Mathieu, see below,
On Thu, May 19, 2016 at 4:52 PM, Mathieu Fourcroy < [email protected]> wrote: > Hi, > > Thank you. The (de)serialize functions can push a host to redis or fetch > it. It's a good idea to use it. > I want to load every host stored in redis when ntopng starts. How would I > do it ? How can I manually add a host to a network interface ? > ntopng auto-load serialized hosts automatically. hosts are added to network interfaces as soon as their traffic is seen. You can't add an host manually. You should declare its network as local. > Moreover, the interface name or ID is not stored in the host in redis, > right ? So It is impossible to load a given host from the interface it has > been seen before. > yes, the name is stored in redis. I think you should go through the ntopng manual: https://github.com/ntop/ntopng/blob/dev/doc/UserGuide.pdf > > Thanks you in advance, > > Mathieu > > 2016-03-23 14:34 GMT+01:00 Simone Mainardi <[email protected]>: > >> Mathieu, >> >> I think that for your purposes you should look and edit the Host >> functions: >> >> - serialize : >> https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L862 >> - deserialize : >> https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L953 >> >> They handle how host data is written to and read from redis. >> >> >> Simone >> >> On Wed, Mar 23, 2016 at 10:29 AM, Mathieu Fourcroy < >> [email protected]> wrote: >> >>> Thank you for your answer Simone. >>> When I start ntopng it does not automatically load previous hosts if >>> these hosts are idle (do not send or receive packets). It does load some >>> statistics when the host starts begin active but the "first seen" value is >>> reseted. >>> Is there a way to load every local hosts even if they are not living on >>> the network anymore and load the "first_seen" value also. >>> >>> Thank you very much for your answers I really appreciate it. >>> Mathieu >>> >>> 2016-03-23 10:23 GMT+01:00 Simone Mainardi <[email protected]>: >>> >>>> Mathieu, redis host persistency is enabled by default for local and >>>> system hosts. They are dumped on exit and loaded back on startup. >>>> >>>> Simone >>>> >>>> On Wed, Mar 23, 2016 at 10:10 AM, Mathieu Fourcroy < >>>> [email protected]> wrote: >>>> >>>>> Hello, >>>>> Can you tell me if there is a way to save host information (via redis >>>>> or mysql) and load it automatically when starting ntopng ? >>>>> >>>>> Best reguards, >>>>> Mathieu >>>>> >>>>> 2016-03-22 9:59 GMT+01:00 Simone Mainardi <[email protected]>: >>>>> >>>>>> Mathieu, >>>>>> >>>>>> Please, feel free to contribute the additional page on github, we >>>>>> would like to consider integrating it in our code. >>>>>> >>>>>> To answer your question, the present data structure only allows to >>>>>> keep first and last seen overall. >>>>>> >>>>>> Simone >>>>>> >>>>>> On Mon, Mar 21, 2016 at 10:00 PM, Mathieu Fourcroy < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> The first method works very well. I am trying to add a page to the >>>>>>> host_details.lua which would display an activity map or a timeline >>>>>>> showing >>>>>>> the periods where the host was using an IP address. It would look >>>>>>> something >>>>>>> like: >>>>>>> >>>>>>> IP1 |xxxxxxxxxx xxxxxxxxx | >>>>>>> IP2 | xxxxxx | >>>>>>> IP3 | xx| >>>>>>> >>>>>>> It's easy to get the first seen and last seen time for a given host >>>>>>> (IP address) but do you know a way to get periods of time >>>>>>> Like if the (sticky) host is active from 5am to 10am, then idle >>>>>>> until 1pm and active again until now: do you know a way to get something >>>>>>> like: >>>>>>> [{"start": 5am, "end": 10am}, {"start": 10am, "end": 1pm}, {"start": >>>>>>> 1pm, "end": null}] >>>>>>> >>>>>>> I don't know if it is possible with the actual host data structure >>>>>>> but please let me know if it is possible. >>>>>>> >>>>>>> Thanks in advance, >>>>>>> Mathieu >>>>>>> >>>>>>> >>>>>>> 2016-03-16 18:05 GMT+01:00 Simone Mainardi <[email protected]>: >>>>>>> >>>>>>>> Mathieu, there are at least two ways you can accomplish this: >>>>>>>> >>>>>>>> 1. make local hosts sticky and then navigate to >>>>>>>> page hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF >>>>>>>> is the >>>>>>>> MAC address of interest. Since local hosts will not be purged, you will >>>>>>>> find here the whole list of IP addresses seen with the given MAC >>>>>>>> 2. export flows to Elastic Search, there will be two fields named >>>>>>>> IN_SRC_MAC and OUT_DST_MAC that you can search against a MAC of >>>>>>>> interest to >>>>>>>> see the list of IP addresses that have used it. >>>>>>>> >>>>>>>> Simone >>>>>>>> >>>>>>>> On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I'm new to ntopng and I wonder if it is possible for a given local >>>>>>>>> host (MAC address) to obtain or display a list of its successive IP >>>>>>>>> addresses on the network. >>>>>>>>> If a network card is using a first IP address on the network then >>>>>>>>> it stops using this one and use a second, different, IP address on the >>>>>>>>> network. Will ntopng distinguish two hosts with same MAC and differen >>>>>>>>> IP or >>>>>>>>> will it just overwrite the first IP address for the single host ? >>>>>>>>> >>>>>>>>> Thanks in advance, >>>>>>>>> Mathieu >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ntop mailing list >>>>>>>>> [email protected] >>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ntop mailing list >>>>>>>> [email protected] >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
