Avoid to start ntopng automatically

Hi, provided that you control ntopng start/stop with systemctl/service then you have to edit configuration file /etc/ntopng/ntopng.conf On Thu, Sep 22, 2016 at 11:19 AM, Juanjillo . wrote: > Thanks luca. > > > But, where? > > > Unitl now i have a manual script that do that. But is this newer ve

Re: [Ntop] Make error

James, thanks for helping Alex. Alex, please follow James' instructions. ntop has been discontinued and replaced by the new generation ntopng. Simone On Thu, Sep 8, 2016 at 7:07 PM, James Lay wrote: > On 2016-09-08 11:00, Alex wrote: > >> Hi, these are the steps I am doing >> >> $ svn co http

Re: [Ntop] ntopng v.2.4.160818 not changing to user when launching

n that case, please post an issue on our github tracker. > > Again, thanks for the replies and suggestions. > Thank you > > -Nicholas > > > On 2016-08-28 02:55, Simone Mainardi wrote: > >> Hi, >> >> As already suggested by James, using a single insta

Re: [Ntop] does not works after finish license

ter > off...@sanlucar.com über diesen Vorgang zu informieren, die E-Mail > ungelesen an uns zurückzusenden und aus Ihrem System zu löschen. > > > > *From:* ntop-boun...@listgateway.unipi.it [mailto:ntop-bounces@ > listgateway.unipi.it] *On Behalf Of *Simone Mainardi > *Sent:* mart

Re: [Ntop] does not works after finish license

ng zu informieren, die E-Mail > ungelesen an uns zurückzusenden und aus Ihrem System zu löschen. > > > > *From:* ntop-boun...@listgateway.unipi.it [mailto:ntop-bounces@ > listgateway.unipi.it] *On Behalf Of *Simone Mainardi > *Sent:* martes, 06 de septiembre de 2016 9:44 > *To:* n...@u

Re: [Ntop] does not works after finish license

essed packets: 0 (max bucket > search: 1) > > 06/Sep/2016 09:34:32 [nprobe.c:2701] Fragment queue length: 0 > > 06/Sep/2016 09:34:32 [nprobe.c:2727] Flow export stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > > 06/Sep/2016 09:34:32 [nprobe.c:2734] Flow collection: [collecte

Re: [Ntop] does not works after finish license

Hi, If you just want to use the community edition, then start ntopng with option --community and it won't even start in professional mode for the first 10 minutes. If you are interested in evaluating the Professional version for more than 10 minutes, you should ask for a new trial or purchase a l

Re: [Ntop] ntop 3.13.0 protocols

Robert, ntop has been discontinued. The new generation ntopng has taken its place. Please upgrade: http://www.ntop.org/products/traffic-analysis/ntop/ Simone On Mon, Aug 29, 2016 at 1:59 PM, Robert van Ommen wrote: > Hi, > > > > I have installed ntop on a debian server. On a previous installat

Re: [Ntop] ntopng v.2.4.160818 not changing to user when launching

Hi, As already suggested by James, using a single instance is recommended to monitor multiple interfaces on the same box. ntopng is also multi-tenant so you have the option to create users and associate interfaces and networks to them. In this way you can create non-privileged users that don't hav

Re: [Ntop] RRD data usage

Hi, Changing the retention policies from the 'On-Disk timeseries' preferences page affects only newly created RRDs. So if you change that policies and you want them to be applied to all the RRDs, then you have to wipe the existing RRDs so they will be re-created. Another thing that you can do is

Re: [Ntop] ntopng for windows - no data from pcap

Hi, Please try and feed ntopng with a file in pcap format (not pcapng). If it keeps not showing data, the please enclose (a part of) the pcap or send it us privately for further inspection. Simone On Wed, Aug 3, 2016 at 2:20 PM, wrote: > I’m probably doing something blatantly stupid here, bu

Re: [Ntop] doubs space in disk

Andrés, One size doesn't fit all. It depends on the number of hosts you have and if you keep historical host L7 statistics. Anyway, RRDs that store this kind of information have a fixed size and don't grow with time. If you also use mysql to retain historical flows, then you'll need extra space f

Re: [Ntop] won't start on boot in Ubuntu 14.04 - starts fine from command line

t; > > > Dave > > > > > > > > > > From: ntop-boun...@listgateway.unipi.it [mailto: > ntop-boun...@listgateway.unipi.it] On Behalf Of Simone Mainardi > Sent: Wednesday, August 3, 2016 6:02 AM > To: n...@unipi.it > Cc: ntop mailing list > Subjec

Re: [Ntop] won't start on boot in Ubuntu 14.04 - starts fine from command line

I've just tried and it works fine here on ubuntu 14. Package installation adds ntopng to the defaults runlevels on post install. >From the log messages you get, it looks like ntopng repeatedly tries to shutdown. When do you get those 'shutting down' messages? Simone On Wed, Aug 3, 2016 at 2:54

Re: [Ntop] Confusion on if nProbe is required

ning nprobe in demo mode to achieve what we need? > the limitation is that is stops after 25000 exported flows > > > Thanks, > > CTSG > > > Quoting Simone Mainardi : > > Hi, see below >> >> On Sat, Jul 30, 2016 at 3:46 PM, wrote: >> >> H

Re: [Ntop] Question on installing an SSL cert to use with ntopng

Polly, see this readme: https://github.com/ntop/ntopng/blob/dev/doc/README.SSL you should cat your own pkey and certificate in /usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem Simone On Tue, Aug 2, 2016 at 7:07 PM, Polly Merkner wrote: > We have a CentOS7 server with ntopng installed on

Re: [Ntop] Trial license

Hi, one of our representatives will contact you at andres.sal...@sanlucar.com for the trial licenses. ntopng Pro has some extra features that are not available in the community edition. Some of those features are: - active packet filtering/shaping in bridge mode - advanced reporting - real-time da

Re: [Ntop] help with ipfix

Hi, Commands look wrong. You need to either use a wildcard or an ip address where you want to bind the nprobe. For example: nprobe --zmq tcp://***:5557 nprobe --zmq tcp://*127.0.0.1*:5557 Simone On Mon, Aug 1, 2016 at 5:02 PM, Andrés Salesa wrote: > Hi, > > > > I tried to gather the flows i

Re: [Ntop] Confusion on if nProbe is required

--zmq-encrypt-pwd at > the same time as the raspberry pi to encrypt the traffic it would cause the > ntopng process to crash on the windows laptop, is there a way to fix this? > zmq encryption is only supported by ntopng when receiving flows from the nprobe, not when exporting them. > >

Re: [Ntop] Confusion on if nProbe is required

o adjust how often the offsite ntopng updates it's > information to our ntopng install? > You don't have to tune this. Delays experienced are due to the fact that flows are exported once expired. > > > Thanks for the assistance. > > > CTSG > > > > Quoting Simo

Re: [Ntop] Confusion on if nProbe is required

be if possible. Is the paid nprobe > required for the ability to use the PI3 in series between the modem and the > switch? > no it is not required, you can just use ntopng. > > Thank you! > > > CTSG > > > > Quoting Simone Mainardi : > > Hi, >> >>

Re: [Ntop] ntop w/MySQL - High CPU wait % and disk writes, slow webui

se? > ntopng does not directly speak netflow. So you need at least one nprobe to collect netflow data and send that data to ntopng. > > Thanks! > > > > > > On 2016-03-11 19:00, Simone Mainardi wrote: > >> The traffic charts enclosed show peaks at around .5 Gbps.

Re: [Ntop] Confusion on if nProbe is required

ted what email > should i use to discuss license orders? you can use the contact form on the ntopng website. Your email will be routed properly. > > > Thank you > > CTSG > > > Quoting Simone Mainardi : > > Hi, see below inserted reply >> >> On Fri, Jul

Re: [Ntop] Confusion on if nProbe is required

license but this has to be decided on a case-by-case basis. > > We want to use ntop on cheap a laptop for now until looking at embedded > style devices. > that's fine. Did you know you can also run ntopng on embedded devices such as ARM (raspberry pi), MIPSEL, etc.? > > Tha

Re: [Ntop] Confusion on if nProbe is required

nly mainly be used off mirror ports on a single subnet with both > probe and ntopng on the same host. Rarely will we be looking at anything > more than a single switch and network when using ntopng. > > Thank you again > > CTSG > > > > > > Quoting Simone Maina

Re: [Ntop] LDAP Auth debugging

Hi Munroe, We are aware there is no error propagation that may help diagnosing LDAP issues. Please, file a github request and we'll try to accomodate it. Simone On Tue, Jul 19, 2016 at 9:52 PM, Munroe Sollog wrote: > I have configured my ntop instance (2.4.160719-1448) to connect to our > lda

Re: [Ntop] Confusion on if nProbe is required

Hi, please see below On Wed, Jul 20, 2016 at 7:05 AM, wrote: > Hi All, > > We would like to use ntopng installed on a windows laptop connected to a > mirror port on a network switch to monitor and report on network traffic to > determine issues across the network. > > Using ntopng connected to a

Re: [Ntop] I just want a ntopng Small Biz Pro licence

Please, check again and let us know. Simone On Wed, Jul 13, 2016 at 6:25 PM, Jari Fredriksson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Hello all. > > I'm a long time user of ntop, but been w/o for the last year. > > Now I wanted again to have it, and saw that ntop is now n

Re: [Ntop] ntopng and IP addresses leases

ute for sure. I have modified and added some features and I > would gladly share them if it can be useful. Github is a best place for > such things. > > 2016-07-13 10:28 GMT+02:00 Simone Mainardi : > >> Mathieu, >> >> You already asked a similar question some ti

Re: [Ntop] ntopng and IP addresses leases

Mathieu, You already asked a similar question some time ago in the same mailing list. The behaviors you described are consistent with the present implementation. If you would like to handle dynamic IP-MAC associations, then please feel free to post a feature request on github and we'll try and acc

Re: [Ntop] ntopng -> elasticsearch - dropped flows

. > > However, what seems puzzling, is that none of the metrics of the machine > indicate the machine is over-taxed. > > Thanks again! > > > >> -- >> >> Message: 2 >> Date: Tue, 5 Jul 2016 10:25:03

Re: [Ntop] Increasing Historical Reporting Length

New settings only affect newly created statistics. So for old statistics, that is, for hosts that you have already seen, the only way to increase the data retention period is to wipe the ntopng data folder (usually /var/tmp/ntopng). Please, keep in mind that this wipes out all the history. Simone

Re: [Ntop] HTTP 500 Error after login screen

Richard, we are unable to reproduce the issue. Can you confirm you are still experiencing it using the latest dev version? On Mon, Jun 27, 2016 at 9:10 PM, Richard Troiano wrote: > >I went to access my ntop installation today and got the following >error: > > >HTTP/1.1 500 Internal s

Re: [Ntop] ntopng -> elasticsearch - dropped flows

Hi, Could you please share ntopng configuration used? I think your setup doesn't allow ntopng to be quick enough. Remember that there is one thread per monitored interface and that thread has to 1. capture packets / receive flows 2. handle them 3. export to ES Simone On Wed, Jun 29, 2016 at 12:

Re: [Ntop] Ntop Digest, Vol 145, Issue 16

ail, send a message with subject or body 'help' to > ntop-requ...@listgateway.unipi.it > > You can reach the person managing the list at > ntop-ow...@listgateway.unipi.it > > When replying, please edit your Subject line so it is more specific > than "Re: Contents

Re: [Ntop] ntopng updated and is now Pro Small Business Edition????

Richard, packaged ntopng versions comes with 10 free minutes of the small business version. It's just to allow people to try it. You don't have to worry about that. After 10 minutes ntopng will switch to the free version. By the way, the free version is also known as community. And actually it woul

Re: [Ntop] Possible bug in the Hosts by Operating System view

This has already been fixed. Please upgrade ntopng to the latest dev version. On Tue, Jun 21, 2016 at 9:16 PM, Richard Troiano wrote: > HI, > > I noticed something that might be a bug in ntopng and wanted to check to > see if anyone else is experiencing the same issue. > > When I go to the Hosts

Re: [Ntop] What ntopng files needs to be persisted for statistics?

Hi, see below, On Tue, Jun 21, 2016 at 7:32 PM, Steinar Bang wrote: > >>>>> Simone Mainardi : > > > Hi Steinar, everything you find under /var/tmp/ntopng has to be persisted > > to ensure proper functionality. > > Ok, thanks for the information! > >

Re: [Ntop] What ntopng files needs to be persisted for statistics?

Hi Steinar, everything you find under /var/tmp/ntopng has to be persisted to ensure proper functionality. Simone On Tue, Jun 21, 2016 at 4:53 PM, Steinar Bang wrote: > Hi, > > I'm planning to put /var/tmp/ntopng into tmpfs. > > I'm wondering what files under /var/tmp/ntopng that needs to be > p

Re: [Ntop] Cisco ASR & sampling nprobe

Sébastien, Please have a look at nprobe option: [--collector-sample-rate] | Specify the bytes/pkts collection sample rate. Simone On Tue, Jun 21, 2016 at 12:23 PM, DAVID Sébastien wrote: > Hi , > > > > Currently I have a nprobe running but I did not get the right amount of > bandwith. > > >

Re: [Ntop] JSON Data Export from ntop

Hi Richard, JSON is just a standard way to output data. Many modern tools such as Solr, Kafka, ElasticSearch, MongoDB, etc. are designed to smoothly ingest JSON-formatted data. So if you plan to use one of the mentioned software -- or, more in general, tools you may find in a big data ecosystem --

Re: [Ntop] ntop/nprobe not processing flows from arista switch

Hi, According to the information shown, it may be that ntopng is not able to fetch monitored flows from the nProbe. I would try to bind the nProbe to any address (--zmq tcp://*:5557) and see if ntopng can see the traffic. Simone On Mon, Jun 13, 2016 at 1:03 PM, Enrico Kern wrote: > Hi, > > i

Re: [Ntop] How deploy ntopng in lan enviroment

Hello Massimiliano, There is no 'default' positioning scheme. It depends on the network topology and device features. However, you should try and place ntopng in a strategic location where it can sees most traffic. Here are some options: - If you have a way to 'collect' switches traffic to a centr

Re: [Ntop] Search historical data / central management

Hello Joseph, see below inserted replies On Wed, Jun 1, 2016 at 7:09 PM, Joseph Ost wrote: > Hi, > > > > I recently installed ntopng 2.3 on debian wheezy following this > > article, the install was su

Re: [Ntop] High cpu usage

Hi Simone, > > The high cpu is permanent, no matter of thé web interface usage > Ntop runs on a Tor router on centos 7 > > Patrick DERWAEL > Rue de la Fontaine, 3 > 4210 Burdinne > 0479/80.50.79 > Le 31 mai 2016 11:44, "Simone Mainardi" a écrit : > >> P

Re: [Ntop] High cpu usage

Patrick, Does the high cpu consumption occur when using the ntopng web UI? Or it does not matter? Which router are you using? On Mon, May 30, 2016 at 12:45 PM, Patrick DERWAEL wrote: > Hi all > > Just installed ntop on a router running on centos 7 in à small home lan > Ntop is taking permanentl

Re: [Ntop] Failed dependency ntopng and pfring

Pepe, the issue with the builds has been fixed. Please update and try again. Simone On Thursday, 19 May 2016, Pepe Charli wrote: > Hi, > > CentOS release 6.7 > > When I try to install the latest version of ntopng gives me this error: > > --> Finished Dependency Resolution > Error: Package: nto

<    1   2   3   4   >