Hi, Let me first describe what I am working on (you'd probably ask anyhow :-) : I need to monitor communication to certain server for 40 days. I run ntop with filter src host <server> or dst host <server> so I only see traffic from or to that server. After that I need to evaluate the total traffic, daily averages, hourly averages, top talkers and for them the daily and hourly averages etc. This is to provide impact study if we move that server over to another site connected via WAN link.
I am trying to use sort of the www/Perl/dumpFlat.pl script to generate flat file with traffic info for each hour, it works, but when I compare it with the "Info about host" (via WEB), I get different data. I have two sets of questions, one related to the data I get via WEB and one to the flatfile output. I did read the docmentation (except I could not succeed downloading the ftp://ftp.unipi.it/pub/local/ntop/snapshots/NTOP.pdf.gz) but I did not figure out the answers. Could you please be so kind and shed some light on them for me? related to the WEB interface: Considering my filter (src host <server> or dst host <server>)!!! 1) Data Sent/All Protocols.....I have ntop running let's say for 10 days, is the Data the that cummulative valuem sent in 10 days? Or is it last day? What is the list of hosts? Is it Top 20 (or Top something) by the Data volume in the 10 days or what? 2) Troughput: What is Average? Is it average for the 10 days? Ans what is it actual? Is it last minute? 3) Info about host - Host traffic stats: There is traffic per hour. If I run it more than 24 hours, what happends? Is the data overwritteln or added (so After 10 days, is the 11AM - Noon row gonna contain data for last day or summary of all days between 11AM - Noon? 4) IP Traffic/Matrix - I see correctly that only data is sent from the <server> to the other hosts or from other hosts to the <server> (due to the filter). But the amounts of data do not correspond at all to the numbers in the Data Sent/Rcvd...I understand that it only shows the local traffic but when my <server> (which is local) talks to another local server, the numbers should match, right? 5) Data Sent/All Protocols: Is that all the packets with the <server> in dst field (sent to the server?). Or is it sent from? 6) Data Rcvd/All Protocols...dtto Related to the flatfile: A) If I do get("http://".$ntopHost.":".$ntopPort."/dumpData.html?language=perl";); every minute (or hour) and I look at bytesSent and bytesReceived. Does it show bytes sent since when? Since last get? (What if somebody else does get in the mean-time?). I guess I must be wrong! What data is it showing? B) It does not show BytesSentLocally/BytesReceivedLocally although I did set the -m parametyer in the ntop. Do you know why? C) What is the average throughput? Is it average from the beginning (10 days) or last day or from the last get? D) Does ity make any difference if I get the data every hour or every minute (other than increasing the granuality?). E) I was thinking to rather use the dumpTrafficData.html, get it once a day and use ipBytes and last24HoursThpt array. But... Ei) Can I use dumpTrafficData.html?language=perl&hostNumIpAddress=<top talker>? Eii) How would I get the top talkers? I guess from the dumpData.html. But then I am back to zero. Thanks a lot for your help Regards Vaclav ------------------------------------------------------------------------------ Notice: This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (Whitehouse Station, New Jersey, USA) that may be confidential, proprietary copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please immediately return this by e-mail and then delete it. ============================================================================== _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
