I've been playing with ntop for a few weeks recently, after several trials before, and am starting to get a bit more serious about it, with varying degrees of success.
I have ntop monitoring our border traffic, tracking only local hosts (otherwise I quickly run out of memory/swap/horsepower), and getting a reasonable picture of local traffic profiles. Now I am trying to experiment with the netflow plugin, and have had very limited success. Our border router is a cisco 6500, IOS 12.1(26). I am most interested in tracking ASN traffic flow (yes, border is running BGP). At one point, netflow plugin was reporting peer-as with a boatload of IPv4 endpoints, which was more detail than I wanted. I changed this to report origin-as, and tried to aggregate by ASN, and now I'm getting nothing. Perhaps it would help for a 'dummies guide' to configuring netflow on the border's IOS and the comparable ntop/netflow plugin settings to get started. Currently I have: > mls flow ip interface-full > ip flow-export source Loopback0 > ip flow-export version 5 origin-as > ip flow-export destination my.ntop.box 2055 > mls flow ip interface-full > mls nde sender version 5 On the ntop side, netflow has IF address = Loopback0's subnet, and Aggregation AS. ntop Summary...Traffic for the netflow interface shows lots of traffic (gigs and gigs!), but no Hosts, ASNs, or flows. I'm sure I'm missing something obvious but it hasn't jumped up and bitten me yet... Jeff _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
