Hi Boyan,
please check out the "Dynamic Flow Collection Interfaces" option into
the ntopng advanced preferences.
If you set the preference to "Probe IP Address", ntopng will create
virtual interfaces to match the remote devices.
Regards,
Emanuele
On 04/17/2017 07:11 PM, Boyan Biandov wrote:
Thanks Luca,
Actually adding a new interface wouldn't do it for me; I am looking
for a way to tell which device reported a specific flow. Since I have
multiple devices exporting flows to ntopng all of the flow data gets
aggregated by ntopng since it arrives at the same interface - the eth0
of the VM where ntopng is running.
However that doesn't mean that most of the flows were captured at that
interface -- the flows were reported by other devices and the traffic
just arrive at the same interface of ntopng. So is there way to tell
who reported a flow by looking at the flow record on the dashboard?
I can't find a place which shows that? Certainly ntopng has that
information somewhere?
Thank you
~B
On April 15, 2017 at 12:47 PM Luca Deri <[email protected]> wrote:
Hi Boyan
you will be even more impressed if you use the development version of
ntopng that implements many more features.
In order to configure new interfaces you can do that using the -i
command line flag
Regards Luca
On 15 Apr 2017, at 20:56, Boyan Biandov <[email protected]
<mailto:[email protected]>> wrote:
Hi everyone,
I'm running ntopng 2.4.170215 - Pro Small Business Edition; all is
well and I'm very impressed. My question becomes relevant when I
send flows from other devices to ntopng. By other devices I mean
physical devices which collect flows locally via their physical
interfaces and then export flows to ntopng over the network.
Currently ntopng listens to 2 interfaces which are physically local
to the VM where ntopng runs on: one is the localhost and the other
is en Ethernet ens32 interface. When I send flows from remote
devices the flows data gets "merged" into the ens32 interface as if
the flow data was captured there. That of course isn't accurate.
How do I configure more interfaces (and those will all be remote
interfaces) show up in the list box (shown below) so that I know
where the flow was captured -- by where I mean which physical device
reported to flow to ntopng?
<ntopng.png>
_______________________________________________
Ntop mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
