To my knowledge nTop does NOT have any sort of notification engine built in - correct? So, if you want an automated action of some sort, such as an email, that would require custom code right?
I noticed the SNMP plugin but have not looked at it. If the MIB is detailed enough, you could monitor the nTop data with an SNMP manager and use the SNMP manager to send events when a given threshold or policy is violated. One simple (I assume) automated action would be the host flags. If the code is already there to detect traffic on odd ports and high numbers of connections, then it "should" be pretty easy to launch an external process (email?) in addition to setting the host flag status? Gary -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luca Deri Sent: Tuesday, February 13, 2007 2:27 AM To: [email protected] Subject: Re: [Ntop] filter expression question [newbie] Gene, ntop accepts BPF filters (do man tcpdump) Regards, Luca Gene Anderson wrote: > Good day. I'm new to using ntop and have been using it to monitor some > site uplinks - very handy tool. I am hoping to find out if ntop can send > email alerts if specific traffic is detected, like say a port scan or if a > client is doing a massive DoS attack, etc. > > So I tried adding: > > -B "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit 10 action alarm > rearm 90" > > and > > --filter-expression "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit > 10 action alarm rearm 90" > > and neither expression works in my /etc/ntop.conf config file. I'm new to > using Linux and even newer still to stuff like ntop and I know enough to > be dangerous. So I'm not sure what I'm doing wrong. Can someone please > point out what I'm sure is obvious and tell me what I'm doing wrong in > trying to have ntop filter expressions? TIA. > > > Gene Anderson > Computer Technician, Microsoft Certified Professional > Pembina Hills Regional Division No.7 > Phone: (780) 674-8535 ext 6860 > email: [EMAIL PROTECTED] > > "Passwords are like bubble gum, strongest when fresh, should never be > used by groups and create a sticky mess when left laying around" > > -anon > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > -- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ skype://lucaderi/ Don't be encumbered by past history. Go off and do something wonderful - Robert Noyce _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
