never mind :)
I just noticed a message when switching NIC's ... It said when you have the NetFlow or sFlow plugins enabled, they force the -M l8r! --Blake --- Blake <[EMAIL PROTECTED]> wrote: > > Hello all! > > When you have 2 NIC's ... > > eth0 collecting data from a switch port > eth1 collecting NetFlow from a router > > Im thinking the -M option SHOULD be set so NTOP does > not merge together eth0 and eth1 (or NetFlow > device)? > > Would I be correct in saying this, or would the > nature > of NTOP already be not to merge data between a > regular > interface and a logical NetFlow interface? > > Thanks, > > Blake > > --- "Burton M. Strauss III" <[EMAIL PROTECTED]> > wrote: > > > > Assuming you only care about netFlow, you are > > correct. You only need to > > monitor (real) NICs that you want to collect data > > from. Whether you use > > that data only to display ntop's web pages or to > > forward to a netFlow > > receiver is irrelevant. Cigarillo... > > > > "why is the NetFlow-device interface created when > > you turn on the plugin?" > > > > Basically, there is a large, dynamic data > structure > > in ntop that holds all > > the information about a device, collected, > sniffed, > > etc. from the packets. > > ntop creates one if it's merging data or multiples > > if it's not merging data, > > one per "device". So, ntop creates another one of > > these structures to hold > > the information it receives via netFlow packets > when > > it's acting as a > > netFlow receiver. That way, all the reporting > logic > > just works... it > > doesn't know the difference. > > > > The structure has to be created before the first > > netFlow packet is received, > > i.e. when we KNOW -- based on the persistent > > settings for the plugin, or > > your setting the port # -- that we'll be dealing > > with inbound netFlow data. > > > > > > -----Burton > > > > > > > > -----Original Message----- > > From: Blake [mailto:[EMAIL PROTECTED]] > > Sent: Friday, September 27, 2002 2:08 PM > > To: Burton M. Strauss III; [EMAIL PROTECTED] > > Subject: RE: [Ntop] NetFlow Overview > > > > > > Thanks for the reply (even though you are on > > vacation) > > > > SO here is my current config, and it appears as > > though > > I am receiving NetFlow packets from the router. > So, > > I > > should not enable any of the following devices > > unless > > I am exporting NetFlow data from that device to a > > remote NetFlow collector ... cigar? > > > > In order to receive NetFlow from a router, I just > > need > > to enable the plugin and specify the UDP port. > > > > By the way, why is the NetFlow-device interface > > created when you turn on the plugin? Of course I > > saw > > NOTE: #4 A virtual NetFlow device is activated > only > > when incoming flow capture is enabled --- but I > dont > > understand its purpose. > > > > ############## > > CURRENT CONFIG > > ############## > > > > Interface Name NetFlow Enabled > > eth0 No > > eth1 No > > NetFlow-device No > > > > > > WARNING: as all the interfaces are disabled, no > > flows > > will be exported > > > > Flow Statistics > > # Pkts Rcvd.value 124 > > # Flows Rcvd.value 3,720 > > # Flow with Bad Version 0 > > Flow Senders 192.168.2.1 [124 pkts] > > > > > > > > > > --- "Burton M. Strauss III" > <[EMAIL PROTECTED]> > > wrote: > > > Pick one: > > > > > > Wrongo dragon breath... > > > Close grasshopper, but no cigar... > > > > > > > > > Separate the two activities of netFlow in your > > mind. > > > THEY DO NOT OVERLAP! > > > > > > When ntop is acting as a receiver of netFlow > data, > > > it receives the packets > > > on the specified port and stores the data in > it's > > > internal structures just > > > like data collected off another network card. > > Hence > > > you switch "NICs" to > > > report on the netFlow data. > > > > > > When ntop is acting as a collector of netFlow > > data, > > > it collects information > > > from it's network cards and sends that off to > some > > > netFlow receiver. You > > > can monitor the data ntop has received just like > > > normal, but you can't > > > monitor the data ntop has sent via netFlow to > > > another device, you have to > > > use that device to monitor it... > > > > > > You started ntop ... -i eth0 ... that's why you > > > only have the two devices, > > > eth0 and netFlow. Because that's all you've > told > > > ntop to monitor... how > > > about ... -i eth0,eth1 ... ??? > > > > > > If you are only using ntop to receive netFlow > > data, > > > you may have a problem. > > > IIRC, it won't run without monitoring at least > one > > > (real) NIC. I might be > > > wrong... I suppose you could always monitor > the > > > local loopback (-i lo). > > > Once it's up? As I've said before, the data > > > collected by netFlow somewhere > > > else and sent to ntop is presented via the > netFlow > > > pseudo-nic. > > > > > > You're right it won't have session and other > > > detailed data - that's not in > > > the flows (look at the header files, you'll see > > > what's being "recorded"). > > > > > > > > > -----Burton > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Blake > > > Sent: Friday, September 27, 2002 12:09 PM > > > To: [EMAIL PROTECTED] > > > Subject: [Ntop] NetFlow Overview > > > > > > > > > Hopefully someone can assist my ignorance in > > regards > > > to using NTOP as a NetFlow collector. If not > ... > === message truncated === __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
