That's really weird. How many threads does ntop have right now? By default there are (3) threads used for lookups. If you start with -t 5 (and -K?) you should be able to see the DNS/Resolver threads starting and their LWP ID's. Also, in the "About, Show configuration" page, you'll see stats about ntop and some specifics about resolution. NOTICE: For some reason this crashes my version of ntop, but it's a bit old with many source code tweaks so YMMV.
The bottom line is it should work and usually does work, especially if the local resolver is configured correctly and everything else works. ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Paul Smith Sent: Thursday, April 14, 2011 3:07 PM To: [email protected] Subject: Re: [Ntop] Custom Host Name Yes, dig and nslookup work just fine on that box for both local and remote hosts. I restarted ntop with the -o set about 10 minutes ago and nothing has resolved yet but we'll see what happens. I had been using 5 minute old snmp cacti graphs so even if this doesn't resolve the dns names I'm still streets ahead of what I used to deal with. Thanks, Paul On Thu, Apr 14, 2011 at 3:04 PM, Mark Gibbons <[email protected]<mailto:[email protected]>> wrote: My reverse dns is also broken - fails to resolve on fedora 6. nslookup on the local machine works fine but ntop does not. It used to work about 2 years ago but I have had this issue a long time now and have learnt to live with it. ________________________________ From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Gary Gatten Sent: 14 April 2011 20:27 To: '[email protected]<mailto:[email protected]>' Subject: Re: [Ntop] Custom Host Name It should do lookups unless you disable them with "-n", or unless your local resolver or DNS is broken. Can you manually resolve stuff on that box? Generally speaking -o is required. It depends on your environment, but if you have routers and stuff ntop will associate all your hosts with the MAC address of the router - because it looks at layer 2 instead of later 3. That COULD be related to your resolution stuff, not sure.... G ________________________________ From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Paul Smith Sent: Thursday, April 14, 2011 2:23 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Ntop] Custom Host Name I don't. Should I? I'm using ntop on an ubuntu-server 10.10 with two NICs and a port mirrored from the switch port that goes out to the firewall. I was hoping it would associate with the MAC to avoid situations where DHCP leases have ended and the IP addresses recycled. Is there a reason ntop doesn't just do an nslookup at least for local IP addresses? On Thu, Apr 14, 2011 at 2:11 PM, Gary Gatten <[email protected]<mailto:[email protected]>> wrote: Typically the IP address. Do you have "-o [--no-mac] in your startup args? From: Paul Smith [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, April 14, 2011 02:03 PM To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: [Ntop] Custom Host Name I've had ntop running just inside our firewall for a few days now but it doesn't seem to be resolving any dns names. If I go through and add a few Custom Host Names will those names be associated with the hosts' IP address or the MAC address? "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean. _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
