I would be interested, but I'm not a very strong code warrior - more like a code coward. I've done some pretty cool stuff with Perl to enhance Openview NNM, but as for writing C in any sort of "Best Practices" methodology - that would be a stretch. I could design it, document it, test it, etc. - but the code would probably have to be someone else's. Best I could offer is maybe something in Perl someone could then port to C the right way.
Gary -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luca Deri Sent: Wednesday, February 14, 2007 3:04 AM To: [email protected] Subject: Re: [Ntop] Automated actions? Was: filter expression question [newbie] Gary, the only way (as of today) to produce alarms is through an external tool ntop/utils/rrd-alarm or using tools like nagios and through the nagios rrd-plugin set thresholds on ntop-generated rrds. If you're interested I would appreciate if you want to contribute in this area of ntop development. Cheers, Luca Gary Gatten wrote: > To my knowledge nTop does NOT have any sort of notification engine built > in - correct? So, if you want an automated action of some sort, such as > an email, that would require custom code right? > > I noticed the SNMP plugin but have not looked at it. If the MIB is > detailed enough, you could monitor the nTop data with an SNMP manager > and use the SNMP manager to send events when a given threshold or policy > is violated. > > One simple (I assume) automated action would be the host flags. If the > code is already there to detect traffic on odd ports and high numbers of > connections, then it "should" be pretty easy to launch an external > process (email?) in addition to setting the host flag status? > > Gary > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Luca Deri > Sent: Tuesday, February 13, 2007 2:27 AM > To: [email protected] > Subject: Re: [Ntop] filter expression question [newbie] > > Gene, > ntop accepts BPF filters (do man tcpdump) > > Regards, Luca > > Gene Anderson wrote: > >> Good day. I'm new to using ntop and have been using it to monitor some >> site uplinks - very handy tool. I am hoping to find out if ntop can >> > send > >> email alerts if specific traffic is detected, like say a port scan or >> > if a > >> client is doing a massive DoS attack, etc. >> >> So I tried adding: >> >> -B "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit 10 action >> > alarm > >> rearm 90" >> >> and >> >> --filter-expression "icmp ping-flood ICMP_ECHO any/any pktcount > 30 >> > unit > >> 10 action alarm rearm 90" >> >> and neither expression works in my /etc/ntop.conf config file. I'm new >> > to > >> using Linux and even newer still to stuff like ntop and I know enough >> > to > >> be dangerous. So I'm not sure what I'm doing wrong. Can someone please >> point out what I'm sure is obvious and tell me what I'm doing wrong in >> trying to have ntop filter expressions? TIA. >> >> >> Gene Anderson >> Computer Technician, Microsoft Certified Professional >> Pembina Hills Regional Division No.7 >> Phone: (780) 674-8535 ext 6860 >> email: [EMAIL PROTECTED] >> >> "Passwords are like bubble gum, strongest when fresh, should never be >> used by groups and create a sticky mess when left laying around" >> >> -anon >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> > > > -- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ skype://lucaderi/ Don't be encumbered by past history. Go off and do something wonderful - Robert Noyce _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
