Re: [Ntop] A couple more questions..
It does support ssl. Check the man for args. I think it's -W for ssl; -w is for http. I think it uses standard calls for name resolution; gethostbyname - gethostbyaddr. Check your resolv.conf. We have an internal server that does external lookups for us. Gary [EMAIL PROTECTED] 10/23/2006 2:36 PM Gary, Got it working.. I just added the main url to the protect like you said.. Ok, a couple more questions: 1) NTOP does not have built in SSL (https) support right? We would have to tunnel through apache, etc? 2) Is there a way to get better name resolution? I notice a lot of my IP's are not being resolved. This is perhaps normal. How have most of you set yours up? Do you point to particular external DNS server? Would installing a local DNS server work better? Thanks, this is working out very nicely. Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten Sent: Monday, October 23, 2006 3:33 PM To: ntop@unipi.it Subject: Re: [Ntop] Protect NTOP main page Haven't tried it, but maybe: AdminConfigureProtect URL's. If not, maybe tunnel through apache and use apache security. Gary [EMAIL PROTECTED] 10/23/2006 2:13 PM Probably in the manual, but wanted to ask anyway.. Believe I got the netflow working properly :-) !!.. Is there any way to force a login when connecting to the main NTOP web page? I do not want to allow everyone read access to the site. Thanks, Brian ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop === This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
Re: [Ntop] a couple of questions
On Sun, Feb 17, 2002 at 08:53:48AM -0600, Burton M. Strauss III wrote: I compiled with gdchart support, however it only displays chart when I'm using http connection. Through https connection, it displays an empty image instead. Is it a known issu BMSDon't know - I'm not running SSL - However, if you check my back posts, that (missing gdcharts) was a symptom I reported of severe memory starvation. Gdchart bombs and ntop just continues w/o the chart. I think you need to add memory. If you are so memory starved, why in the name of the great ghu are you running memory intensive things like SSL?/BMS OK, I am running Feb 19th version of ntop now on machine with 256 MB of RAM, and I'm seeing the same behavior. Another thing I can't understand is that even with using -S 2 flag, the data collection starts from zero when I restart ntop. It doesn't preserve the old data. Am I misunderstanding something? Thanks Igor ___ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
Re: [Ntop] a couple of questions
On Fri, Feb 15, 2002 at 06:33:11PM -0600, Burton M. Strauss III wrote: Yes it is - and if you read the message traffic, you would have seen the same report. But without the info, I would waste a lot of MY time on irrelevant issues. The key is the traffic mirroring. You need to use a more recent version and use the '--border-sniffer-mode' or '-j' option. This was added post 2.0 release to handle the special case of mirroring traffic on a switch (basically if you turn on mirroring, the traffic is the same at the TCP/IP level, but not at the Ethernet level - so the parameter stops ntop from using the mac addresses). There is also a traffic classification patch in the later releases, but that's for UDP. It won't help TCP. ntop does not do connection tracking like iproute2/netfilter does... It shouldn't be non-ip, but it may not be tagged as the ftp protocol. However, there are also a lot of post-2.0 changes in that area, and let's see what happens when you use the more recent code. Thanks a lot for the useful tips. Now, I compiled the CVS version, and IP traffic reporting is correct now, without -j flag. If I do use -j, the data is not being collected at all. I noticed a couple of other things. When I start ntop, it spawn 10 children right away, and then an additional child for every web connection. On a machine with 32MB of RAM, it renders a disaster. How can I prevent 10 children? The only thing I can think of is using --disable-mt during configure. I believe when I was running 2.0-stable, I had only 1 ntop process running. Also, when I sort by data in Data Sent, it doesn't get sorted properly. On contrary, in Data Rcvd everything is fine. I compiled with gdchart support, however it only displays chart when I'm using http connection. Through https connection, it displays an empty image instead. Is it a known issue? Does URL for mapper.pl script need to be absolute, or relative to html directory? Thanks Igor ___ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
RE: [Ntop] a couple of questions
Replied in-line -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Igor Schein Sent: Saturday, February 16, 2002 9:14 AM To: [EMAIL PROTECTED] Subject: Re: [Ntop] a couple of questions snip / Thanks a lot for the useful tips. Now, I compiled the CVS version, and IP traffic reporting is correct now, without -j flag. If I do use -j, the data is not being collected at all. BMSI *think* border-sniffer-mode is still a work in progress and may be dependent upon the type of mirroring being done by a specific switch. Glad the basic update to current version solved the issue/BMS I noticed a couple of other things. When I start ntop, it spawn 10 children right away, and then an additional child for every web connection. On a machine with 32MB of RAM, it renders a disaster. How can I prevent 10 children? The only thing I can think of is using --disable-mt during configure. I believe when I was running 2.0-stable, I had only 1 ntop process running. BMSntop is really designed as a multi-threaded process. I think it might run single threaded, but performance will be a pig and you will probably lose packets, while it's doing things like name resolution. There shouldn't be any additional problem because of the multi-threaded design - it's not the # of processes sleeping that hurts you, it is not having enough memory, so that ntop is using swap space which is killing you. 32 MB is pretty tight - I find that ntop uses 4% of 128MB for a trival network. With 32MB, that's going to be a performance problem. Get more RAM is the best answer. USA prices on 128MB of RAM are around $40-50 at BestBuy and on the web (check Crucial - http://www.crucial.com/store/PartSpecs.asp?imodule=CT16M64S4D75 - for $37 premium memory, including free FedEx 2nd Day./BMS Also, when I sort by data in Data Sent, it doesn't get sorted properly. On contrary, in Data Rcvd everything is fine. BMSThat's a known issue - I think Luca is working on it, as it's gotten much better in the last couple of days/BMS I compiled with gdchart support, however it only displays chart when I'm using http connection. Through https connection, it displays an empty image instead. Is it a known issu BMSDon't know - I'm not running SSL - However, if you check my back posts, that (missing gdcharts) was a symptom I reported of severe memory starvation. Gdchart bombs and ntop just continues w/o the chart. I think you need to add memory. If you are so memory starved, why in the name of the great ghu are you running memory intensive things like SSL?/BMS Does URL for mapper.pl script need to be absolute, or relative to html directory? BMS(An educated guess) It should be relative to ntop's web server, which are html/... and cgi/... /BMS Thanks Igor ___ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
RE: [Ntop] a couple of questions
Yes it is - and if you read the message traffic, you would have seen the same report. But without the info, I would waste a lot of MY time on irrelevant issues. The key is the traffic mirroring. You need to use a more recent version and use the '--border-sniffer-mode' or '-j' option. This was added post 2.0 release to handle the special case of mirroring traffic on a switch (basically if you turn on mirroring, the traffic is the same at the TCP/IP level, but not at the Ethernet level - so the parameter stops ntop from using the mac addresses). There is also a traffic classification patch in the later releases, but that's for UDP. It won't help TCP. ntop does not do connection tracking like iproute2/netfilter does... It shouldn't be non-ip, but it may not be tagged as the ftp protocol. However, there are also a lot of post-2.0 changes in that area, and let's see what happens when you use the more recent code. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Igor Schein Sent: Friday, February 15, 2002 4:23 PM To: [EMAIL PROTECTED] Subject: Re: [Ntop] a couple of questions On Fri, Feb 15, 2002 at 04:21:24PM -0500, Igor Schein wrote: Hi, I'm using ntop-2.0 stable. It's listening on a firewall machine with 2 interfaces. First of all, I don't see all the hosts when I go to Data Rcvd - All protocols, even though I know they're there, because when I sort on host column alphabeticaly, it shows me hosts from a to n, and when I sort in reverse alphabetical, it shows me hosts from c to z. So there must be a limitation on the number of lines in the table for the web interface. How can I see all hosts at once? Second question is, when I do an active ftp from inside the firewall to the outside world, the traffic generated by file tranfers is considered as non-IP traffic. When I do a passive ftp, everything is accounted for correctly. Has anyone experienced that? Followup. The reason I was brief above is that I didn't want to give a lot of irrelevant info to scare people away, I thought the problem should be generic enough. I am running ntop-2.0 stable with no patches, which I compiled myself, on a single-CPU Linux machine with kernel 2.4.7, glibc-2.2.4, 32MB of RAM and 2 PCI NIC's, Intel Eepro 100 and 3Com 3c59x. I did default installation and am running ntop with no arguments. The traffic I am monitoring is being mirrored to one of the interfaces through Extreme Network switch from a firewall machine running Astaro Linux. That machine filters all traffic to a gateway Linux box, which is connected by a T1 line to the outside world. So the end result is I'm monitoring both internal and external interfaces of the firewall machine ( I'm not using -M flag ). I don't get any errors. I am hoping the above information is sufficient. Thanks Igor ___ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop