Ggatten at waddell
May 18, 2009, 2:18 PM
Post #3 of 5
(687 views)
Permalink
|
PS: you'll need the source to tweak that file - and will have to
recompile. Else, maybe break up your network definitions into smaller
subnets instead of the supernets, I think that will accomplish the same
thing but not 100% sure.
nTop and netflow are usually pretty accurate. Not 100% PERFECT, but
close enough. Are you certain netflow is conf'd correctly on the
routers to see ingress and egress traffic while not counting it twice?
-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Gary Gatten
Sent: Monday, May 18, 2009 4:13 PM
To: ntop [at] unipi
Subject: Re: [Ntop] local-subnets appears to be ignored
Try setting the --local-subnets to include your entire network range.
Also, if you have more than 1024 hosts on that network you'll need to
tweak globals-defines.h to allow for that. In addition,
globals-defines.h has a debug switch "ADDRESS_DEBUG" that's supposed to
log most everything related to addressing stuff.
Can you give an example of the numbers you're seeing that lead you to
believe it doesn't reflect reality?
G
-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Tony.Cetera [at] thomsonreuters
Sent: Monday, May 18, 2009 3:58 PM
To: ntop [at] unipi
Subject: [Ntop] local-subnets appears to be ignored
Hello,
I'm running ntop with a single netflow interface only on Fedora 9.
Versions are as follows:
ntop Version.....3.3.8 Fedora RPM
Configured on.....Oct 23 2008 5:21:37
Built on.....Oct 23 2008 05:21:43
OS.....i686-pc-linux-gnu [32 bit]
libpcap Version.....libpcap version 0.9.8
RRD Version.....1.3004
Started as........./usr/sbin/ntop @/etc/ntop.conf --daemon
Resolved to........./usr/sbin/ntop --user ntop --use-syslog=local3
--db-file-path /var/lib/ntop --trace-level 3 --http-server 3000
--https-server 3001 --disable-schedyield --skip-version-check=yes
--no-fc --w3c --local-subnets x.x.x.x/19 --interface none
--numeric-ip-addresses --no-mac --daemon
I have the netflow interface virtual address configured as the second
/19 in my network and --local-subnets set to the first /19 in my
network. I'm getting v5 flows from a pair of cisco routers and all the
data looks good. However, local and remote identification are
completely incorrect. The IP traffic summary shows all the flow data
but traffic directions are an incorrect subset of the summary.
Is this a known issue?
Tony
_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop
<font size="1">
<div style='border:none;border-bottom:double windowtext
2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop
|
