4000 pc???!?! Ntop doesn't do coffe neither pizza, if you have such a large network you should use at least 2 gb of ram if you want to see everything and the 2.1.90 running.
Even in this case you could have troubles, so you should take a look to the ntop options and make ntop running with some of these (-o and -C could help you) Ciao Pietro -----Messaggio originale----- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per conto di Burton M. Strauss III Inviato: mercoled� 26 marzo 2003 16.02 A: [EMAIL PROTECTED] Cc: Graham Toal Oggetto: RE: [Ntop] ntop quits silently? Your message to ntop or ntop-dev has been seen. However, you have: * neglected to provide important information * appear not to have taken advantage of existing information or * haven't taken other steps we ask you to do when posting to the mailing list Hence this semi-automated response. Posting guidelines are in the "HOWTO ask for help" item at http://snapshot.ntop.org and in the docs/FAQ file. 1. ONE and only ONE problem / issue / question per message. With a meaningful subject. The goal is that if you're asking a common question, the subject would have allowed you to find it in the back traffic for the mailing list. 2. Search the back traffic on these lists. There is a searchable archive at http://search.gmane.org 3. Read the docs/FAQ file in the source. You should get a recent version, not one from some old source .tgz. As a last resort, a HTMLed version is posted in the documentation section of http://www.ntopsupport.com. 4. Check snapshot, http://snapshot.ntop.org - this is a community FAQ collection. Entries from snapshot are migrated into docs/FAQ fairly routinely, but the newest stuff (and some oldies but goodies) are at snapshot. 5. We support only the current versions of ntop. This is either: * the cvs (and tell us the last time you did a checkout) * the latest development version posted at SourceForge or * the last release, v2.1.3. If you use a port/package and the latest version available for your OS is some release candidate from a year ago, sorry. Contact the packager and ask them to get current. 6. Post the information about your environment we ask for. In versions after 2.1.57 we STRONGLY suggest you use the "Problem Report" form that ntop will generate for you since it contains much of the necessary information. 7. Make sure you're in a supported environment (./configure --showoses). If it's an unsupported environment, we're interested in your efforts to make ntop work, but we don't have the time, resources, knowledge and/or insterest to do it ourselves. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Graham Toal Sent: Monday, March 24, 2003 5:27 PM To: '[EMAIL PROTECTED]' Cc: Graham Toal Subject: [Ntop] ntop quits silently? I'd tried ntop a month or two back and thought it was promising, but it would only run for a short time and then quit. I would run it with stdout and stderr redirected to a file to see why it was quitting but there was no info written out. I installed your latest version yesterday and a couple of the features you've added make it even more attractive, to the point that this time I intend to persevere with it until I get it working reliably. However it is still exiting after an hour or two. I'm running on a system with plenty free disk and a gigabyte of Ram. There's nothing else running except snort but they seem to coexist reasonably well using lib pcap as they're supposed to. Is this a known problem and is there a work around, or a fix due? The biggest problem with the program is that once it has exited, all the information it has built up is lost; if you don't catch a network abuse problem live, the program generally has quit by the time it is brought to your attention. By the way the new feature of looking in packets and recording email addresses will be tremendously useful to us here at University of Texas Pan American where we have something like 4000 PCs, most of which we don't know who they belong to. When we have a network problem (such as a report of Code Red from a campus IP address) it takes us an age to track down the owner of the machine by following the wires from the switch they're attached to. Knowing the email address will save us a huge amount of time. However the format of the table (stats/local info) makes it very hard to use. Too many columns. What would be better would be ip address / email info / machine type in text rather than many columns only one of which has an X in it. [Getting the email address from Outlook/Exchange packets would be neat too. They don't use smtp/imap/pop unfortunately] Also if there's a way for a program to extract the same info rather than going through the web interface, that would be useful too. (This may exist and I have just not found that part of the documentation yet?) If there's a mailing list for this program that I can subscribe to, would you let me know how please? Thanks for a fine piece of code. I look forward to helping work on useful extensions. I was able to manually detect mass mailing using the info that the program provides; I hope to modify it (you have a plugin system, right?) to do that automatically. Graham Toal _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
