If you don’t want to use the sticky hosts
option but want to retain info a little longer and If you are up to the task,
you can edit the global_defines.h which sets a number of values at compile
time.
In my case I changed some of the idle
timeout settings that control the purge behavior with some good results. Look
for the PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the recorded
sessions a little longer. I played with those and got them to keep the
last couple of days. As someone mentioned just before, the sticky hosts can
fill up your tables if you leave it running for long periods. There are
plenty in there to keep you busy tweaking.
Nathan Choate
Sr. Network Administrator
J-W Operating Company
Longview, TX
(903) 291-2820 direct line
(903) 235-4417 cell
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rafael
Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: [EMAIL PROTECTED]
Subject: [Ntop] Newbie questions
Hello there,
I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the beginnig.
Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems very
simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have some
doubts.
One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here at
the lab is acessing (and then maybe block some of them). For that I redirect
the port of our gateway to the machine that's running ntop. Then I saw the
statistics at IP Summary -> Traffic, to see the host (in this case, servers)
that were acessed using http. Everything was fine untill I realize that one of
the hosts vanished, it seems that ntop only show a list of a few last (maybe in
the last hour, or something) acessed hosts, is that correct?? If so, there are
anyway that I can have this information using ntop? Maybe a log...
If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...
Thanks for the attention,
Rafael Barbosa
