I've tried some of these now.... I upped the MAX_SUBNET_HOSTS to a very high number, and turned on the address debugging. It appears to be correctly classifying each IP as remote or psuedo-local in the debugging, but later in the web interface it shows them in the wrong area. I'll keep working with it tonight, but so far no good.
________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten Sent: Wednesday, April 30, 2008 2:44 PM To: [email protected] Subject: Re: [Ntop] NTOP and Local vs Remote That's really weird - never heard of this before; well except in cases where the network id's and/or mask bits were wrong. Properly configured I've never heard of this not working. Depending on your masks nTop MAY be truncating the network size to something smaller than your mask is specifying and MAYBE confusing the local/remote thing. Check out all the options in "globals-defines.h" - you'll see several entries such as "MAX_SUBNET_HOSTS", "ADDRESS_DEBUG", "MAX_NUM_NETWORKS". This file has a BUNCH of tweaks in it - but you have to recompile after changes :-( Not sure if this will help or not, but don't know what else to do. G ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Baugher Sent: Wednesday, April 30, 2008 2:18 PM To: [email protected] Subject: Re: [Ntop] NTOP and Local vs Remote I checked, and it understands my -m and -o correctly. I have 5 CIDR's listed, in x.x.x.x/bits format, separated by commas, and it appears to be happy with them. Remote/local is also confused in other areas, such as All Protocols->Traffic. If I select Hosts: Remote Only, I see 9 IP's. Local Only, I see local and many that should be remote. Jason ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten Sent: Wednesday, April 30, 2008 1:21 PM To: [email protected] Subject: Re: [Ntop] NTOP and Local vs Remote -m and -o are required for this and usually work without question. Check your "About->Show Config" and look at the "Resolved To..." row; make sure your flags (-m , -o, etc.) are actually being recognized. Does the remote/local traffic appear to be distinguished correctly on other views/reports? Or, does it appear broken everywhere? Gary ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Baugher Sent: Wednesday, April 30, 2008 1:02 PM To: [email protected] Subject: [Ntop] NTOP and Local vs Remote I'm using NTOP to gather NetFlow's from 2 border routers, Cisco 7206VXR's, with around 50Mbps in/out traffic on each. I've used the -m flag to specify all my internal IP's (our CIDR blocks), as I want "Local to Local" to be traffic from one of our customers to another, whereas "Local to Remote" and "Remote to Local" is traffic from/to one of our customers from someone out on the Internet. However, when I go to IP->Traffic Directions->Local to Local, I see hosts that are definitely supposed to be Remote. I've seen references in the archives to the -o flag - I've tried that with no change. Thanks, Jason Baugher [EMAIL PROTECTED] "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
