Hi, In an attempt to fix the issues I mentioned a few days ago, I am trying to validate the theory that nprobe and/or ntopng are doubling up flows due to certain traffic (not all traffic) passes through our equipment twice on different VLANs. When looking at the flows in ntopng, I see two flows for everything. They only difference is the VLAN; source IP, dest IP, packets, bytes, speed, etc are all identical as expected.
Some posts online suggest there are ways to ignore VLANs and I have tried the following. In /etc/nprobe/nprobe.conf: -p=0/1/1/1/0/0/0 In /etc/ntopng/ntopng.conf: --ignore-vlans= Perhaps the options don't function as I assumed they would. At any rate, the end result is that ntopng still shows duplicate flows and the list under Hosts -> VLANs continues to populate with data. Here are the entire nprobe and ntopng configuration files. I am not able to spot a typo such as a missing '=' that would might cause a line to be interpreted as the option to the line right above it. Maybe I've overlooked something. nprobe.conf -i=none -n=none -3=2055 --zmq=tcp://127.0.0.1:5556 -T="@NTOPNG@" -V=9 --idle-timeout=30 --lifetime-timeout=600 --disable-cache= --enable-ipv4-deduplication= --verbose=1 -p=0/1/1/1/0/0/0 --local-networks=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,208.118.68.0/24,208.118.95.34/32 --local-traffic-direction= ntopng.conf -G=/var/run/ntopng.pid -i=tcp://127.0.0.1:5556 --local-networks="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,208.118.68.0/24,208.118.95.34/32" --ignore-vlans= Thanks, Gerard Beekmans Sr. Network Engineer First Nations Technical Services Advisory Group Inc. Phone: 780-638-2739 Fax: 780-483-8632 Helpdesk: 1-888-999-3356 Email: [email protected]<mailto:[email protected]> Santa Fe Plaza 18232 - 102 Avenue NW Edmonton, AB T5S 1S7 http://www.tsag.net<http://www.tsag.net/>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
