PS: you'll need the source to tweak that file - and will have to recompile. Else, maybe break up your network definitions into smaller subnets instead of the supernets, I think that will accomplish the same thing but not 100% sure.
nTop and netflow are usually pretty accurate. Not 100% PERFECT, but close enough. Are you certain netflow is conf'd correctly on the routers to see ingress and egress traffic while not counting it twice? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Monday, May 18, 2009 4:13 PM To: [email protected] Subject: Re: [Ntop] local-subnets appears to be ignored Try setting the --local-subnets to include your entire network range. Also, if you have more than 1024 hosts on that network you'll need to tweak globals-defines.h to allow for that. In addition, globals-defines.h has a debug switch "ADDRESS_DEBUG" that's supposed to log most everything related to addressing stuff. Can you give an example of the numbers you're seeing that lead you to believe it doesn't reflect reality? G -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, May 18, 2009 3:58 PM To: [email protected] Subject: [Ntop] local-subnets appears to be ignored Hello, I'm running ntop with a single netflow interface only on Fedora 9. Versions are as follows: ntop Version.....3.3.8 Fedora RPM Configured on.....Oct 23 2008 5:21:37 Built on.....Oct 23 2008 05:21:43 OS.....i686-pc-linux-gnu [32 bit] libpcap Version.....libpcap version 0.9.8 RRD Version.....1.3004 Started as........./usr/sbin/ntop @/etc/ntop.conf --daemon Resolved to........./usr/sbin/ntop --user ntop --use-syslog=local3 --db-file-path /var/lib/ntop --trace-level 3 --http-server 3000 --https-server 3001 --disable-schedyield --skip-version-check=yes --no-fc --w3c --local-subnets x.x.x.x/19 --interface none --numeric-ip-addresses --no-mac --daemon I have the netflow interface virtual address configured as the second /19 in my network and --local-subnets set to the first /19 in my network. I'm getting v5 flows from a pair of cisco routers and all the data looks good. However, local and remote identification are completely incorrect. The IP traffic summary shows all the flow data but traffic directions are an incorrect subset of the summary. Is this a known issue? Tony _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
