Hi Jim, "-i none" should not disable netflow interfaces. I run this myself. I'm not on the latest version so MAYBE that changed, but I THINK it just disables libpcap which has nothing to do with netflow. Regardless, that data would be on different "reports" so wouldn't cause a problem unless you're worried about overhead and such. I guess you could apply a "bpf" filter to the "local" interface so ntop ignores that data... Still though, "-i none" should work...
As for netflow, that config is up to you. Each netflow interface / udp port is an "aggregation boundary" of sorts. You can select an interface and see all data from all routers exporting netflow to said interface. All those routers create "the network", so when you view reports/traffic stats - data from those devices are included in those stats. In my case I have (8) sales regions, so I have (8) netflow devices on ntop. Each region has ~ 20 routers; so (20) rtrs from regionA export to udp 2055, (20) from regionB to udp 2056, etc. I COULD have them all going to a single netflow interface, but then it would be difficult to compare stats region to region. I COULD have them all going to their own netflow interface, but that would take a LONG time to setup and would be difficult to view info from a region as whole. So, there's not really a right/wrong way - it just depends on your environment and what you're trying to accomplish. HTH? G -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jim Rice Sent: Friday, March 18, 2011 9:57 AM To: [email protected] Subject: [Ntop] Basic configuration for multiple netflow data Quick question about how to configure multiple devices (routers) sending netflow data to ntop server... Should each device use a different UDP port? (2055, 2056, 2057, ...)? How do I stop the ntop server local interface from listening as well? I only want to see netflow data from specific devices, not all of the local LAN traffic. I tried -i none, but that seemed to disable everything. Thanks again for your time. Jim _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
