I'm using Ntop V 3.3.5 to monitor netflow data from three separate ISP routers
connected to our wan. No matter what Ive tried %99 of my traffic is regarded
a local by ntop.. www.ebay.com , 24.93.38.10 , www.unipi.it , etc..
How can I make the Local/Remote categories behave ?
CONFIGURATION DETAILS:
I tweaked the global-defines.h to accommodate the class b subnets
#define MAX_SUBNET_HOSTS 65534
these values are in place ..
-X..... 32768 and -x.....327680
My /etc/ntop.conf entries:
--user ntop , --daemon , --db-file-path /usr/local/var/ntop
--interface none, --no-mac
-m xxx.yyy.0.0/16, zzz.aaa.0.0/16, 192.168.0.0/16, 172.16.0.0/16,
10.8.0.0/16, 10.77.0.0/16
My pertinent information in "show configuration" page:
-m | --local-subnets (effective) xxx.yyy.0.0/16, zzz.aaa.0.0/16,
192.168.0.0/16, 172.16.0.0/16,
10.8.0.0/16, 10.77.0.0/16
Networks
none Local Network.....255.255.255.255/32
NetFlow-device.2 Local Network.....192.168.0.0/16
NetFlow-device.3 Local Network.....10.8.0.0/16
NetFlow-device.4 Local Network.....10.8.0.0/16
Known Networks.... 10.8.0.0/16
zzz.aaa.0.0/16
172.16.0.0/16
xxx.yyy.0.0/16
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
