Gary Gatten wrote:
Dude - that's GOTTA be a record for the largest -m arg! I hear what
you're saying re the truncated hosts thing. I don't really like
compiling much either on my slow a$$ system, but there are a number of
defaults I want to tweak in the global-defines and in some of the
source, so I plan on doing that soon.
Just grasping here...., but MAYBE try supernetting these a little more.
Perhaps the arg is too long and it's freaking something out. Do you
actually have more than 1024 hosts on each of these subnets?
G
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, October 31, 2007 2:37 PM
To: [email protected]
Cc: [EMAIL PROTECTED]
Subject: Re: [Ntop] NTOP reporting IP address as local when the are
remote
In my ntop.conf I have:
-m
172.16.104.0/22,172.16.108.0/22,172.16.112.0/22,172.16.200.0/24,172.16.2
01.0/24,172.16.205.0/24,172.16.207.0/24,172.22.1.0/24,172.22.3.0/24,172.
21.1.0/24,172.23.1.0/24,172.16.184.0/24,172.16.185.0/24,172.31.1.0/24,17
2.31.4.0/24,172.31.3.0/24,172.16.12.0/24,172.16.115.0/24,172.16.172.0/24
This was because when I first started running ntop the default was no
more that 1024 hosts in a single IP subnet. If you wanted more than
that you had to re-compile ntop to allow subnets greater than a /22. I
did not want to recomiple.
-----Original Message-----
From: James <[EMAIL PROTECTED]>
Sent: Oct 31, 2007 2:46 PM
To: [email protected], [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Ntop] NTOP reporting IP address as local when the are
remote
[EMAIL PROTECTED] wrote:
I just upgraded from ntop 3.2 under Fedora Core 4 to ntop 3.3 running
Fedora Core 7. Ntop is receiving netflow data from a Cisco CAT6500. I
have a list of subnets that are considered local. However, I am getting
remote addresses listed as local. Example: 4.71.104.165 is listed as
remote and 4.71.104.187 is listed as local. Neither of these are local.
Both should be remote. I installed ntop as a rpm using
ntop-3.3-1.fc7.rpm. All of my local addresses are in the RFC 1918
172.16.0.0 - 172.31.255.255 range.
What can I look for to get the local vs. remote correct?
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
Did you try setting your /etc/default/ntop
GETOPT = "-m 172.0.0.0/8"
-m sets the local subnets on your machine
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
===========================================================================
Well, I bit the bullet and re-compiled from source and increasing the
number of hosts. I still got non-local hosts reported as local.
So I downloaded the most recent trunk from svn, 3.3.46, re-compiled. I
still get some non-local hosts reported as local. However, right now
there are less that a dozen. Whereas before I had close to an hundred.
So its better and something I can live with.
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
