Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NTop: Users

Newbie questions

  

 
NTop users RSS feed   Index | Next | Previous | View Threaded


matt_h at mac

Jan 15, 2003, 10:24 PM

Post #1 of 13 (1566 views)
Permalink
Newbie questions
Hi All,

I have just gotten nTop compiled and installed on a MacOS X box. (It
was pretty easy too!)

In playing around with the web interface I have come to the conclusion
that nTop can do a heck of a lot more that I really need. (This is a
good thing). However, the downside is that I have very little idea of
what I am looking at. (This is a bad thing.)

Our setup

We have one router (Cisco 828 - 192.168.0.1) connecting us to the rest
of the world. What I need to be able to do is count how much data each
IP address (192.168.0.x) is pulling from the internet. The ideal
situation would be to have all our internal IPs listed and the how much
data (TCP, UDP, everything..) they have pulled in for a given month.

It this possible with nTop?

Cheers.

- Matt

--

0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0
Matt Healey matt_h [at] mac


Burton at ntopsupport

Jan 16, 2003, 8:16 AM

Post #2 of 13 (1515 views)
Permalink
Re: Newbie questions [In reply to]
Look into the rrd plugin.

You might have to extract the data (rrdtool dump) then work with it to do your reporting...


-----Burton

---------- Original Message ----------------------------------
From: Matthew Healey <matt_h [at] mac>
Reply-To: ntop [at] unipi
Date: Thu, 16 Jan 2003 13:24:20 +0800

>Hi All,
>
>I have just gotten nTop compiled and installed on a MacOS X box. (It
>was pretty easy too!)
>
>In playing around with the web interface I have come to the conclusion
>that nTop can do a heck of a lot more that I really need. (This is a
>good thing). However, the downside is that I have very little idea of
>what I am looking at. (This is a bad thing.)
>
>Our setup
>
>We have one router (Cisco 828 - 192.168.0.1) connecting us to the rest
>of the world. What I need to be able to do is count how much data each
>IP address (192.168.0.x) is pulling from the internet. The ideal
>situation would be to have all our internal IPs listed and the how much
>data (TCP, UDP, everything..) they have pulled in for a given month.
>
>It this possible with nTop?
>
>Cheers.
>
>- Matt
>
>--
>
>0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0
> Matt Healey matt_h [at] mac
>
>_______________________________________________
>Ntop mailing list
>Ntop [at] unipi
>http://listgateway.unipi.it/mailman/listinfo/ntop
>


____________________________________________________________
Free 20MB Web Site Hosting and Personalized E-mail Service!
Get It Now At Doteasy.com http://www.doteasy.com/et/


alex at bsbnet

May 22, 2006, 1:32 PM

Post #3 of 13 (1506 views)
Permalink
RE: Newbie questions [In reply to]
Rafael, se precisar de ajuda em português, estamos aí.
Alex, Brasília-DF


-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: segunda-feira, 22 de maio de 2006 17:28
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...


If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa



_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop


Burton at ntopSupport

May 22, 2006, 1:44 PM

Post #4 of 13 (1502 views)
Permalink
RE: Newbie questions [In reply to]
Read the FAQ - there are articles on host purge and various flags you can
use to protect data.

It's available in your instance via the About menu.

-----Burton

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions


Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...


If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa


chris.moore at gmd

May 22, 2006, 1:46 PM

Post #5 of 13 (1486 views)
Permalink
RE: Newbie questions [In reply to]
Rafael,



First, your English is fine. Pretty good for a guy out of practice, I'd
say.



Second, make sure you're running version 3.2+ just to "get off on the
right foot.



In your Ntop interface, under the "About" menu menu you'll find the man
pages, FAQ, where to get help (here) etc.



The answer to your question is the "sticky hosts" option, but that may
or may not help you. With this option off (default) Ntop behaves as
you've seen, purging hosts after a period of time of not seeing them.
This, as it turns out, is actually a good thing in most cases. If you
are looking at an Internet link, you'll end up with thousands and
thousands of hosts (if not millions when looking at a University's
Internet link!). This will eat a ton of memory and disk space and give
you giant lists to search through.



What I do when using Ntop for functionality like this is to go through
it periodically during busy periods, just casually scanning for "weird"
stuff. Not very efficient, but the alternative is a proxy server or some
sort of software that will work with your firewall to log this stuff
(we're playing with WebSense - a $$$$ commercial product.



Regards,



Chris



________________________________

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 2:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions



Hello there,

I just installed ntop in the laboratory at my university, I searched a
lot looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both.
hehe
I'd like to know if there is any documentation (a paper, a how-to,
anything) that could help me with the basics about how ntop works.
Everything seems very simple after ntop is running, it collects lots of
data and show many spreeadsheets and graphs. But I'd like to know how it
works, and I do have some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people
here at the lab is acessing (and then maybe block some of them). For
that I redirect the port of our gateway to the machine that's running
ntop. Then I saw the statistics at IP Summary -> Traffic, to see the
host (in this case, servers) that were acessed using http. Everything
was fine untill I realize that one of the hosts vanished, it seems that
ntop only show a list of a few last (maybe in the last hour, or
something) acessed hosts, is that correct?? If so, there are anyway that
I can have this information using ntop? Maybe a log...


If there are many english mistakes, I'm really sorry, I'm brazillian and
I don't pratice that much...

Thanks for the attention,
Rafael Barbosa



**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
Guardian Mtg Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************


chris.moore at gmd

May 22, 2006, 1:46 PM

Post #6 of 13 (1502 views)
Permalink
RE: Newbie questions [In reply to]
Rafael,



First, your English is fine. Pretty good for a guy out of practice, I'd
say.



Second, make sure you're running version 3.2+ just to "get off on the
right foot.



In your Ntop interface, under the "About" menu menu you'll find the man
pages, FAQ, where to get help (here) etc.



The answer to your question is the "sticky hosts" option, but that may
or may not help you. With this option off (default) Ntop behaves as
you've seen, purging hosts after a period of time of not seeing them.
This, as it turns out, is actually a good thing in most cases. If you
are looking at an Internet link, you'll end up with thousands and
thousands of hosts (if not millions when looking at a University's
Internet link!). This will eat a ton of memory and disk space and give
you giant lists to search through.



What I do when using Ntop for functionality like this is to go through
it periodically during busy periods, just casually scanning for "weird"
stuff. Not very efficient, but the alternative is a proxy server or some
sort of software that will work with your firewall to log this stuff
(we're playing with WebSense - a $$$$ commercial product.



Regards,



Chris



________________________________

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 2:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions



Hello there,

I just installed ntop in the laboratory at my university, I searched a
lot looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both.
hehe
I'd like to know if there is any documentation (a paper, a how-to,
anything) that could help me with the basics about how ntop works.
Everything seems very simple after ntop is running, it collects lots of
data and show many spreeadsheets and graphs. But I'd like to know how it
works, and I do have some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people
here at the lab is acessing (and then maybe block some of them). For
that I redirect the port of our gateway to the machine that's running
ntop. Then I saw the statistics at IP Summary -> Traffic, to see the
host (in this case, servers) that were acessed using http. Everything
was fine untill I realize that one of the hosts vanished, it seems that
ntop only show a list of a few last (maybe in the last hour, or
something) acessed hosts, is that correct?? If so, there are anyway that
I can have this information using ntop? Maybe a log...


If there are many english mistakes, I'm really sorry, I'm brazillian and
I don't pratice that much...

Thanks for the attention,
Rafael Barbosa



**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
Guardian Mtg Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************


NChoate at jwoperating

May 22, 2006, 2:01 PM

Post #7 of 13 (1490 views)
Permalink
RE: Newbie questions [In reply to]
If you don't want to use the sticky hosts option but want to retain info
a little longer and If you are up to the task, you can edit the
global_defines.h which sets a number of values at compile time.



In my case I changed some of the idle timeout settings that control the
purge behavior with some good results. Look for the
PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the
recorded sessions a little longer. I played with those and got them to
keep the last couple of days. As someone mentioned just before, the
sticky hosts can fill up your tables if you leave it running for long
periods. There are plenty in there to keep you busy tweaking.



Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating



-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions



Hello there,

I just installed ntop in the laboratory at my university, I searched a
lot looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both.
hehe
I'd like to know if there is any documentation (a paper, a how-to,
anything) that could help me with the basics about how ntop works.
Everything seems very simple after ntop is running, it collects lots of
data and show many spreeadsheets and graphs. But I'd like to know how it
works, and I do have some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people
here at the lab is acessing (and then maybe block some of them). For
that I redirect the port of our gateway to the machine that's running
ntop. Then I saw the statistics at IP Summary -> Traffic, to see the
host (in this case, servers) that were acessed using http. Everything
was fine untill I realize that one of the hosts vanished, it seems that
ntop only show a list of a few last (maybe in the last hour, or
something) acessed hosts, is that correct?? If so, there are anyway that
I can have this information using ntop? Maybe a log...


If there are many english mistakes, I'm really sorry, I'm brazillian and
I don't pratice that much...

Thanks for the attention,
Rafael Barbosa


Burton at ntopSupport

May 22, 2006, 2:08 PM

Post #8 of 13 (1489 views)
Permalink
RE: Newbie questions [In reply to]
You probably want to make sure you are using the CVS version - or pick up
the patch I added recently for Nathan - otherwise, ntop ignores the
--disable-instantsessionpurge option.

-----Burton

(Search the back traffic on ntop-dev for my ref 704 - that will give you the
file(s) to diff).

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
NChoate [at] jwoperating
Sent: Monday, May 22, 2006 4:02 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions



If you don't want to use the sticky hosts option but want to retain info a
little longer and If you are up to the task, you can edit the
global_defines.h which sets a number of values at compile time.



In my case I changed some of the idle timeout settings that control the
purge behavior with some good results. Look for the
PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the recorded
sessions a little longer. I played with those and got them to keep the last
couple of days. As someone mentioned just before, the sticky hosts can fill
up your tables if you leave it running for long periods. There are plenty
in there to keep you busy tweaking.



Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating



-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions



Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...


If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa


rrbarbosa at gmail

May 22, 2006, 2:08 PM

Post #9 of 13 (1501 views)
Permalink
Re: Newbie questions [In reply to]
I did't know about the FAQ, it's really big... I'll read it.

The problem monitoring the web-sites was just a example. But I'll read FAQ
before asking other questions.

E valeu pela força também Alex...

The answers was really fast, I'm impressed. Thanks.

Rafael Barbosa


On 5/22/06, Chris Moore <chris.moore [at] gmd> wrote:
>
> Rafael,
>
>
>
> First, your English is fine. Pretty good for a guy out of practice, I'd
> say.
>
>
>
> Second, make sure you're running version 3.2+ just to "get off on the
> right foot.
>
>
>
> In your Ntop interface, under the "About" menu menu you'll find the man
> pages, FAQ, where to get help (here) etc.
>
>
>
> The answer to your question is the "sticky hosts" option, but that may or
> may not help you. With this option off (default) Ntop behaves as you've
> seen, purging hosts after a period of time of not seeing them. This, as it
> turns out, is actually a good thing in most cases. If you are looking at an
> Internet link, you'll end up with thousands and thousands of hosts (if not
> millions when looking at a University's Internet link!). This will eat a ton
> of memory and disk space and give you giant lists to search through.
>
>
>
> What I do when using Ntop for functionality like this is to go through it
> periodically during busy periods, just casually scanning for "weird" stuff.
> Not very efficient, but the alternative is a proxy server or some sort of
> software that will work with your firewall to log this stuff (we're playing
> with WebSense – a $$$$ commercial product.
>
>
>
> Regards,
>
>
>
> Chris
>
>
> ------------------------------
>
> *From:* ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] *On Behalf Of
> *Rafael Barbosa
> *Sent:* Monday, May 22, 2006 2:28 PM
> *To:* ntop [at] listgateway
> *Subject:* [Ntop] Newbie questions
>
>
>
> Hello there,
>
> I just installed ntop in the laboratory at my university, I searched a lot
> looking for a manual or something like it that could help me at the
> beginnig. Everything I found was much superficial, outdated or both. hehe
> I'd like to know if there is any documentation (a paper, a how-to,
> anything) that could help me with the basics about how ntop works.
> Everything seems very simple after ntop is running, it collects lots of data
> and show many spreeadsheets and graphs. But I'd like to know how it works,
> and I do have some doubts.
>
> One thing I want to do, and I don' know if its possible, is to use the
> information that ntop gather to figure out which web-sites the people here
> at the lab is acessing (and then maybe block some of them). For that I
> redirect the port of our gateway to the machine that's running ntop. Then I
> saw the statistics at IP Summary -> Traffic, to see the host (in this case,
> servers) that were acessed using http. Everything was fine untill I realize
> that one of the hosts vanished, it seems that ntop only show a list of a few
> last (maybe in the last hour, or something) acessed hosts, is that correct??
> If so, there are anyway that I can have this information using ntop? Maybe a
> log...
>
>
> If there are many english mistakes, I'm really sorry, I'm brazillian and I
> don't pratice that much...
>
> Thanks for the attention,
> Rafael Barbosa
> **********************************************************************
> Confidential/Proprietary Note
>
> The information in this email is confidential and may be legally
> privileged. Access to this email by anyone other than the intended addressee
> is unauthorized. If you are not the intended recipient of this message, any
> review, disclosure, copying, distribution, retention, or any action taken or
> omitted to be taken in reliance on it is prohibited and may be unlawful. If
> you are not the intended recipient, please reply to or forward a copy of
> this message to the sender and delete the message, any attachments, and any
> copies thereof from your system. Thank you.
> Guardian Mtg Documents, Inc.
> 225 Union Boulevard, Suite 200
> Lakewood, CO 80228.
> **********************************************************************
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>


rrbarbosa at gmail

May 22, 2006, 2:08 PM

Post #10 of 13 (1489 views)
Permalink
Re: Newbie questions [In reply to]
I did't know about the FAQ, it's really big... I'll read it.

The problem monitoring the web-sites was just a example. But I'll read FAQ
before asking other questions.

E valeu pela força também Alex...

The answers was really fast, I'm impressed. Thanks.

Rafael Barbosa


On 5/22/06, Chris Moore <chris.moore [at] gmd> wrote:
>
> Rafael,
>
>
>
> First, your English is fine. Pretty good for a guy out of practice, I'd
> say.
>
>
>
> Second, make sure you're running version 3.2+ just to "get off on the
> right foot.
>
>
>
> In your Ntop interface, under the "About" menu menu you'll find the man
> pages, FAQ, where to get help (here) etc.
>
>
>
> The answer to your question is the "sticky hosts" option, but that may or
> may not help you. With this option off (default) Ntop behaves as you've
> seen, purging hosts after a period of time of not seeing them. This, as it
> turns out, is actually a good thing in most cases. If you are looking at an
> Internet link, you'll end up with thousands and thousands of hosts (if not
> millions when looking at a University's Internet link!). This will eat a ton
> of memory and disk space and give you giant lists to search through.
>
>
>
> What I do when using Ntop for functionality like this is to go through it
> periodically during busy periods, just casually scanning for "weird" stuff.
> Not very efficient, but the alternative is a proxy server or some sort of
> software that will work with your firewall to log this stuff (we're playing
> with WebSense – a $$$$ commercial product.
>
>
>
> Regards,
>
>
>
> Chris
>
>
> ------------------------------
>
> *From:* ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] *On Behalf Of
> *Rafael Barbosa
> *Sent:* Monday, May 22, 2006 2:28 PM
> *To:* ntop [at] listgateway
> *Subject:* [Ntop] Newbie questions
>
>
>
> Hello there,
>
> I just installed ntop in the laboratory at my university, I searched a lot
> looking for a manual or something like it that could help me at the
> beginnig. Everything I found was much superficial, outdated or both. hehe
> I'd like to know if there is any documentation (a paper, a how-to,
> anything) that could help me with the basics about how ntop works.
> Everything seems very simple after ntop is running, it collects lots of data
> and show many spreeadsheets and graphs. But I'd like to know how it works,
> and I do have some doubts.
>
> One thing I want to do, and I don' know if its possible, is to use the
> information that ntop gather to figure out which web-sites the people here
> at the lab is acessing (and then maybe block some of them). For that I
> redirect the port of our gateway to the machine that's running ntop. Then I
> saw the statistics at IP Summary -> Traffic, to see the host (in this case,
> servers) that were acessed using http. Everything was fine untill I realize
> that one of the hosts vanished, it seems that ntop only show a list of a few
> last (maybe in the last hour, or something) acessed hosts, is that correct??
> If so, there are anyway that I can have this information using ntop? Maybe a
> log...
>
>
> If there are many english mistakes, I'm really sorry, I'm brazillian and I
> don't pratice that much...
>
> Thanks for the attention,
> Rafael Barbosa
> **********************************************************************
> Confidential/Proprietary Note
>
> The information in this email is confidential and may be legally
> privileged. Access to this email by anyone other than the intended addressee
> is unauthorized. If you are not the intended recipient of this message, any
> review, disclosure, copying, distribution, retention, or any action taken or
> omitted to be taken in reliance on it is prohibited and may be unlawful. If
> you are not the intended recipient, please reply to or forward a copy of
> this message to the sender and delete the message, any attachments, and any
> copies thereof from your system. Thank you.
> Guardian Mtg Documents, Inc.
> 225 Union Boulevard, Suite 200
> Lakewood, CO 80228.
> **********************************************************************
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>


NChoate at jwoperating

May 22, 2006, 2:10 PM

Post #11 of 13 (1508 views)
Permalink
RE: Newbie questions [In reply to]
Didn't realize you added a patch for me! I had already got into
global_defines.h and reversed the setting :-)



Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating



-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Burton Strauss
Sent: Monday, May 22, 2006 4:09 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions



You probably want to make sure you are using the CVS version - or pick
up the patch I added recently for Nathan - otherwise, ntop ignores the
--disable-instantsessionpurge option.



-----Burton



(Search the back traffic on ntop-dev for my ref 704 - that will give you
the file(s) to diff).



_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
NChoate [at] jwoperating
Sent: Monday, May 22, 2006 4:02 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions

If you don't want to use the sticky hosts option but want to retain info
a little longer and If you are up to the task, you can edit the
global_defines.h which sets a number of values at compile time.



In my case I changed some of the idle timeout settings that control the
purge behavior with some good results. Look for the
PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the
recorded sessions a little longer. I played with those and got them to
keep the last couple of days. As someone mentioned just before, the
sticky hosts can fill up your tables if you leave it running for long
periods. There are plenty in there to keep you busy tweaking.



Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating



-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions



Hello there,

I just installed ntop in the laboratory at my university, I searched a
lot looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both.
hehe
I'd like to know if there is any documentation (a paper, a how-to,
anything) that could help me with the basics about how ntop works.
Everything seems very simple after ntop is running, it collects lots of
data and show many spreeadsheets and graphs. But I'd like to know how it
works, and I do have some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people
here at the lab is acessing (and then maybe block some of them). For
that I redirect the port of our gateway to the machine that's running
ntop. Then I saw the statistics at IP Summary -> Traffic, to see the
host (in this case, servers) that were acessed using http. Everything
was fine untill I realize that one of the hosts vanished, it seems that
ntop only show a list of a few last (maybe in the last hour, or
something) acessed hosts, is that correct?? If so, there are anyway that
I can have this information using ntop? Maybe a log...


If there are many english mistakes, I'm really sorry, I'm brazillian and
I don't pratice that much...

Thanks for the attention,
Rafael Barbosa


Burton at ntopSupport

May 22, 2006, 2:24 PM

Post #12 of 13 (1504 views)
Permalink
RE: Newbie questions [In reply to]
Well, they do different things...

Your change affects the time before ntop may choose to purge. This affects
both HOSTS and SESSIONS.

A host w/ no active sessions and no traffic is considered idle and can be
selected for purge. This purges the whole kit and kaboodle.

Individual sessions may also be purged on the same schedule.

But you had also found that the command line switch wasn't being honored.


ntop used to - by mistake - treat a closed session as instantly eligible for
purge. So you never saw data for recently ended sessions in that part of the
web server. But when I fixed the bug, I was concerned that this could -
under some situations - cause a huge increase in the number of sessions
being tracked and thus memory usage. So I defaulted to the old behavior and
added the switch to make ntop work correctly. I've just never gotten around
to flipping them the way they should be.

-----Burton



_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
NChoate [at] jwoperating
Sent: Monday, May 22, 2006 4:10 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions



Didn't realize you added a patch for me! I had already got into
global_defines.h and reversed the setting :-)



Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating



-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Burton Strauss
Sent: Monday, May 22, 2006 4:09 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions



You probably want to make sure you are using the CVS version - or pick up
the patch I added recently for Nathan - otherwise, ntop ignores the
--disable-instantsessionpurge option.



-----Burton



(Search the back traffic on ntop-dev for my ref 704 - that will give you the
file(s) to diff).



_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
NChoate [at] jwoperating
Sent: Monday, May 22, 2006 4:02 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions

If you don't want to use the sticky hosts option but want to retain info a
little longer and If you are up to the task, you can edit the
global_defines.h which sets a number of values at compile time.



In my case I changed some of the idle timeout settings that control the
purge behavior with some good results. Look for the
PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the recorded
sessions a little longer. I played with those and got them to keep the last
couple of days. As someone mentioned just before, the sticky hosts can fill
up your tables if you leave it running for long periods. There are plenty
in there to keep you busy tweaking.



Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating



-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions



Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...


If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa


shawn at clearwave

May 23, 2006, 8:40 AM

Post #13 of 13 (1518 views)
Permalink
RE: Newbie questions [In reply to]
If you would like an example of how to leverage ntop for traffic accounting,
check out my whitepaper in the user contrib area on sourceforge titled
NTOP_Usage_Tracking.pdf

http://sourceforge.net/project/showfiles.php?group_id=17233
<http://sourceforge.net/project/showfiles.php?group_id=17233&package_id=5580
2> &package_id=55802


_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 2:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions


Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...


If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa

NTop users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.