Currently when I start NTOP I use the -m option to
specify the local subnet. Is this the reason why I
only see local hosts in host activity? When I look in
host activity I only see local host(s) vs. all hosts.
What I am trying to accomplish is to track host
activity over the past 12-24 hours. I change the
following in global-defines.h so that NTOP does not
purge the inactive hosts (which works fine);
from:
#define PARM_HOST_PURGE_INTERVAL 5*60
to:
#define PARM_HOST_PURGE_INTERVAL 1440*60
In order to track hosts I need all the hosts to be
listed under host activity ... this will give me the
times of host activity and then I can try to narrow my
search if Im looking for host activity during a
specific time. For instance I might see in MRTG lots
of activity on a circuit at 1:30am the night before
and would like to determine who what when where ... if
all the hosts are listed in host activity in NTOP
during 1:30am I can narrow the search alittle.
Alittle bit about my config;
----------------------------
ntop version.....2.2
Built on.....06/11/03 11:06:00 PM
OS.....i686-pc-linux-gnu
Process Id.....18594
Command line
Started as..../usr/local/bin/ntop -i eth0 -w
10.252.247.60:8999 -a /var/ntop8999/ntop.access.log -m
10.252.247.0/24 -p protocol.list -E -M -P
/var/ntop8999/data/ -u ntopuser
Resolved to..../usr/local/bin/ntop
-i
eth0
-w
10.252.247.60
-a
/var/ntop8999/ntop.access.log
-m
10.252.247.0/24
-p
protocol.list
-E
-M
-P
/var/ntop8999/data/
-u
ntopuser
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
