Mathieu, I think that for your purposes you should look and edit the Host functions:
- serialize : https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L862 - deserialize : https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L953 They handle how host data is written to and read from redis. Simone On Wed, Mar 23, 2016 at 10:29 AM, Mathieu Fourcroy < [email protected]> wrote: > Thank you for your answer Simone. > When I start ntopng it does not automatically load previous hosts if these > hosts are idle (do not send or receive packets). It does load some > statistics when the host starts begin active but the "first seen" value is > reseted. > Is there a way to load every local hosts even if they are not living on > the network anymore and load the "first_seen" value also. > > Thank you very much for your answers I really appreciate it. > Mathieu > > 2016-03-23 10:23 GMT+01:00 Simone Mainardi <[email protected]>: > >> Mathieu, redis host persistency is enabled by default for local and >> system hosts. They are dumped on exit and loaded back on startup. >> >> Simone >> >> On Wed, Mar 23, 2016 at 10:10 AM, Mathieu Fourcroy < >> [email protected]> wrote: >> >>> Hello, >>> Can you tell me if there is a way to save host information (via redis or >>> mysql) and load it automatically when starting ntopng ? >>> >>> Best reguards, >>> Mathieu >>> >>> 2016-03-22 9:59 GMT+01:00 Simone Mainardi <[email protected]>: >>> >>>> Mathieu, >>>> >>>> Please, feel free to contribute the additional page on github, we would >>>> like to consider integrating it in our code. >>>> >>>> To answer your question, the present data structure only allows to keep >>>> first and last seen overall. >>>> >>>> Simone >>>> >>>> On Mon, Mar 21, 2016 at 10:00 PM, Mathieu Fourcroy < >>>> [email protected]> wrote: >>>> >>>>> The first method works very well. I am trying to add a page to the >>>>> host_details.lua which would display an activity map or a timeline showing >>>>> the periods where the host was using an IP address. It would look >>>>> something >>>>> like: >>>>> >>>>> IP1 |xxxxxxxxxx xxxxxxxxx | >>>>> IP2 | xxxxxx | >>>>> IP3 | xx| >>>>> >>>>> It's easy to get the first seen and last seen time for a given host >>>>> (IP address) but do you know a way to get periods of time >>>>> Like if the (sticky) host is active from 5am to 10am, then idle until >>>>> 1pm and active again until now: do you know a way to get something like: >>>>> [{"start": 5am, "end": 10am}, {"start": 10am, "end": 1pm}, {"start": >>>>> 1pm, "end": null}] >>>>> >>>>> I don't know if it is possible with the actual host data structure but >>>>> please let me know if it is possible. >>>>> >>>>> Thanks in advance, >>>>> Mathieu >>>>> >>>>> >>>>> 2016-03-16 18:05 GMT+01:00 Simone Mainardi <[email protected]>: >>>>> >>>>>> Mathieu, there are at least two ways you can accomplish this: >>>>>> >>>>>> 1. make local hosts sticky and then navigate to >>>>>> page hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF is >>>>>> the >>>>>> MAC address of interest. Since local hosts will not be purged, you will >>>>>> find here the whole list of IP addresses seen with the given MAC >>>>>> 2. export flows to Elastic Search, there will be two fields named >>>>>> IN_SRC_MAC and OUT_DST_MAC that you can search against a MAC of interest >>>>>> to >>>>>> see the list of IP addresses that have used it. >>>>>> >>>>>> Simone >>>>>> >>>>>> On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I'm new to ntopng and I wonder if it is possible for a given local >>>>>>> host (MAC address) to obtain or display a list of its successive IP >>>>>>> addresses on the network. >>>>>>> If a network card is using a first IP address on the network then it >>>>>>> stops using this one and use a second, different, IP address on the >>>>>>> network. Will ntopng distinguish two hosts with same MAC and differen >>>>>>> IP or >>>>>>> will it just overwrite the first IP address for the single host ? >>>>>>> >>>>>>> Thanks in advance, >>>>>>> Mathieu >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
