On 14/02/2015 16:41, Bruce Griffis wrote:
Is this how I would accomplish that?
Hi Bruce,
My /etc/default/ntopng options file: root@HomeServer:/var/log/ntopng# cd /etc/default root@HomeServer:/etc/default# more ntopng # set ENABLED to 0 if you want to avoid ntopng being started at system boot ENABLED=1 # Space-separated list of interface ntopng should listen on. If empty ntopng # will try to auto-detect the best interface. #INTERFACES="eth0 wlan0" INTERFACES="eth0" # Port on which ntopng will listen for the web-UI. HTTP_PORT=3000 # Additional command-line arguments for ntopng. # local-networks="10.0.0.0/24 <http://10.0.0.0/24>" # ADD_ARGS="-m 10.0.0.0/24 <http://10.0.0.0/24>, -S all, -F db"
Your log shows that the Historical interface is not starting at all. I think the issue could be in the definition of ADD_ARGS; I think there should be no commas between options in the string.
If the issue persists also by removing the commas, please do let us know. Thank you, Arianna
My startup log root@HomeServer:/etc/default# service ntopng restart * Restarting network top daemon ntopng * root@HomeServer:/etc/default# cd /var/log/ntopng root@HomeServer:/var/log/ntopng# more ntopng.log 14/Feb/2015 10:28:57 [Ntop.cpp:461] Setting local networks to 10.0.0.0/24 <http://10.0.0.0/24>, 14/Feb/2015 10:28:57 [PcapInterface.cpp:54] Reading packets from interface eth0. .. 14/Feb/2015 10:28:57 [Ntop.cpp:568] Registered interface eth0 [id: 0] 14/Feb/2015 10:28:57 [Utils.cpp:235] User changed to nobody 14/Feb/2015 10:28:57 [Ntop.cpp:435] Parent process is exiting (this is normal) 14/Feb/2015 10:28:57 [main.cpp:147] PID stored in file /var/tmp/ntopng.pid 14/Feb/2015 10:28:57 [HTTPserver.cpp:342] HTTP server listening on port 3000 [/u sr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 14/Feb/2015 10:28:57 [main.cpp:179] Using RRD version 1.4.8 14/Feb/2015 10:28:57 [main.cpp:188] Working directory: /var/lib/ntopng/ntopng 14/Feb/2015 10:28:57 [main.cpp:190] Scripts/HTML pages directory: /usr/share/nto png 14/Feb/2015 10:28:57 [Ntop.cpp:165] Welcome to ntopng x86_64 v.1.1 (r) - (C) 199 8-13 ntop.org <http://ntop.org> 14/Feb/2015 10:28:57 [Redis.cpp:54] Successfully connected to Redis 64 bit v.2.8 .13 14/Feb/2015 10:28:57 [PeriodicActivities.cpp:53] Started periodic activities loo p... 14/Feb/2015 10:28:57 [NetworkInterface.cpp:549] Started packet polling on interf ace eth0... On Sat, Feb 14, 2015 at 7:14 AM, Arianna Avanzini <[email protected] <mailto:[email protected]>> wrote: Hi Bruce, just to let you know - a newer ntopng version, the 1.2, should also be available. On 13/02/2015 19:02, Bruce Griffis wrote: I installed NTOPNG from the Ubuntu repositories. It' version 1.1. I have my local network defined and can see my flows. I wanted to see historical data. I installed SQLite and started NTOPNG with the -F option. Do I have to configure my SQLite database to receive NTOPNG data? Or configure NTOPNG to use a specific database? No, if you specify the -F option with the "db" parameter ntopng will create its own sqlite databases in /var/top/ntopng/datadump. My server has two network interfaces. I access my server using it's wlan0 port and have a SPAN port on my switch configured to mirror data to eth0 on my server. Since it is connected to a SPAN port, I don't have an IP address defined. How do I go about viewing historical data? I read the userguide but couldn't quite figure out how to define my historical interface or view my data. Run ntopng with the -F option. Then login to the web interface and open the "Interfaces" menu. Click on the "Historical" menu entry. As soon as the Historical interface has been loaded and the dashboard has been presented again to you, select it again from the "Interfaces" menu. Then click on the "Load Data" tab. In the page that is now presented to you, you can choose the interface you want to load historical data for, and the time interval you want. Click on "Load Historical Data" and the load should progress (you should see it in the bottom right corner of the screen). As soon as load is complete select the "Overview" tab and you should see more tabs appearing (namely "Packets" and "Protocols") with the historical data you requested. Also - would I need to run a second instance of ntopng if I want to pull current flows while viewing historic flows? No, this should be done in the background even if you select the historical interface. Thank you, Arianna Here is the scenario: I noticed a large spike in traffic a few days ago. I was in ntopng at the time. I looked at top talkers and saw it was a PC sending 3.5 gigs of data over to Google. If I were not in ntopng at the time, I would not have noticed the flow. So I'd like to be able to look at a previous day's flows and find my top talkers of the day. _________________________________________________ Ntop mailing list [email protected] <mailto:[email protected]> http://listgateway.unipi.it/__mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop> -- /* * Arianna Avanzini * [email protected] <mailto:[email protected]> * http://ava.webhop.me */ _________________________________________________ Ntop mailing list [email protected] <mailto:[email protected]> http://listgateway.unipi.it/__mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
-- /* * Arianna Avanzini * [email protected] * http://ava.webhop.me */ _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
