Yes, there is a sample. Don't remember where it ends up when you compile from source....here it is to make it easy on you, though. Called ntop.conf.sample. I dug it out of packages/RedHat in the CVS checkout directory.
-------------- Begin -------------------- ######################################################################## ######## ## # ## This file, ntop.conf.sample is a sample of an ntop configuration file. # ## # ## You should copy this file to it's normal location, /etc/ntop.conf # ## and edit it to fit your needs. # ## # ## ntop is easily launched with options by referencing this file from # ## a command line like this: # ## # ## ntop @/etc/ntop.conf # ## # ## Remember, options may also be listed directly on the command line, both # ## before and after the @/etc/ntop.conf. # ## # ## For switches that provide values, e.g. -i, the last one matters. # ## For switches just say 'do things', e..g -M, if it's ANYWHERE in the # ## commands, it will be set. There's no unset option. # ## # ## You can use this to your advantage, for example: # ## ntop @/etc/ntop.conf -i none # ## Overrides the -i in the file. # ## # ## Nested @'s - that is @/etc/ntop.common inside /etc/ntop.conf are not # ## permitted. # ## # ## Note that this is not an exhaustive list of ntop's commands - refer # ## to the man page and other documentation for that. This is just the # ## most commonly used command and various examples of them # ## # ## # ## Lines beginning ## are pure comments. # ## # ## Lines beginning with a dash in this sample file are 'live' and will # ## be used if you just copy this file to /etc/ntop.conf. # ## # ## Lines you might wish to uncomment and use as is begin with #- or #-- # ## # ## Parameter lines beginning with #? are models that you will need to # ## review and or customize to your environment before using them. # ## # ######################################################################## ######## ## # ## Initial version by Burton M. Strauss III ([EMAIL PROTECTED]) # ## # ## Updates and documentation courtesy of # ## Joseph Ezerski ([EMAIL PROTECTED]) (04-2003) # ## Tim Malnati ([EMAIL PROTECTED]) (09-2003) # ## # ######################################################################## ######## ############################## RUNNING ENVIRONMENT ############################# ## -u | --user -- tells ntop the user id to run as. ## NOTE: This should not be root unless you really understand ## the security risks. --user ntop ##---------------------------------------------------------------------- -------# ## -d | --daemon -- sets ntop to run as a daemon (in the background, not ## connected to a specific terminal). ## NOTE: For more than casual use, you probably want this. --daemon ##---------------------------------------------------------------------- -------# ## -P | --db-file-path -- sets the directory that ntop runs from. ## NOTE: Use an absolute path (not a relative one like ../ntop) because ## the working directory (pwd) will be different when ntop is run ## from the command line, from cron and from initialization. --db-file-path /usr/share/ntop #? -P /var/ntop ##---------------------------------------------------------------------- -------# ## -D | --domain -- Sets the domain. ntop should be able to determine ## this automatically, but occasionally has problems. If so, this makes the ## output cleaner. #? --domain mydomain.com ################################ WHAT TO MONITOR ############################### ## -i | --interface tells ntop which network interfaces (NICs) to monitor. ## DEFAULT: The 1st ethernet device, e.g. eth0, i.e. this line: --interface eth0 ## To monitor both eth0 and eth2 but not eth1: #? --interface eth0,eth2 ## To monitor NO ethernet interfaces (for example a system collecting data ## only from netFlow probes): #? --interface none ##---------------------------------------------------------------------- -------# ## -M | --no-interface-merge -- tells ntop not to merge data from all of the ## network interfaces it is monitoring. See the man page and docs/FAQ for ## discussions of -M. #? --no-interface-merge ##---------------------------------------------------------------------- -------# ## -m | --local-subnets -- Tells ntop of additional networks that should ## be considered local. This is for the local/remote breakdowns ## and because additional data is kept and display for local hosts. ## The addresses of the network interface(s) (NICs) are always local ## and don't need to be specified. If you use unnumbered interfaces ## you MUST give ntop this information. ## NOTE: You can mix CIDR and network/netmask notation. ## SEE ALSO: --track-local-hosts ## EXAMPLES: ## Traffic I see (broadcasts only, of course) on my cable modem includes ## other subnets than my own 12.239.98.0/24. I see 12.239.99.0/24 and ## 12.239.100.0/24 - to tell this to ntop: #? -m 12.239.99.0/24,12.239.100.0/24 ## I actually run this way, telling ntop about the whole range of ## addresses used as well as the private network used internally by the ## cable modems themselves. #? -m 192.168.42.0/24,12.239.96.0/22,12.239.100.0/24,10.113.0.0/16 ## All of these are equivalent to the one above: ## -m 192.168.42.0/255.255.255.0,12.239.96.0/22,12.239.100.0/24,10.113.0.0/16 ## -m 192.168.42.0/255.255.255.0,12.239.96.0/255.255.252.0,12.239.100.0/255.25 5.255.0,10.113.0.0/255.255.0.0 ##---------------------------------------------------------------------- -------# ## -p | --protocols -- ntop comes with an extensive list of common tcp/ip ## protocols to monitor already built in. (See docs/FAQ for the current list). ## If you want to increase, decrease or change this list, this is the parameter. ## It can be either a file or a list. To point ntop to a file specify it's name: #? -p /usr/share/ntop/protocol.list ## Or to give an explicit list: #? --protocols="HTTP=http|www|https|3128,FTP=ftp|ftp-data" ##---------------------------------------------------------------------- -------# ## -c | --sticky-hosts -- tells ntop NOT to purge idle hosts from memory. ## DO NOT USE THIS unless you are on a small, very static network, or you ## have LOTS of memory. ## It is strongly recommended that you use a filtering expression to limit ## the hosts which are stored if you use --sticky-hosts. #? --sticky-hosts ##---------------------------------------------------------------------- -------# ## --disable-instantsessionpurge -- by default, ntop internally changes the ## status of completed sessions so that they get purged immediately. This ## doesn't present a true picture of the network, but does conserve memory. ## Enable this switch to see those finished sessions before their purge ## interval (5 minutes) expires, IF YOU HAVE ENOUGH MEMORY. #? --disable-instantsessionpurge ################################## LOG MESSAGES ################################ ## -t | --trace-level -- controls the amount and severity of messages that ## ntop will put out. Choices are: #--trace-level 0 # FATALERROR only #--trace-level 1 # ERROR and above only #--trace-level 2 # WARNING and above only #--trace-level 3 # INFO, WARNING and ERRORs - the default #--trace-level 4 # NOISY - everything #--trace-level 6 # NOISY + MSGID #--trace-level 7 # NOISY + MSGID + file/line --trace-level 3 # Which is the default ##---------------------------------------------------------------------- -------# ## ## -L | --use-syslog | --use-syslog=xxxx -- By default, ntop writes it's ## messages to stdout (the terminal). ## WARNING: If you are running ntop as a daemon (--daemon parameter), the ## stdout (terminal) does not exist and so messages will be dropped. ## You probably don't want to do this. Instead, use this -L | --use-syslog ## parameter to save them into the system log (/var/log/messages). ## ## Thus a typical startup for ntop running as a daemon is: #--daemon --use-syslog ## You can also direct the messages to another file. You'll want to ## look at man syslog.conf to setup the configuration file. For example ## to use 'local3' to keep ntop messages separate, I have this in my ## /etc/syslog.conf: ## # Save ntop ## local3.* /var/log/ntop.log ## Then I run ntop with this: #? --use-syslog=local3 ## NOTE: The = is REQUIRED and no spaces are permitted. ################################## WEB SERVER ################################## ## ntop offers both an http:// and https:// web server. These parameters ## tell ntop which ports (and interfaces) to offer this web server on. ## -w | --http-server -- is the http:// web server. ## NOTE: --http-server 3000 is the default --http-server 3000 ## -W | --https-server -- is the https:// web server. #--https-server 3001 ## The default is -w 3000 -W 0 (disabled). You can also... ## https:// only: #? -w 0 -W 3001 ## http:// and https:// #? --http-server 3000 --https-server 3001 ## Neither - say ntop is running only as a netFlow probe: #? -w 0 -W 0 ## You can also limit ntop to listening on a specific interface. For example: #? -w 127.0.0.1:3000 # Listens only on the loopback interface at port 3000 ########################### PERFORMANCE AND PROBLEMS ########################### ## -B | filter-expression -- gives ntop a bpf (Berkeley Packet Filter) expression ## to use. (the easiest place to find bpf documented is on the tcpdump man page). ## NOTE: The filter expression MUST be in quotes. ## To restrict ntop to only a few machines on a large network, say 192.168.1.88 ## through 91: #? -B "net 192.168.1.88/30" ## That is equivalent to specifying the specific hosts: #? -B "host (192.168.1.88 or 192.168.1.89 or 192.168.1.90 or 192.168.1.91)" ## You can limit traffic to that from (src) or to (dst) a specific host: #? -B "src host www.mycompany.com" #? -B "dst host www.mycompany.com" ## You can limit it to a specific protocol, including src/dst: #? -B "port ssh" #? -B "src port ssh" #? -B "dst port ssh" ##---------------------------------------------------------------------- -------# ## -o | --no-mac -- Configures ntop not to trust MAC addrs. ## This is used if you observe ntop being confused by 'changing' addresses - ## i.e. ntop belives that the corporate web server is actually Joe's desktop ## computer. #--no-mac ##---------------------------------------------------------------------- -------# ## -g | --track-local-hosts -- Tells ntop to track only local hosts. These ## are hosts defined as local according to the network interfaces or specified ## by the --local-subnets option. ## Use this if you are seeing too many hosts and all you care about is the ## local (LAN) traffic. #--track-local-hosts ##---------------------------------------------------------------------- -------# ## -z | --disable-sessions -- Tells ntop not to track tcp session information. ## Speeds up processing, requires less memory, but conveys less information. #--disable-sessions ##---------------------------------------------------------------------- -------# ## --disable-schedyield -- Under certain circumstances, the sched_yield() ## function causes the ntop web server to lock up. It shouldn't happen, but ## it does. This option causes ntop to skip those calls, at a tiny performance ## penalty. --disable-schedyield --------------- End --------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dukes Clayton Sent: Monday, April 03, 2006 12:52 PM To: [email protected] Subject: RE: [Ntop] Save to a config file? Is there no default conf file included as an example? If not, what is the format of that file? When I save my setting via the web interface, they don't seem to save...do I just start ntop with no command line options to use the prefs.db? P.S. Thanks for the help :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Friday, March 31, 2006 12:06 PM To: [email protected] Subject: RE: [Ntop] Save to a config file? 6 is 'verynoisy' or 'beyondnoisy' - I forget which name I settled on. If you are using the standard RedHat style scripts, they incorporate ntop.conf via the @filename mechanism. Other scripts do things other ways. Saved preferences are in prefs.db, but the interaction between them and the configuration file won't always do what you want/expect. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten Sent: Friday, March 31, 2006 10:34 AM To: [EMAIL PROTECTED]; [email protected] Subject: RE: [Ntop] Save to a config file? -t 6 is a lot of trace for normal ops. Docs say 0 - 5, so I'm not sure what 6 even does? look for ntop.conf in one of the /etc dirs. I made my own conf and start ntop with: ntop @./ntop.conf Not sure if this is "right", but it works. Gary >>> [EMAIL PROTECTED] 3/31/2006 10:21:51 AM >>> Also, why am I getting this in the log when I start with: /usr/local/bin/ntop -u ntop -P /usr/local/share/ntop/db -w 3000 -o -b -n -z -4 -iNetFlow-device.2 -t 6 Fri Mar 31 10:17:32 2006 [MSGID8439789] [t49156 hash:714] IDLE_PURGE: Device NetFlow-device.2: no hosts [out of 1] deleted Fri Mar 31 10:18:56 2006 [MSGID9233555] [t114696 vendor:355] MAC prefix '00:14:5E' not found in vendor database Also, I just got this: Fri Mar 31 10:21:02 2006 [MSGID8962748] [t65541 http:1038] **WARNING** ECONNRESET during sending of page to web client Fri Mar 31 10:21:02 2006 [MSGID8895214] [t65541 http:1050] Failed text was 16383 bytes, '/* JSCookMenu v1.31. (c) Copyright 2002-2005 by Heng Yuan Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dukes Clayton Sent: Friday, March 31, 2006 10:03 AM To: [email protected] Subject: [Ntop] Save to a config file? I have a terribly dumb question and can't seem to find the answer... I'm trying to use NTOP to read AS infor from a single router. My startup options are: /usr/local/bin/ntop -u ntop -P /usr/local/share/ntop/db -w 3000 -o -b -n -z How do I save these options to a config file? When I go into the web interface, I set the options again and click save, but where is it saving to? If I restart the server with just /usr/local/bin/ntop there's no configuration. I would imagine that I need to specify a config file...but where is it? -Clayton _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop ********************************************************************** Confidential/Proprietary Note The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you. Guardian Mtg Documents, Inc. 225 Union Boulevard, Suite 200 Lakewood, CO 80228. ********************************************************************** _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
