Maybe try doing a basic test - apply a filter (on ntop) so ntop can only see traffic to and from your pc. Browse around some internal and external sites and see what happens in your reports. I suspect netflow isn't enabled on ALL interfaces your traffic flows are hitting, or those flow exports are getting blocked or lost so that ntop never sees them. Else, whomever built your package did something really wrong!
If you like nTop I recommend browsing through the globals-defines.h and tweaking things to your liking - some of them are little things that make a big difference! I don't think it will help solve your immediate problem though. Oh, Look at the netflow plugin stats and see if all your exporters are listed and what the flow stats are. Also, 3.3.x started recognizing netflow interface ID's, so MAYBE that has something to do with it. G -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Tuesday, May 19, 2009 10:01 AM To: [email protected] Subject: Re: [Ntop] local-subnets appears to be ignored Gary, thanks for the reply. Here's some more info. I've messed with --local-subnets on this one quite a bit. I've tried not setting it and using the /19 (where 90% of my hosts are) solely as the netflow interface virtual address. I've tried putting a bogus /24 as the netflow virtual address and again put one of my CIDRs in local-subnets. All to no avail. As for the number of hosts, the network is very small. NTOP has only about 884 active end nodes monitored. I doubt I'm bumping into the 1024 limit. The split is as follows: There are 7 pages of IP hosts on the L-L report, 1 page of hosts on the L-R report and less than half a page on the R-L report. Nothing on the R-R report. In regards to the overall configuration, over the last 5 years I've used ntop on and off to pull utilization stats from these routers. There have been no changes to the netflow config there. I'm only using "ip flow ingress" on the interfaces where traffic is interesting. "ip flow egress" is not configured on any interfaces. Previous versions of ntop did not exhibit this behavior. However, this is the first time I've run it on Fedora 9 with v3.3.8 of ntop. Tony _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
