On Tue, Mar 24, 2015 at 6:30 PM, Paul Murgatroyd <[email protected]> wrote: > Hi all, >
Hi Paul, > I've been using ntopng for a while now, but just started playing with > Elasticsearch.. however I can't seem to get it working.. > > My ntopng.conf is below: > > [root@localhost ~]# cat /etc/ntopng/ntopng.conf > --data-dir=/usr/local/ntopng > --local-networks="192.168.0.0/16,10.0.0.0/8" > -F es;flows;ntopng-%Y.%m.%d;http://localhost:9200/_bulk > --interface=ens192 > --dns-mode=1 > --packet-filter="ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff > and not net (224.0.0.0/8 or 23 > 9.0.0.0/8)" > --daemon > -G=/var/tmp/ntopng.pid > > > 1. Apart from installing ElasticSearch, is there any extra configuration I > need to do? Do I need to create indexes myself? > 2. When I run ntopng with the above configuration, it doesnt log that it is > sending data to ElasticSearch and the interface says I need to start ntopng > with the "-F" parameter - which I am doing! > When you start ntopng with "-F es" as you did ntopng will use ElasticSearch as a backend to keep historical data, and there is nothing more you must do to ensure that indexes are correctly created. However the historical interface is, as of now, based on sqlite. So if you want to use it you must specify "-F db". We are currently working on a new historical interface which will use ElasticSearch and possibly replace the existing one. Thank you, Arianna > help! > > thanks > > paul > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop -- /* * Arianna Avanzini * [email protected] * http://ava.webhop.me */ _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
