Is this how I would accomplish that? My /etc/default/ntopng options file: root@HomeServer:/var/log/ntopng# cd /etc/default root@HomeServer:/etc/default# more ntopng # set ENABLED to 0 if you want to avoid ntopng being started at system boot ENABLED=1
# Space-separated list of interface ntopng should listen on. If empty ntopng # will try to auto-detect the best interface. #INTERFACES="eth0 wlan0" INTERFACES="eth0" # Port on which ntopng will listen for the web-UI. HTTP_PORT=3000 # Additional command-line arguments for ntopng. # local-networks="10.0.0.0/24" # ADD_ARGS="-m 10.0.0.0/24, -S all, -F db" My startup log root@HomeServer:/etc/default# service ntopng restart * Restarting network top daemon ntopng * root@HomeServer:/etc/default# cd /var/log/ntopng root@HomeServer:/var/log/ntopng# more ntopng.log 14/Feb/2015 10:28:57 [Ntop.cpp:461] Setting local networks to 10.0.0.0/24, 14/Feb/2015 10:28:57 [PcapInterface.cpp:54] Reading packets from interface eth0. .. 14/Feb/2015 10:28:57 [Ntop.cpp:568] Registered interface eth0 [id: 0] 14/Feb/2015 10:28:57 [Utils.cpp:235] User changed to nobody 14/Feb/2015 10:28:57 [Ntop.cpp:435] Parent process is exiting (this is normal) 14/Feb/2015 10:28:57 [main.cpp:147] PID stored in file /var/tmp/ntopng.pid 14/Feb/2015 10:28:57 [HTTPserver.cpp:342] HTTP server listening on port 3000 [/u sr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 14/Feb/2015 10:28:57 [main.cpp:179] Using RRD version 1.4.8 14/Feb/2015 10:28:57 [main.cpp:188] Working directory: /var/lib/ntopng/ntopng 14/Feb/2015 10:28:57 [main.cpp:190] Scripts/HTML pages directory: /usr/share/nto png 14/Feb/2015 10:28:57 [Ntop.cpp:165] Welcome to ntopng x86_64 v.1.1 (r) - (C) 199 8-13 ntop.org 14/Feb/2015 10:28:57 [Redis.cpp:54] Successfully connected to Redis 64 bit v.2.8 .13 14/Feb/2015 10:28:57 [PeriodicActivities.cpp:53] Started periodic activities loo p... 14/Feb/2015 10:28:57 [NetworkInterface.cpp:549] Started packet polling on interf ace eth0... On Sat, Feb 14, 2015 at 7:14 AM, Arianna Avanzini <[email protected]> wrote: > Hi Bruce, > > just to let you know - a newer ntopng version, the 1.2, should also be > available. > > On 13/02/2015 19:02, Bruce Griffis wrote: > >> I installed NTOPNG from the Ubuntu repositories. It' version 1.1. I have >> my >> local network defined and can see my flows. I wanted to see historical >> data. I >> installed SQLite and started NTOPNG with the -F option. Do I have to >> configure >> my SQLite database to receive NTOPNG data? Or configure NTOPNG to use a >> specific >> database? >> >> > No, if you specify the -F option with the "db" parameter ntopng will > create its own sqlite databases in /var/top/ntopng/datadump. > > My server has two network interfaces. I access my server using it's wlan0 >> port >> and have a SPAN port on my switch configured to mirror data to eth0 on my >> server. Since it is connected to a SPAN port, I don't have an IP address >> defined. >> >> How do I go about viewing historical data? I read the userguide but >> couldn't >> quite figure out how to define my historical interface or view my data. >> > > Run ntopng with the -F option. Then login to the web interface and open > the "Interfaces" menu. Click on the "Historical" menu entry. As soon as the > Historical interface has been loaded and the dashboard has been presented > again to you, select it again from the "Interfaces" menu. Then click on the > "Load Data" tab. > In the page that is now presented to you, you can choose the interface you > want to load historical data for, and the time interval you want. Click on > "Load Historical Data" and the load should progress (you should see it in > the bottom right corner of the screen). As soon as load is complete select > the "Overview" tab and you should see more tabs appearing (namely "Packets" > and "Protocols") with the historical data you requested. > > Also - >> would I need to run a second instance of ntopng if I want to pull current >> flows >> while viewing historic flows? >> >> > No, this should be done in the background even if you select the > historical interface. > > > Thank you, > Arianna > > > Here is the scenario: I noticed a large spike in traffic a few days ago. >> I was >> in ntopng at the time. I looked at top talkers and saw it was a PC >> sending 3.5 >> gigs of data over to Google. If I were not in ntopng at the time, I would >> not >> have noticed the flow. So I'd like to be able to look at a previous day's >> flows >> and find my top talkers of the day. >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> > > -- > /* > * Arianna Avanzini > * [email protected] > * http://ava.webhop.me > */ > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
