Hi, Thank you. The (de)serialize functions can push a host to redis or fetch it. It's a good idea to use it. I want to load every host stored in redis when ntopng starts. How would I do it ? How can I manually add a host to a network interface ? Moreover, the interface name or ID is not stored in the host in redis, right ? So It is impossible to load a given host from the interface it has been seen before.
Thanks you in advance, Mathieu 2016-03-23 14:34 GMT+01:00 Simone Mainardi <[email protected]>: > Mathieu, > > I think that for your purposes you should look and edit the Host functions: > > - serialize : > https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L862 > - deserialize : > https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L953 > > They handle how host data is written to and read from redis. > > > Simone > > On Wed, Mar 23, 2016 at 10:29 AM, Mathieu Fourcroy < > [email protected]> wrote: > >> Thank you for your answer Simone. >> When I start ntopng it does not automatically load previous hosts if >> these hosts are idle (do not send or receive packets). It does load some >> statistics when the host starts begin active but the "first seen" value is >> reseted. >> Is there a way to load every local hosts even if they are not living on >> the network anymore and load the "first_seen" value also. >> >> Thank you very much for your answers I really appreciate it. >> Mathieu >> >> 2016-03-23 10:23 GMT+01:00 Simone Mainardi <[email protected]>: >> >>> Mathieu, redis host persistency is enabled by default for local and >>> system hosts. They are dumped on exit and loaded back on startup. >>> >>> Simone >>> >>> On Wed, Mar 23, 2016 at 10:10 AM, Mathieu Fourcroy < >>> [email protected]> wrote: >>> >>>> Hello, >>>> Can you tell me if there is a way to save host information (via redis >>>> or mysql) and load it automatically when starting ntopng ? >>>> >>>> Best reguards, >>>> Mathieu >>>> >>>> 2016-03-22 9:59 GMT+01:00 Simone Mainardi <[email protected]>: >>>> >>>>> Mathieu, >>>>> >>>>> Please, feel free to contribute the additional page on github, we >>>>> would like to consider integrating it in our code. >>>>> >>>>> To answer your question, the present data structure only allows to >>>>> keep first and last seen overall. >>>>> >>>>> Simone >>>>> >>>>> On Mon, Mar 21, 2016 at 10:00 PM, Mathieu Fourcroy < >>>>> [email protected]> wrote: >>>>> >>>>>> The first method works very well. I am trying to add a page to the >>>>>> host_details.lua which would display an activity map or a timeline >>>>>> showing >>>>>> the periods where the host was using an IP address. It would look >>>>>> something >>>>>> like: >>>>>> >>>>>> IP1 |xxxxxxxxxx xxxxxxxxx | >>>>>> IP2 | xxxxxx | >>>>>> IP3 | xx| >>>>>> >>>>>> It's easy to get the first seen and last seen time for a given host >>>>>> (IP address) but do you know a way to get periods of time >>>>>> Like if the (sticky) host is active from 5am to 10am, then idle until >>>>>> 1pm and active again until now: do you know a way to get something like: >>>>>> [{"start": 5am, "end": 10am}, {"start": 10am, "end": 1pm}, {"start": >>>>>> 1pm, "end": null}] >>>>>> >>>>>> I don't know if it is possible with the actual host data structure >>>>>> but please let me know if it is possible. >>>>>> >>>>>> Thanks in advance, >>>>>> Mathieu >>>>>> >>>>>> >>>>>> 2016-03-16 18:05 GMT+01:00 Simone Mainardi <[email protected]>: >>>>>> >>>>>>> Mathieu, there are at least two ways you can accomplish this: >>>>>>> >>>>>>> 1. make local hosts sticky and then navigate to >>>>>>> page hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF is >>>>>>> the >>>>>>> MAC address of interest. Since local hosts will not be purged, you will >>>>>>> find here the whole list of IP addresses seen with the given MAC >>>>>>> 2. export flows to Elastic Search, there will be two fields named >>>>>>> IN_SRC_MAC and OUT_DST_MAC that you can search against a MAC of >>>>>>> interest to >>>>>>> see the list of IP addresses that have used it. >>>>>>> >>>>>>> Simone >>>>>>> >>>>>>> On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I'm new to ntopng and I wonder if it is possible for a given local >>>>>>>> host (MAC address) to obtain or display a list of its successive IP >>>>>>>> addresses on the network. >>>>>>>> If a network card is using a first IP address on the network then >>>>>>>> it stops using this one and use a second, different, IP address on the >>>>>>>> network. Will ntopng distinguish two hosts with same MAC and differen >>>>>>>> IP or >>>>>>>> will it just overwrite the first IP address for the single host ? >>>>>>>> >>>>>>>> Thanks in advance, >>>>>>>> Mathieu >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ntop mailing list >>>>>>>> [email protected] >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
