Well I've tried just about all the combinations I can think of plus the ones recommended below and none of them are working. Based upon what I have read on TCPDUMP and the supported exceptions there are a number of ways to exclude a machine from being monitored but they are not working in the Windows version. So that begs the question as to whether there is a different way to call the parameters in the Windows version than in the *nix versions that would work. I've tried calling NTOP from the command line using the various command line options and no matter what command I put in it comes back as saying unrecognized command. Of course I only tried the –w and –B parameters but those are fairly straight-forward.
Any other thoughts on this because without being able to exclude certain machines I'm afraid I've just spent dollars on something that will not work in my environment. Shame on me for not testing more thoroughly first but it is what it is. :-) Besides I REALLY, REALLY like the product so I'd like to figure this out. Thanks for the assistance. Jeff From: Jeff Schrunk <[email protected]<mailto:[email protected]>> Reply-To: <[email protected]<mailto:[email protected]>> Date: Sat, 15 Jan 2011 14:39:47 +0000 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Ntop] Exclude Certain Machines from Monitoring I will give that a try Jesse and see how it goes. Thank you both for responding. Jeff From: Luca Deri <[email protected]<mailto:[email protected]>> Reply-To: <[email protected]<mailto:[email protected]>> Date: Fri, 14 Jan 2011 21:21:39 +0100 To: <[email protected]<mailto:[email protected]>> Subject: Re: [Ntop] Exclude Certain Machines from Monitoring Jesse I think this is the best solution for excluding hosts/networks from being monitored Regards Luca On Jan 14, 2011, at 9:19 PM, Jesse Bowling wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jeff, An off-the cuff answer would be to try using the not in front, i.e., "not host server1.domain.com and not server2.domain.com" or perhaps "not (host server1.domain.com or host server2.domain.com)"...Perhaps it's as simple as that, perhaps not... Just a thought, Jesse On 01/14/2011 02:18 PM, Jeff Schrunk wrote: Pardon me if I'm posting this to the wrong list and it should go in Misc. I'm a recent user and registrant of NTOP and I need to exclude certain machines from monitoring for various business reasons. I have the FQDN for the machine but the IP address will change from time to time as a static IP for these is not possible. On the Preference Page on the Basic settings for the –B option I have been putting the following (using example names below): Capture Filter Expression (-B): "host not server1.domain.com <http://server1.domain.com> or server2.domain.com <http://server2.domain.com>" I've tried various iterations of this from changing the or to and and removing the quotes to a number of different options to no effect. I found one page on the internet using Google that talks to this: http://www.mail-archive.com/[email protected]/msg06298.html However, trying their options has not worked either. The examples in the manual are all about watching a specific host versus excluding so I could really use some help. I'm running this under Windows XP Professional on a scaled down machine (no other apps running/dedicated to NTOP) to just run NTOP. Any suggestions? Thank you very much for your time. Jeff _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop - -- Jesse Bowling _______________________________________ Incident Response Manager |~~| Office of Information Security |\/| University of Georgia |^^| (706) 542-2127 |/\| jesseb at uga dot edu |~~| - ---------------------------------------- No matter that we may mount on stilts, we still must walk on our own legs. And on the highest throne in the world, we still sit only on our own bottom. -Michel de Montaigne -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org/ iEYEARECAAYFAk0wr7kACgkQ5E4CHL/YJ2oV+QCgr548k09oNLsOle+MuujVvjLo tFoAn0fLq1cMY3S3JyOnqsfpRfvpH/ds =JY+h -----END PGP SIGNATURE----- _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop --- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
