Hello Joseph, see below inserted replies
On Wed, Jun 1, 2016 at 7:09 PM, Joseph Ost <[email protected]> wrote: > Hi, > > > > I recently installed ntopng 2.3 on debian wheezy following this > <https://terminal28.com/ntopng-ntop-web-based-network-traffic-monitoring-system-linux-debian/> > article, the install was successful and all is running well. I just have a > few quick questions. > > > > 1. How and where does ntopng store the flow data. As part of the > install instructions, the article had me install redis-server. Is that > where the data is stored (in my instance)? What im essentially looking for > is the ability to search historical data using various criteria’s. It seems > like the only native search options are “search host”, and the host/nic > “timeframe”. What if I wish to search for is specific flows, specific time > ranges and perhaps generate reports. I saw an ntop article > <http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng/> > describing the option of exploring historical data, its mentioning that it > only supports MySQL, which I guess isn’t going to work for me? And just so > I understand this, when this is enabled, then historical data is dumped to > the db, and the web interfaces exposes a new search feature to search the > historical data? Is the “data retention” setting in “preferences” referring > to this? > ntop uses: - redis as a cache (e.g., to save usernames, settings, configurations) - round robin database files (RRDs) to store time series - MySQL/ElasticSearch to store flow data (this is optional and can be enabled with -F) Once you enable MySQL flow export, ntopng will show you extra menu entries and an historical data explorer to slice and dice recorded flows. Maybe you missed this: http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng-part-2/ > 2. In my setup, for how long does it keep the data such as the > “timeframe? Is it configurable? > yes, data retention is configured through the preferences panel > 3. Is it possible to have ntop centrally collect flows from NAT > devices to one central server. Meaning, the device sending the flows (e.g. > the debian server) are behind the firewall, but all flows are sent to one > server in the cloud. The server in the cloud cant access the device behind > the firewall > yes, definitely. See this http://www.ntop.org/ntopng/creating-a-hierarchical-cluster-of-ntopng-instances/ keep in mind that you can place either the collector or the probe behind the firewall: we are able to handle both configurations. > 4. If it is possible, will I be able to sort the traffic by the > originating device? > yes, using MySQL you'll be able not only to sort traffic but also to distinguish hosts, L7 protocols, etc. > What would I need to run on the Linux boxes sending the flows, I assume > not the full ntopng and the db backend? is this where I would use nrobe? > correct. In a typical setup you deploy nprobes on boxes that send the flows to a central ntopng. > 5. Is it possible to have ntopng email alerts? If not, where can I > see alerts? > Email alerts are not supported but we are planning to add them in the Pro version. Presently, alerts are shown in the ntopng alerts pages and can be optionally propagated to nagios. > > > *Joseph* > > *Joseph Ostreicher | President* > Compu Solutions USA > E. [email protected] | O. 718-475-1575 Ext 201 | F. 718-475-1570 > W. http://compusolutions.us > [image: 28968816_compu] > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
