Re: [Ntop] Excluding hosts or a subnet from being monitored

Simones-MacBook-Pro:nprobe simone$ ./nprobe -f "not host 10.0.0.1" -i en0 -n none --zmq tcp://*:5556 -b 2 [...] 15/Jan/2017 17:38:59 [nprobe.c:6031] Packet capture filter set to "not host 10.0.0.1" [...] On Sun, Jan 15, 2017 at 5:07 PM, Gerhard Mourani wrote: > Simone, >

Re: [Ntop] Excluding hosts or a subnet from being monitored

Simone, > BPF is not supported for collector interfaces. If you want to use it then > specify it on the nProbe. Can you show me an example, because I'm not able to do it on nprobe with the -f option. Gerhard Mourani From: Simone Mainardi

Re: [Ntop] Excluding hosts or a subnet from being monitored

Gerhard, On Fri, Jan 13, 2017 at 9:25 PM, Gerhard Mourani wrote: > Simone, > > I found the problem: If you dont use the = sign on the filter parameter > line, it doesn't see it. > > Doesn't work -> --packet-filter "ip and not proto ipv6 and not ether host > ff:ff:ff:ff:ff:ff

Re: [Ntop-misc] fanout limits

Hi Moshe 2.5Mpps should not be a big deal even if you have many queues, just pay attention to dedicate one core to the fanout thread. As of idle queues (with no consumers) they should not add any significant overhead until you use them. Alfredo > On 15 Jan 2017, at 13:47, Moshe Danielli

Re: [Ntop] ntopng zmq format reference

Dear Marat, The quickest thing you can do to figure out the message format is jumping directly to the source code of ntopng. Specifically, look at class CollectorInterface for the ZMQ communication logic, and at class ParserInterface for the actual parsing of data sent through ZMQ. Presently,