Re: [Ntop] Duplicate flow entries

Hi David, Great, thank you for reporting. Regards, Emanuele On 5/27/20 2:17 PM, David van Ginneken wrote: /Hi Emanuele,/ / / /I do confirm this was the same issue. I updated the package and alerts went away./ / / /Many thanks. / Le lun. 25 mai 2020 à 12:23, Emanuele Faranda <mailto:f

Re: [Ntop] Replies / Requests Ratio

Hi Aaron, Thank you for reporting. Regards, Emanuele On 5/26/20 4:41 PM, Aaron Scamehorn wrote: Thanks, Emanuele. I can confirm that I am no longer receiving alerts for HTTP request/replies. Aaron On Mon, May 25, 2020 at 5:18 AM Emanuele Faranda <mailto:fara...@ntop.org>&

Re: [Ntop] Replies / Requests Ratio

lies [5 Minutes ratio: 33.7%] "     "msg": "Host edgemax has received 78 HTTP requests but sent 34 HTTP replies [5 Minutes ratio: 43.0%] " The duration is usually 10 minutes or less. I've sent you a PCAP file to reproduce. Aaron On Fri, May 15, 2020 at 4:26 AM Emanuele Fa

Re: [Ntop] Replies / Requests Ratio

e 5 minute duration. Could this be a boundary issue?  Could client send the requests in one 5 minute window, and the responses are on the next 5 minute window? Aaron On Wed, May 13, 2020 at 8:48 AM Emanuele Faranda <mailto:fara...@ntop.org>> wrote: Aaron, Writing to y

Re: [Ntop] Replies / Requests Ratio

-vlans flag in ntopng. This should fix your problem. Regards, Emanuele On 5/13/20 3:06 PM, Emanuele Faranda wrote: Hi Aaron, Please contact us privately at fara...@ntop.org and maina...@ntop.org . Please ensure that the PCAP files only contain DNS traffic. Regards, Emanuele On 5/12/20 5

Re: [Ntop] Replies / Requests Ratio

right at the 10 minute mark, I got alerts.  How can I get these PCAP files to you? Thanks, Aaron On Tue, May 12, 2020 at 4:13 AM Emanuele Faranda <mailto:fara...@ntop.org>> wrote: Hi Aaron, Please see below. On 5/11/20 9:29 PM, Aaron Scamehorn wrote: Hi Emanuele,

Re: [Ntop] Replies / Requests Ratio

gly, If I specify a BPF Filter ("port 53"), the downloaded PCAP file seems to only have 1 side (ie. edgemax is only a source, never a dest. Without a BPF Filter, the download is fine. This is probably a bug, please open an issue at https://github.com/ntop/ntopng . Regards, Ema

Re: [Ntop] Replies / Requests Ratio

with the above alerts, please ensure that ntopng is not dropping packets as this would explain this behavior. If I just do a tshark on the same interface that ntopng is listening on, I see all of the expected DNS query & replies.  I am not able to correlate the alerts to any missing pac

Re: [Ntop] Replies / Requests Ratio

Hi Aaron, The alerts that you are reporting basically tell you that such hosts receive DNS requests but do not send a reply. In order to troubleshoot possible problems you should augment such information with the knowledge of your network. The first question to answer is, are that hosts

Re: [Ntop] Top Flow Talkers double click information lost

versions of code. I beleave that is why the host comparation site is not shown. Would you agree and what is to do? Thx and Rgds, Peer Am 25.03.2020 um 16:30 schrieb Emanuele Faranda: Hi Peer, This works for me, a single click on the host name brings me to the host details view. If it does

Re: [Ntop] Top Flow Talkers double click information lost

Hi Peer, This works for me, a single click on the host name brings me to the host details view. If it does not work for you please open a new issue on https://github.com/ntop/ntopng and report:     - The browser you are using     - If you open the javascript console of the browser, do you

Re: [Ntop] Flow question.

Hi Christoforos, Please see below. On 11/21/19 11:27 AM, xristoforosdeme wrote: Hello, I have the Professional Edition, but i don't mind to upgrade to Enteprise if it support this future. I try to find some information about ntopng but with no luck, so sorry if is on the documentation.

Re: [Ntop] NetFlow Cisco Sw

Andrea, I've just replied to the email received by the "contact us" form, check out my reply there. Please avoid double posting in future. Emanuele On 11/19/19 12:19 PM, Andrea Lenarduzzi wrote: Hi, I've problems about netflow Ntopng 3.8.19 - Professional Edition nProbe v.8.6.19 -

Re: [Ntop] Ntop+Nprobe: the floods decrease to zero in some minutes

Hi Roberto, You will need a license to run nprobe. Please purchase one from our shop https://shop.ntop.org or contact us privately http://www.ntop.org/support/need-help-2/contact-us if you need a demo license. Regards, Emanuele On 11/12/19 4:14 PM, Roberto Carna wrote: Dear, I can see in

Re: [Ntop] customizing ntopng expired flow exports to MySQL

Hi, You can manually edit the source file for MySQL export: https://github.com/ntop/ntopng/blob/dev/src/MySQLDB.cpp . MySQLDB::dumpFlow is the function called to export the flow information. Regards, Emanuele On 11/4/19 4:47 PM, Christina Phillips wrote: I am aware that MAC addresses are

Re: [Ntop] Geolocation not working

denying geolocation access to the http webpage, but I fixed that by telling the browser to treat the URL as trusted. Then ntopng detected my location and the console didn't show any subsequent errors. However, no hosts are shown except myself. Original message From: Emanuele

Re: [Ntop] Geolocation not working

Hi Michael, Have you configured your maps api key into the ntopng preferences? Moreover the browser developer console should report API errors if they occur, do you have any errors? Regards, Emanuele On 11/2/19 6:25 AM, Michael wrote: Hello, I just managed to get the Hosts GeoMap to work

Re: [Ntop] housekeeping.lua seems to cause error

Hi, Please open an issue on github so that we can track it. Regards, Emanuele On 10/28/19 2:42 PM, b...@todoo.biz wrote: Le 28 oct. 2019 à 14:38, Emanuele Faranda <mailto:fara...@ntop.org>> a écrit : ntopng --version root@Ntop-kvm:~# ntopng --version v.3.9.191028[Enterprise/Pro

Re: [Ntop] housekeeping.lua seems to cause error

Hi, Running "chown -R ntopng:ntopng /var/lib/ntopng" should fix the issue. If not, please open a new issue on github with the following details:     - output of "ntopng --version"     - output of "ls -l /var/lib/ntopng/category_lists" Regards, Emanuele On 10/28/19 1:20 PM, b...@todoo.biz

Re: [Ntop] ntop-ng newbe question

Hi Leandro, Please see below. On 10/17/19 4:39 PM, Leandro Roggerone wrote: Hi guys, im here trying to find a replacement for my nfsen / nfdump platform. Im trying free version of ntop-ng , so here are some questions: 1) How to properly create a netflow analisis platform with ntop-ng? I

Re: [Ntop] Problem with Google maps API refusing to load

Hi, The link you provided seems explicative (https://developers.google.com/maps/documentation/javascript/error-messages#api-not-activated-map-error) . After generating the key you should activate the key on a "project" into the developer console. Please ensure that you have performed this

Re: [Ntop] No Chart Data

Kenneth, please avoid double posting on github/telegram/email https://github.com/ntop/ntopng/issues/2660 Emanuele On 6/18/19 3:17 PM, Simone Mainardi wrote: Have they been enabled from the ntopng preferences? Check under page Preferences->SNMP to enable time series data for you SNMP

Re: [Ntop] Dependences problem

Hi Andrea, Can you try the following instructions? 1. apt-cache clean 2. apt-get update 3. apt-get install ntopng Emanuele On 5/9/19 5:33 PM, Andrea Lenarduzzi wrote: Hi, I've upgraded to ntopng Professional Edition v.3.8.190506 Now I've this dependences problem:     Preparativi per

Re: [Ntop] Prometheus exporter state

Hi, Yes, the Prometheus support is what you see. Only InfluxDB has become part of ntopng as a generic timeseries storage. Please feel free to provide pull requests if you improve it. Regards, Emanuele On 4/26/19 4:59 PM, Bogdan Rudas wrote: Hi! What is current state of Prometheus expoter

Re: [Ntop] Is it possible to setup a Linux-based firewall with netfilter/iptables to perform *DEEP PACKET INSPECTION (DPI)* at OSI Layer 7?

Hi, nEdge can perform L7 inspection and policing, please check out https://www.ntop.org/products/traffic-analysis/ntopng-edge . Its core components are the nDPI and ntopng. Please note that we only support ubuntu 16 and ubuntu 18 for nEdge. Regards, Emanuele On 4/24/19 5:27 PM,

Re: [Ntop] ntop hardware requirements

Hi Guilvert, You should be fine with a commodity multicore pc and 2 or 4 GB of ram. Please note that this also depends on the bandwidth you wish to monitor. For the disk sizing, again a standard size disk should be enough, please check out this link for some more information on the topic:

Re: [Ntop] Latest stable Ubuntu 16.04 ntopng deb fails on supposed missing redis server but only when started by systemctl

used_cpu_sys_children:17.90 used_cpu_user_children:79.96 # Cluster cluster_enabled:0 # Keyspace db0:keys=9845,expires=9762,avg_ttl=1832241 On Thu, Feb 21, 2019 at 4:04 AM Emanuele Faranda <mailto:fara...@ntop.org>> wrote: Hi Kevin, Can you successfully use the redis

Re: [Ntop] Latest stable Ubuntu 16.04 ntopng deb fails on supposed missing redis server but only when started by systemctl

Hi Kevin, Can you successfully use the redis cli tools? For example, can you successfully run "redis-cli info" from the terminal? Regards, Emanuele On 2/21/19 3:50 AM, Kevin Branch wrote: This issue has come up with newer version(s) of the ntopng deb.  Specifically I was just now testing

Re: [Ntop] 10G interfaces packet drops

Hi Marco, Please replace "ens2" with "zc:ens2". Check out https://www.ntop.org/ntopng/best-practices-for-running-ntopng/ for more info. Regards, Emanuele On 2/4/19 12:29 PM, Marco Pirovano wrote: Hello, we are using NTOPNG to monitor our 10G link to internet. We are using an Arista

Re: [Ntop] ntopng web GUI password not working

Hi, Please check out https://www.ntop.org/guides/ntopng/faq.html#cannot-login-into-the-gui . Regards, Emanuele On 2/1/19 9:11 PM, Harish Patil wrote: Hi, I had been using GUI with default admin/admin for some time. Recently I "guess" I changed to local authentication off. I haven't been

Re: [Ntop] How is --ignore-vlans supposed to work?

Gerard, You may try to enable disaggregation by VLAN id. Please check out https://www.ntop.org/guides/ntopng/advanced_features/dynamic_interfaces_disaggregation.html . If you still have traffic duplication troubles, please send us a pcap file with some Netflow traffic to replay in our lab.

Re: [Ntop] Filter time series charts

of included installation support that comes with activating the licenses? Thanks, Gerard Original message From: Emanuele Faranda Date: 1/16/19 03:14 (GMT-07:00) To: ntop@listgateway.unipi.it Subject: Re: [Ntop] Filter time series charts Hi Gerard, Right now, this is how you can

Re: [Ntop] Flow alerts rules

Hi Dan, nDPI detects some common mining protocols, please check out https://github.com/ntop/nDPI/commit/c6b427c2521c0916866f932ea1db43334a01b2f4 . Moreover, ntopng detects mining hosts by using this list: https://github.com/ntop/ntopng/blob/dev/httpdocs/other/lists/web_mining.txt . The

Re: [Ntop] Filter time series charts

Hi Gerard, Right now, this is how you can implement the view you request:  - If the networks are not spread across multiple collectors and are some defined set, you can define local networks globally to get charts by local networks:

Re: [Ntop] How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows

=== Am not sure what to do / try form here, assistance appreciated, Best, Johan. On 2018-12-24 16:02, Emanuele Faranda wrote: Hi, Please try to replace /i with /c so that you can see the commands output. Regards, Emanuele On 12/24/18

Re: [Ntop] How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows

Hi, Please try to replace /i with /c so that you can see the commands output. Regards, Emanuele On 12/24/18 12:17 AM, techni...@mcw.org.za wrote: Update to the below, as per what Ive posted to the mailing list: We have Multiple nProbe sites with Mikrotik routers, and want to send flows to

Re: [Ntop] Storage size for InfluxDB

Hi, You can find the current InfluxDB Storage size on the Runtime Status page. The actual size depends on the number of hosts you have and which timeseries you enable. For example, I've run InfluxDB for 45 days on my local pc and the storage size is 175.03 MB . Regards, Emanuele On

Re: [Ntop] InfluxDB Configuration

Hi Chiaki, Please see below. On 11/26/18 7:05 AM, Chiaki Ebihara wrote: Hi All I have set up InfluxDB and checked the historoical chart of Interface and Host details. I have 4 questions. 1) I specified InfluxDB Storage as "2". In that case, the data shown in host.details (except for Flows)

Re: [Ntop] About ntopng specifications

Hi Ebihara, Please see below. On 11/16/18 11:01 AM, Chiaki Ebihara wrote: Dear all, Please tell me the following questions about ntopng specifications. 1.)Regarding Interfaces menu, is the value displayed chart displayed on below menu on Host Detail the cumulative value of data

Re: [Ntop] nprobe to ntop missing flows

Hi David, Please try to add also --zmq-disable-buffering to the nprobe options. Emanuele On 9/4/18 5:31 PM, David Larson wrote: Hello! I am trying to collect netflow from a cisco 3850 and view it in ntopng. I am able to see some data, but it appears intermittent. When I view nprobe with -b

Re: [Ntop] Ntop Digest, Vol 172, Issue 2

When replying, please edit your Subject line so it is more specific than "Re: Contents of Ntop digest..." Today's Topics:    1. Re: dumb question: log files (Emanuele Faranda) -- Message: 1

Re: [Ntop] dumb question: log files

Hi, If you run ntopng as a service (the default when installed via package), then you can get log messages via systemd service log:     sudo journalctl -u ntopng Regards, Emanuele On 9/3/18 5:21 PM, Luca Domenella wrote: hi i just started (a couple of days ago) ntopng community edition to

Re: [Ntop] snmp/netflow

Hi, Please check out https://www.ntop.org/nprobe/network-monitoring-101-a-beginners-guide-to-understanding-ntop-tools/ for a beginner guide. SNMP is only available in the enterprise version, please check out http://www.ntop.org/products/traffic-analysis/ntop/ for a comparison table.

Re: [Ntop] define custom applications

Hi, Please check out https://github.com/ntop/nDPI/blob/dev/example/protos.txt . In ntopng you can specify a protos.txt file with the -p option     [--ndpi-protocols|-p] .protos | Specify a nDPI protocol file     | (eg. protos.txt) Regards, Emanuele On 9/3/18

[Ntop] Localizzazione

Ciao a tutti, Ho riallineato la localizzazione in italiano a quella inglese. Vi ricordo che le istruzioni su come localizzare e per vedere cosa manca da localizzare sono indicate in "pro/tools/localization/README.md" . Luca, allego le nuove stringhe da localizzare in tedesco (da decidere se

Re: [Ntop] bad counter

Hi, Are you using RRD or InfluxDB? Please open an issue here:     https://github.com/ntop/ntopng/issues Please also post a screenshot if possible. Regards, Emanuele On 8/11/18 5:26 PM, Daniel Vachon wrote: hi, using last ntopng (arm) v3.5.180802

Re: [Ntop] Ntopng versus Ntopng Edge for historical monitoring?

Hi, In general, traffic reports, dashboards, alerts are all common between ntopng and nedge. Here are some differences:     - nEdge does not support remote probes (no NetFlow/sFlow/SNMP monitoring)     - nEdge does not monitor TCP flags     - Currently nEdge does not split traffic by

Re: [Ntop] Ntopng Edge - Policies based on VLAN

Hello, Currently you can only create policies to be applied on VLAN tagged traffic as a whole, you cannot target specific VLANs. Emanuele On 08/08/2018 10:45 AM, Victor Hooi wrote: Hi, This isn't clear from the documentation (or perhaps I missed it) - but is it possible with Ntopng Edge

Re: [Ntop] PF_RING FT API implementation

Hello, Sorry but PF_RING FT is not open source. Regards, Emanuele On 06/08/2018 04:00 AM, Harish Patil wrote: Hi, I am new to ntop/ndpi. I'm looking for source code of PF_RING FT such as implementations of:  pfring_ft_create_table() or pfring_ft_process() etc which uses ndpi lib. I only

Re: [Ntop-misc] MS-Windows 10, ntop ng and NetFlow 9

Hello, Please check out the "Execution as a Windows Service" section in nprobe user guide: https://github.com/ntop/nProbe/blob/master/doc/nProbe-UsersGuide.pdf Regards, Emanuele On 05/24/2018 10:49 AM, Storer, Darren wrote: Hi All, Using CentOS Linux I have have had very good success

Re: [Ntop] cannot update ntopng due to incorrect version of pfring

Hello, On ubuntu 16 I can successfully install ntopng: apt-cache policy ntopng ntopng:   Installed: 3.4.180511-4407   Candidate: 3.4.180511-4407   Version table:  *** 3.4.180511-4407 500     500 http://packages.ntop.org/apt-stable/16.04 x64/ Packages     100 /var/lib/dpkg/status

Re: [Ntop] Proof of bandwidth utilization for specific webserver

Hello Chuck, pfSense only integrates the community version of ntopng. Most of the features you are interested in are available in the pro and enterprise versions. Basically you need the "Historical Explorer". Please check out the following links for more details.

Re: [Ntop] Required more information about ntop API details

Hi Ganeshbabu, Please check out the following documents for information:     - ntopng lua api: https://github.com/simonemainardi/ntopng-docker/blob/master/Linux%20Day%2028%20Ottobre%202017.pdf     - elastic search json fields: https://github.com/ntop/ntopng/blob/dev/src/Flow.cpp#L1799    

Re: [Ntop] LDAP Authentication

Hi Christophe, What command are you using to capture the LDAP flows? Regards, Emanuele On 04/16/2018 01:42 PM, Christophe Gierski wrote: Dear all, I have NtopNG Enterprise Ed. and I try to configure LDAP access (OpenLDAP). I have set my preferences, but there is no query send from NtopNG

Re: [Ntop] Adding interfaces to already running instance of ntopng

Hi, Please open an issue on our github page https://github.com/ntop describing the issue. Regards, Emanuele On 03/26/2018 05:11 PM, Martin Drašar wrote: Hi, moving on with my scenario, I have decided to just prepare a bunch of network interfaces before starting ntop and do not use virtual

Re: [Ntop] Disappearing ntopng menu items

Hi Peter, What browser/ntopng version are you using? Do you have enabled plugins which may interfere with the gui? Please perform these tests:     - When you experience the problem, do a screenshot. Please open the javascript inspector of your browser and see if there are errors. Moreover,

Re: [Ntop] Host Name vs Further Host Names/Information

Hi Christophe, The host name information into ntopng comes from the DHCP, MDNS and NetBIOS. Moreover, if you enable DNS resolution (see -n option), ntopng will also decode/perform DNS queries to resolve host names. When the DHCP lease expires, your clients will perform a new DHCP request

Re: [Ntop-misc] Fwd: Ntopng high fluctuation

, Javier Narváez - Mensaje original - De: "Emanuele Faranda" <fara...@ntop.org> Para: ntop-misc@listgateway.unipi.it Enviados: Viernes, 9 de Febrero 2018 14:37:10 Asunto: Re: [Ntop-misc] Fwd: Ntopng high fluctuation Hi, The --collector-sample-rate and --upscale-traffic a

Re: [Ntop-misc] Fwd: Ntopng high fluctuation

~]# rpm -qa | egrep 'nprobe|ntopng' ntopng-3.3.180209-3902.x86_64 nprobe-8.3.180209-6051.x86_64 ntopng-data-3.3.180209-3902.noarch Kind regards, Javier - Mensaje original - De: "Emanuele Faranda" <fara...@ntop.org> Para: ntop-misc@listgateway.unipi.it Enviados: Viernes, 9 de Fe

Re: [Ntop] No countries, operating sytems and http servers

Hi, You are receiving flows from nprobe so ntopng cannot figure out the operating system of your hosts. We currently do not have a report for http servers. Regarding the top countries issue, if you go into the Hosts -> Countries menu, can you see the countries for your active hosts or you

Re: [Ntop] APU2 microprobe

Hi Joe, The APU2 is not a TAP, it is a standard pc. Ntopng runs inside the APU2 itself. If you need a monitoring solution based on a TAP, you will need to do the TAP aggregation separately and then feed the aggregated traffic through a single APU2 port. Please note that you can install

Re: [Ntop] Data not persisting through service restart or reboot (MySQL setup)

Hi, Your ntopng.conf is missing an equal sign: -F="mysql;localhost;ntopng;ntopng;ntopng;mysqlpassword" The "gibberish output" of MySQL is probably from the "json" field, which is compressed. You can the uncompressed output with: select UNCOMPRESS(JSON) from flowsv4;

Re: [Ntop] Data Archiving

Hi, Currently you can only control the max MySQL data retention time, not the timeseries retention time. For MySQL, please tune the "MySQL storage" under the "Timeseries" preferences. Regards, Emanuele On Fri, Dec 1, 2017 at 8:36 AM, Md Ehsanul Haque wrote: Dear, how

Re: [Ntop] ntopng installation on kali linux 4.12

Hi, You can try to manually install the packages and the required dependencies from http://packages.ntop.org/debian/jessie/x64/ntopng/ . We do not officially support kali. Regards, Emanuele On Tue, Oct 10, 2017 at 3:26 PM, Stefan wrote: Replying to my own email -

Re: [Ntop] SSLV3 and cookies

wrote: Thanks Emanuele, but where are they located? From: <ntop-boun...@listgateway.unipi.it> on behalf of Emanuele Faranda <fara...@ntop.org> Reply-To: <n...@unipi.it> Date: Tuesday, September 26, 2017 at 10:05 AM To: <n...@unipi.it> Cc: <ntop@listgateway.unipi.it> S

Re: [Ntop] SSLV3 and cookies

ell me the file location so I can make the correction. Also how do you disable SSLV3? Thanks, Tim From: <ntop-boun...@listgateway.unipi.it> on behalf of Emanuele Faranda <fara...@ntop.org> Reply-To: <n...@unipi.it> Date: Tuesday, September 26, 2017 at 9:04 AM To: &

Re: [Ntop] SSLV3 and cookies

Hi Tim, Please follow the issue on our github page https://github.com/ntop/ntopng/issues/1483 Thank you for reporting! Emanuele On Tue, Sep 26, 2017 at 1:53 PM, Tim Wolak wrote: Hi all, After running a vulnerability scan it came back that ntop has SSLV3 enabled and

Re: [Ntop] No data after update

ilto:ntop- boun...@listgateway.unipi.it] On Behalf Of Emanuele Faranda Sent: Thursday, 24 August 2017 8:45 PM To: n...@unipi.it Subject: Re: [Ntop] No data after update Hi Peter, Please check out the ntopng log. It should contain some error message pointing out the problem. Regards, Emanuele

Re: [Ntop] housekeeping - no enough memory

y-root-on-??? ==32365== could not unlink /tmp/vgdb-pipe-to-vgdb-from-32365-by-root-on-??? ==32365== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-32365-by-root-on-??? Regards Roberto Sobre 24-08-2017 15:38:37, Emanuele Faranda <fara...@ntop.org> escribió:

Re: [Ntop] housekeeping - no enough memory

"ntopng.prefs.alerts.mysql_check_open_files_limit": "1", "ntopng.prefs.nagios_nsca_host": "localhost", "ntopng.prefs.nagios_nsca_port": "5667", "ntopng.prefs.nagios_send_nsca_executable": "\/usr\/local\

Re: [Ntop] No data after update

Hi Peter, Please check out the ntopng log. It should contain some error message pointing out the problem. Regards, Emanuele On Thu, Aug 24, 2017 at 6:41 AM, Peter Shute wrote: Yesterday I upgraded from ntopng Pro [Small Business Edition] Edition v.3.1.170713 to

Re: [Ntop] Getting historical information

On Wed, Aug 23, 2017 at 4:27 PM, Emanuele Faranda <fara...@ntop.org> wrote: Hi Umut, Currently ntopng only shows information about active hosts. After setting up the --local-networks parameter (-m) you can extend the "Local Host Idle Timeout" from the settings for a maximum of

Re: [Ntop] Getting historical information

Hi Umut, Currently ntopng only shows information about active hosts. After setting up the --local-networks parameter (-m) you can extend the "Local Host Idle Timeout" from the settings for a maximum of 30 minutes. Another option is to enable the sticky hosts with the --sticky-hosts=local to

Re: [Ntop] housekeeping - no enough memory

Hi Roberto, What is the content of your ntopng.conf file? Does the problem occur immediately or after some time? Can you post a screenshot of your ntopng dashboard? Emanuele On Wed, Aug 23, 2017 at 1:46 AM, Roberto Alvarado wrote: Hi Folks, My ntopng is crashing

Re: [Ntop] Adding additional alert blacklists

Hi Ryan, That's the right place to put your own blacklist. Please verify the following: - the blacklist should be a valid URL and not a local file path - the variable blacklistURLs must be updated with the blacklist url (be sure to add a comma after the default url string) - the url should

Re: [Ntop-misc] PFRING ZC - packet loss at 10G

Hi Matthew, When capturing at high speeds you should avoid switching desktop or even better using a desktop at all since it may interfere with the capture process. If you still wish to run the desktop, you can try to isolate the capture cores by the means of isolcpu . If you have further

Re: [Ntop] How to upgrade ntopng on Ubuntu?

Hi David, Please try to reinstall the ntop repo file following the instructions at http://packages.ntop.org/apt-stable/ . Then post the full output of apt-get update. Regards, Emanuele On Sat, Aug 12, 2017 at 3:14 PM, David Kraut wrote: Hi Luca, I tried that, but

Re: [Ntop-misc] How to save flows to read in other software such as R program or Matlab?

Hi Alexandro, You could export flows to mysql (see ntopng -F option) and then process them to produce a text file. Another way is to enable user scripts with the "--enable-user-scripts" option and hook the flowDelete callback to execute a custom lua script in which you dump the flows

Re: [Ntop] ntopng not accessible after upgrade

Peter, You database schema is being updated. You should have access to ntopng as soon as it completes. Emanuele On 05/18/2017 12:46 AM, Peter Shute wrote: After leaving the browser attempting to contact ntopng for a while, this message came up: Waiting for database ntopng to become

Re: [Ntop] Traffic sent and traffic received in historical view in ntopng

ntop-boun...@listgateway.unipi.it [mailto:ntop- boun...@listgateway.unipi.it] On Behalf Of Emanuele Faranda Sent: Wednesday, 17 May 2017 4:29 AM To: ntop@listgateway.unipi.it Subject: Re: [Ntop] Traffic sent and traffic received in historical view in ntopng Ntopng can actually produce a traffic report where it shows the

Re: [Ntop] Traffic sent and traffic received in historical view in ntopng

flu...@snkmail.com<mailto:ntop-flu...@snkmail.com>> wrote: On 15 May 2017 at 17:10, Emanuele Faranda faranda-at-ntop.org<http://faranda-at-ntop.org> |ntop-flugle| <rrjzg9n...@sneakemail.com<mailto:rrjzg9n...@sneakemail.com>> wrote: You are right, network stats are calculated every mi

Re: [Ntop] Traffic sent and traffic received in historical view in ntopng

nformation on software version and configuration used. Note: the fact that in/out breakdown for interface traffic is not available is already tracked by issue https://github.com/ntop/ntopng/issues/1114 Regards, Emanuele On 05/15/2017 05:08 PM, Andrew Hilborne wrote: On 15 May 2017 at 15:44

Re: [Ntop] Traffic sent and traffic received in historical view in ntopng

Hilborne wrote: It's the ingress/egress bytes _per local network_ which I am interested in. Thank you - I have found this now. However, it is showing no data. I think this is a licensed feature? Andrew On 15 May 2017 at 15:21, Emanuele Faranda faranda-at-ntop.org <http://faranda-at

Re: [Ntop] Traffic sent and traffic received in historical view in ntopng

-historical-data-using-ntopng/ shows exactly this information. However my own installation shows a similar graphic, but without the 'traffic (Sent)' and 'traffic (Recvd)' designations. Andrew On 15 May 2017 at 10:18, Emanuele Faranda faranda-at-ntop.org <http://faranda-at-ntop.org> |ntop-

Re: [Ntop] Traffic sent and traffic received in historical view in ntopng

Hi Andrew, Currently ntopng saves the interface RRD data as the total number of bytes, so it not possible to get a differentiated sent/received view. However, you can get such differentiated metrics from the Local Networks page. Emanuele On 05/12/2017 08:02 PM, Andrew Hilborne wrote: Hi,

Re: [Ntop] Total bytes per IP for accounting on ntopng

mysql data. But I have collected huge amount of 250.000 rows with about 10.000 clients in only five minutes. In this case, it wouldn't be practical. If you can help about summarize the data inside "redis" of ntopng it'll be better... thanks. On Mon, May 8, 2017 at 4:04 PM, Emanu

Re: [Ntop] Total bytes per IP for accounting on ntopng

Hi, Currently ntopng does not export such daily information via an API. Feel free to open a feature request on github https://github.com/ntop/ntopng for an API request. As an alternative, if you have MySQL support enabled (see -F option), you could perform manual MySQL aggregations from the

Re: [Ntop] Unclear hardware choices

Hi Andrew, nProbe and ntopng pro require separate licences, so if you want to run both, even in the same box, you will need both. Regards, Emanuele On 05/02/2017 06:37 PM, Andrew Hilborne wrote: So, if I want to run ntopng Pro Linux/Win (x64) (the small business addition) on something like

Re: [Ntop] Interface speeds on NTOP showing greater than interface

Hi Jason, What I can the tell you about that problem is the following. ntopng in collector mode can only guess traffic rate from the flows it receives from nProbe. If nProbe exports a lot of flows at once, ntopng will consider that traffic as appearing all together, resulting into an higher

Re: [Ntop] Need some conceptual guidance with sending flows to ntopng

Hi Boyan, please check out the "Dynamic Flow Collection Interfaces" option into the ntopng advanced preferences. If you set the preference to "Probe IP Address", ntopng will create virtual interfaces to match the remote devices. Regards, Emanuele On 04/17/2017 07:11 PM, Boyan Biandov

Re: [Ntop] Various Interface Name Errors

Hi Robert, What it the exact version number of ntopng and nProbe that are you using? You should flush your existing ntopng data in order to start with a clean setup with the newly installed version: 1) systemctl stop ntopng 2) redis-cli flushall 3) rm -rf /ntopng (your ntopng data

Re: [Ntop] First and Last seen date problem

probe.c:2886] Flow drop stats: [0 bytes/0 pkts][0 flows] 10/Apr/2017 09:32:04 [nprobe.c:2891] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] nprobe config: -i none -n none --daemon-mode -V 9 (added this option after upgrade) --no-promisc --zmq tcp://127.0.0.1:5556 —collector-po

Re: [Ntop] Validating flow export timeout.

Hi, Can you try to rephrase your question please? Regards, Emanuele On 03/29/2017 06:56 PM, asad wrote: Hi Is there a non trival way of knowing flow export time. The problem is that I have confugured netflows on PaloAlto firewalls. Timeout is set for 60 seconds. Is by using e.g wireshark

Re: [Ntop] Where is ntopng config file located in Windows?

Hi, ntopng in windows does not use a configuration file. In order to set custom options, you have to remove the service with "ntopng /r" and then reinstall it with custom options "ntopng /i options". See "Execution as a Windows Service" in the user guide

Re: [Ntop-misc] Ntop-misc Digest, Vol 153, Issue 1

uestion on using pf_ring from ntop CentOS repo (Emanuele Faranda) 4. Re: Second question on pfring libpcap.so.1 file (Emanuele Faranda) -- Message: 1 Date: Wed, 1 Mar 2017 14:17:00 -0500 Fro

Re: [Ntop-misc] Question on using pf_ring from ntop CentOS repo

Hi, You don't need to manually compile the module. It will be automatically rebuilt from /usr/src by DKMS when needed. Starting ntopng with "service ntopng start" command will start PF_RING too. Regards, Emanuele On 03/01/2017 08:17 PM, Espresso Beanies wrote: Hi, I added the ntop repo

Re: [Ntop] Historical IP and/or protocol reports

Hi, if you use the Historical Data Explorer (/lua/pro/db_explorer.lua), do you have the same issue? Please open a bug on github explaining the problem if you experience some error. Regards, Emanuele On 02/22/2017 05:37 AM, Warren Daly (OPUS) wrote: Also, if I click on talkers or protocol

Re: [Ntop] usage report

Hi Dave, The GUI hang you are experiencing has already been reported in github, see https://github.com/ntop/ntopng/issues/813. We are aware of the issue and are working on it, sorry for the inconvenient. Regards, Emanuele On 01/25/2017 01:57 AM, Dave Davis wrote: More info: I’m now

Re: [Ntop] v.2.5.170111 - Malware Blacklists can't be disabled

Thank you for reporting. Please consider using the github platform to submit eventual new issues, so that our team can keep track. Regars, Emanuele On 01/12/2017 02:15 PM, Martin List-Petersen wrote: On 12/01/17 09:53, Emanuele Faranda wrote: Hi Martin, Can you confirm that restarting

Re: [Ntop] v.2.5.170111 - Malware Blacklists can't be disabled

Hi Martin, Can you confirm that restarting ntopng after setting the Enable Hosts Malware Blacklists to "off" solves your issue? I've made a fix (https://github.com/ntop/ntopng/pull/923) to reload the rules when the preference changes so that the restart will not be required in the next

  1   2   >