RE: [Ntop] Newbie questions

[Burton Strauss]

Well, they do different things...   Your change affects the time before ntop may choose to purge.  This affects both HOSTS and SESSIONS.   A host w/ no active sessions and no traffic is considered idle and can be selected for purge.  This purges the whole kit and kaboodle.   Individual sessions may also be purged on the same schedule.   But you had also found that the command line switch wasn't being honored.     ntop used to - by mistake - treat a closed session as instantly eligible for purge. So you never saw data for recently ended sessions in that part of the web server.  But when I fixed the bug, I was concerned that this could - under some situations - cause a huge increase in the number of sessions being tracked and thus memory usage.  So I defaulted to the old behavior and added the switch to make ntop work correctly.  I've just never gotten around to flipping them the way they should be.   -----Burton     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, May 22, 2006 4:10 PM To: ntop@unipi.it Subject: RE: [Ntop] Newbie questions Didn’t realize you added a patch for me!  I had already got into global_defines.h and reversed the setting J   Nathan Choate Sr. Network Administrator J-W Operating Company Longview, TX (903) 291-2820 direct line (903) 235-4417 cell [EMAIL PROTECTED]   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Monday, May 22, 2006 4:09 PM To: ntop@unipi.it Subject: RE: [Ntop] Newbie questions   You probably want to make sure you are using the CVS version - or pick up the patch I added recently for Nathan - otherwise, ntop ignores the --disable-instantsessionpurge option.   -----Burton   (Search the back traffic on ntop-dev for my ref 704 - that will give you the file(s) to diff).   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, May 22, 2006 4:02 PM To: ntop@unipi.it Subject: RE: [Ntop] Newbie questions If you don’t want to use the sticky hosts option but want to retain info a little longer and If you are up to the task, you can edit the global_defines.h which sets a number of values at compile time.    In my case I changed some of the idle timeout settings that control the purge behavior with some good results.  Look for the PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the recorded sessions a little longer.  I played with those and got them to keep the last couple of days.  As someone mentioned just before, the sticky hosts can fill up your tables if you leave it running for long periods.  There are plenty in there to keep you busy tweaking.   Nathan Choate Sr. Network Administrator J-W Operating Company Longview, TX (903) 291-2820 direct line (903) 235-4417 cell [EMAIL PROTECTED]   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rafael Barbosa Sent: Monday, May 22, 2006 3:28 PM To: [EMAIL PROTECTED] Subject: [Ntop] Newbie questions   Hello there, I just installed ntop in the laboratory at my university, I searched a lot looking for a manual or something like it that could help me at the beginnig. Everything I found was much superficial, outdated or both. hehe I'd like to know if there is any documentation (a paper, a how-to, anything) that could help me with the basics about how ntop works. Everything seems very simple after ntop is running, it collects lots of data and show many spreeadsheets and graphs. But I'd like to know how it works, and I do have some doubts. One thing I want to do, and I don' know if its possible, is to use the information that ntop gather to figure out which web-sites the people here at the lab is acessing (and then maybe block some of them). For that I redirect the port of our gateway to the machine that's running ntop. Then I saw the statistics at IP Summary -> Traffic, to see the host (in this case, servers) that were acessed using http. Everything was fine untill I realize that one of the hosts vanished, it seems that ntop only show a list of a few last (maybe in the last hour, or something) acessed hosts, is that correct?? If so, there are anyway that I can have this information using ntop? Maybe a log... If there are many english mistakes, I'm really sorry, I'm brazillian and I don't pratice that much... Thanks for the attention, Rafael Barbosa

_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop