I don't have any links handy, but do some searches on the list for rrd configuration (I know there's a decent pdf doc somewhere, and info in the FAQ) - also wget.
________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Shannon Elliott Sent: Friday, March 27, 2009 10:21 AM To: '[email protected]' Subject: Re: [Ntop] Ntop Usage Gary, Thank you for the info. Do you have any links I can use to get more information about historical data? Thanks, Shannon Elliott From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Friday, March 27, 2009 5:52 AM To: [email protected] Subject: Re: [Ntop] Ntop Usage If you configure rrd you can get historical data there - its not as easy to find as the realtime/24 hour data. You can also dump the collected data using several options and store it for history reference. Generally speaking it takes some effort for historical data! Keep in mind that many tools including ntop won't catch all p2p traffic as it seems everything is using http as a transport. Often times you'll need something that can look beyond layer 4 to properly classify traffic. If you have cisco stuff check out NBAR. Gary ----- Original Message ----- From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Fri Mar 27 03:47:57 2009 Subject: Re: [Ntop] Ntop Usage M.A. TAMON > I'm using ntop on a SuSE box. > > I noticed that it appears I can only look at real-time information, not > historical when it comes to viewing something like All Protocols -> > Traffic. Is this true? True ... only information stored within the memory structures is displayed ... ie realtime. > > The only thing that appears to be historical is the summary page. > > The issue is this.... We are a school and I'm trying to find out who is using > P2P software. I am unable to drill down in the summary to find out which > hosts were responsible for running a P2P software. If you want to be able to drill down into the past, I will suggest u take a look at trisul [http://www.unleashnetworks.com/news-and-events/open-source-trisul-launc hed.html] > > Am I missing something? Is there a better way to do this? The only way so > far is for me to actually monitor All Protocols -> Traffic and catch it > while it's happening. > > > Thanks, > > S Elliott > > > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
