Thanks for the detailed response. On 18 May 2017 at 11:28, Emanuele Faranda faranda-at-ntop.org |ntop-flugle| <[email protected]> wrote:
> > On 05/17/2017 07:17 PM, Andrew Hilborne wrote: >> Top 10 talkers may not include the information I want. > > > The most accurate information you can get is via MySQL data (-F option). > > I take into account your use use case: you view a local network traffic > graph and see a peak at 5 am. of the last day and want to know which hosts > are involved. You double click on the graph to restrict the time frame so > that a 10 minutes range is selected and 5 am is centered on the graph. > > Now, if hover the mouse on the graph you will see the top talkers at 5 am. > From the top talkers panel, you can click the historical icon ( > http://fontawesome.io/icon/history/) to access the MySQL data specific to > that host, and drill down its flows and protocols for that particular time > frame. > > You can also click on the graph historical icon to get an overview of all > the flows, but you cannot aggregate per host in this way. > > What I feel is missing is: > 1) an aggregated view of the top protocols on the graph > 2) an easy way from the historical explorer to aggregate per host or per > protocol to be able to see and sort bewteen accurate statistics > I think this is about right. Have you seen any Cisco Meraki traffic graphs? Here's a little (silent) movie which shows some nice rollover effects and drill-downs: youtu.be/cktxZdR8A3w. Sadly, like nearly everyone else, Meraki indulge in RDDtool-type averaging, even over a single day, so they could be a lot better. [ S N I P ] Interface traffic statistics are stored with 1 second resolution, whereas > network traffic statistics with 1 minute resolution (ingress/egress not the > protocols, which are dumped each 5 minutes). It's a trade off between > space/time taken for data dump and time resolution you get. The idea is > that raw data is kept in MySQL database, so this is where you land when you > need precise data. > > We know there is room for improvements, and we appreciate our users > feedback. So please, if you feel there is a use case interesting which is > not covered/could be better implemented into ntopng, open a feature request > I don't really think I can adequately describe what's needed, in terms which fit into the current program. I would urge you to think about it and create something yourself. Andrew
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
