Good day. I'm new to using ntop and have been using it to monitor some site uplinks - very handy tool. I am hoping to find out if ntop can send email alerts if specific traffic is detected, like say a port scan or if a client is doing a massive DoS attack, etc.
So I tried adding: -B "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit 10 action alarm rearm 90" and --filter-expression "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit 10 action alarm rearm 90" and neither expression works in my /etc/ntop.conf config file. I'm new to using Linux and even newer still to stuff like ntop and I know enough to be dangerous. So I'm not sure what I'm doing wrong. Can someone please point out what I'm sure is obvious and tell me what I'm doing wrong in trying to have ntop filter expressions? TIA. Gene Anderson Computer Technician, Microsoft Certified Professional Pembina Hills Regional Division No.7 Phone: (780) 674-8535 ext 6860 email: [EMAIL PROTECTED] "Passwords are like bubble gum, strongest when fresh, should never be used by groups and create a sticky mess when left laying around" -anon _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
