My redis instance do not contains any interface name for an entry like
192.168.30.192.10.json which looks like:
{
"mac_address": "8C:3A:E3:3F:EC:6A",
"asn": 0,
"vlan_id": 10,
"ip": {
"ipVersion": 4,
"localHost": false,
"ip": "192.168.30.192"
},
"localHost": true,
"systemHost": false,
"tcp_sent": {
"packets": 6,
"bytes": 509
},
"tcp_rcvd": {
"packets": 0,
"bytes": 0
},
"udp_sent": {
"packets": 0,
"bytes": 0
},
"udp_rcvd": {
"packets": 0,
"bytes": 0
},
"icmp_sent": {
"packets": 0,
"bytes": 0
},
"icmp_rcvd": {
"packets": 0,
"bytes": 0
},
"other_ip_sent": {
"packets": 0,
"bytes": 0
},
"other_ip_rcvd": {
"packets": 0,
"bytes": 0
},
"pktStats.sent": {
"upTo128": 6
},
"pktStats.recv": {},
"throughput_bps": 0,
"throughput_trend_bps": "Unknown",
"throughput_pps": 0,
"throughput_trend_pps": "Unknown",
"flows.as_client": 1,
"flows.as_server": 0,
"num_alerts": 0,
"sent": {
"packets": 6,
"bytes": 509
},
"rcvd": {
"packets": 0,
"bytes": 0
},
"ndpiStats": {
"Unknown": {
"bytes": {
"sent": 509,
"rcvd": 0
},
"packets": {
"sent": 6,
"rcvd": 0
}
}
},
"dns": {
"sent": {
"stats": {}
},
"rcvd": {
"stats": {}
}
},
"http": {
"sender": {
"query": {},
"response": {},
"query_rate": {},
"response_rate": {}
},
"receiver": {
"query": {},
"response": {},
"query_rate": {},
"response_rate": {}
}
}
}
Well actually what I am doing is loading the hosts from redis in
Ntop::start().
For each interface I check x.x.x.x.x.json entries in redis and load them
using the "mac_address", "ip"."ip" and "vlan_id".
Once I fetch these values from redis I do something like:
Host *h= new Host(iface[i], mac, (u_int16_t)vlan, ip);
h->deserialize(json, redis_key);
And the host is loaded in the interface iface[i]. What I want to know is:
is there a better way to do it ?
I can send the full code if needed. I have developed some new features for
ntopng and I think I will send a push request some day.
Thank you,
Mathieu
2016-05-19 17:35 GMT+02:00 Simone Mainardi <[email protected]>:
> Mathieu,
>
> see below,
>
> On Thu, May 19, 2016 at 4:52 PM, Mathieu Fourcroy <
> [email protected]> wrote:
>
>> Hi,
>>
>> Thank you. The (de)serialize functions can push a host to redis or fetch
>> it. It's a good idea to use it.
>> I want to load every host stored in redis when ntopng starts. How would I
>> do it ? How can I manually add a host to a network interface ?
>>
>
> ntopng auto-load serialized hosts automatically. hosts are added to
> network interfaces as soon as their traffic is seen. You can't add an host
> manually. You should declare its network as local.
>
>
>> Moreover, the interface name or ID is not stored in the host in redis,
>> right ? So It is impossible to load a given host from the interface it has
>> been seen before.
>>
>
> yes, the name is stored in redis.
>
> I think you should go through the ntopng manual:
> https://github.com/ntop/ntopng/blob/dev/doc/UserGuide.pdf
>
>
>>
>> Thanks you in advance,
>>
>> Mathieu
>>
>> 2016-03-23 14:34 GMT+01:00 Simone Mainardi <[email protected]>:
>>
>>> Mathieu,
>>>
>>> I think that for your purposes you should look and edit the Host
>>> functions:
>>>
>>> - serialize :
>>> https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L862
>>> - deserialize :
>>> https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L953
>>>
>>> They handle how host data is written to and read from redis.
>>>
>>>
>>> Simone
>>>
>>> On Wed, Mar 23, 2016 at 10:29 AM, Mathieu Fourcroy <
>>> [email protected]> wrote:
>>>
>>>> Thank you for your answer Simone.
>>>> When I start ntopng it does not automatically load previous hosts if
>>>> these hosts are idle (do not send or receive packets). It does load some
>>>> statistics when the host starts begin active but the "first seen" value is
>>>> reseted.
>>>> Is there a way to load every local hosts even if they are not living on
>>>> the network anymore and load the "first_seen" value also.
>>>>
>>>> Thank you very much for your answers I really appreciate it.
>>>> Mathieu
>>>>
>>>> 2016-03-23 10:23 GMT+01:00 Simone Mainardi <[email protected]>:
>>>>
>>>>> Mathieu, redis host persistency is enabled by default for local and
>>>>> system hosts. They are dumped on exit and loaded back on startup.
>>>>>
>>>>> Simone
>>>>>
>>>>> On Wed, Mar 23, 2016 at 10:10 AM, Mathieu Fourcroy <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hello,
>>>>>> Can you tell me if there is a way to save host information (via redis
>>>>>> or mysql) and load it automatically when starting ntopng ?
>>>>>>
>>>>>> Best reguards,
>>>>>> Mathieu
>>>>>>
>>>>>> 2016-03-22 9:59 GMT+01:00 Simone Mainardi <[email protected]>:
>>>>>>
>>>>>>> Mathieu,
>>>>>>>
>>>>>>> Please, feel free to contribute the additional page on github, we
>>>>>>> would like to consider integrating it in our code.
>>>>>>>
>>>>>>> To answer your question, the present data structure only allows to
>>>>>>> keep first and last seen overall.
>>>>>>>
>>>>>>> Simone
>>>>>>>
>>>>>>> On Mon, Mar 21, 2016 at 10:00 PM, Mathieu Fourcroy <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> The first method works very well. I am trying to add a page to the
>>>>>>>> host_details.lua which would display an activity map or a timeline
>>>>>>>> showing
>>>>>>>> the periods where the host was using an IP address. It would look
>>>>>>>> something
>>>>>>>> like:
>>>>>>>>
>>>>>>>> IP1 |xxxxxxxxxx xxxxxxxxx |
>>>>>>>> IP2 | xxxxxx |
>>>>>>>> IP3 | xx|
>>>>>>>>
>>>>>>>> It's easy to get the first seen and last seen time for a given host
>>>>>>>> (IP address) but do you know a way to get periods of time
>>>>>>>> Like if the (sticky) host is active from 5am to 10am, then idle
>>>>>>>> until 1pm and active again until now: do you know a way to get
>>>>>>>> something
>>>>>>>> like:
>>>>>>>> [{"start": 5am, "end": 10am}, {"start": 10am, "end": 1pm},
>>>>>>>> {"start": 1pm, "end": null}]
>>>>>>>>
>>>>>>>> I don't know if it is possible with the actual host data structure
>>>>>>>> but please let me know if it is possible.
>>>>>>>>
>>>>>>>> Thanks in advance,
>>>>>>>> Mathieu
>>>>>>>>
>>>>>>>>
>>>>>>>> 2016-03-16 18:05 GMT+01:00 Simone Mainardi <[email protected]>:
>>>>>>>>
>>>>>>>>> Mathieu, there are at least two ways you can accomplish this:
>>>>>>>>>
>>>>>>>>> 1. make local hosts sticky and then navigate to
>>>>>>>>> page hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF
>>>>>>>>> is the
>>>>>>>>> MAC address of interest. Since local hosts will not be purged, you
>>>>>>>>> will
>>>>>>>>> find here the whole list of IP addresses seen with the given MAC
>>>>>>>>> 2. export flows to Elastic Search, there will be two fields named
>>>>>>>>> IN_SRC_MAC and OUT_DST_MAC that you can search against a MAC of
>>>>>>>>> interest to
>>>>>>>>> see the list of IP addresses that have used it.
>>>>>>>>>
>>>>>>>>> Simone
>>>>>>>>>
>>>>>>>>> On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I'm new to ntopng and I wonder if it is possible for a given
>>>>>>>>>> local host (MAC address) to obtain or display a list of its
>>>>>>>>>> successive IP
>>>>>>>>>> addresses on the network.
>>>>>>>>>> If a network card is using a first IP address on the network then
>>>>>>>>>> it stops using this one and use a second, different, IP address on
>>>>>>>>>> the
>>>>>>>>>> network. Will ntopng distinguish two hosts with same MAC and
>>>>>>>>>> differen IP or
>>>>>>>>>> will it just overwrite the first IP address for the single host ?
>>>>>>>>>>
>>>>>>>>>> Thanks in advance,
>>>>>>>>>> Mathieu
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Ntop mailing list
>>>>>>>>>> [email protected]
>>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Ntop mailing list
>>>>>>>>> [email protected]
>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Ntop mailing list
>>>>>>>> [email protected]
>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Ntop mailing list
>>>>>>> [email protected]
>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Ntop mailing list
>>>>>> [email protected]
>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ntop mailing list
>>>>> [email protected]
>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> [email protected]
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> [email protected]
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
