Re: [Ntop] About ntopng specifications

Fri, 16 Nov 2018 06:13:12 -0800 

Hi Ebihara,

Please see below.

On 11/16/18 11:01 AM, Chiaki Ebihara wrote:

Dear all,

Please tell me the following questions about ntopng specifications.


1.)Regarding Interfaces menu,
   is the value displayed chart displayed on  below menu on Host Detail the 
cumulative value of data collected in the past?
    Or data within a certain period of time?
    --Traffic, Packets, Ports, Peers, Protocols, DNS, HTTP, Flows, SNMP, 
Talkers, geography, Alert Configuration
All the statistics are intended since ntopng was started. Flows are the current active flows. The historical charts (via this icon https://fontawesome.com/v4.7.0/icon/area-chart) are timeseries recorded in the past, depending on the selected timeframe. 




2.)Regarding Activity Map at Home of screen of Host Detail,
    it seems can change timeframe by control, what range is be able to change 
timeframe?
I think this was removed in the new version of ntopng. What ntopng version are you using (ntopng --version)? 


3.)Regarding Interfaces menu,
    in which period value is the value displayed by Packets, protocols, ICMP, 
ARP?
    At Protocol menu, there is Total(Since Startup) menu, what timing does "start 
up" mean?
Same as the host, since ntopng "startup", when the ntopng service was started. 


4.) We would like to see the data of ntopng up to 6 months ago.

   As far as we confirmed, it is specification that can see past information to 
1 year by historical chart,
   there seems to be no item that automatically disappears within 6 months.

   Please tell us the item if there are some item that automatically disappears 
within 6 months.

   # The flow information assume to be dumped to mysql for six months.
What I say is related to the new 3.7 ntopng version. For mysql, you have the ability to configure the retention, as explained here: https://www.ntop.org/guides/ntopng/advanced_features/flows_dump.html#mysql-performance . 

For the timeseries (the charts), there are two options :
    - If you are using RRD as timeseries driver (check out the ntopng Timeseries preferences), data will be retained for one here. However, old data is aggregated so you will lose resolution on past data (e.g. today data has 1 second resolution while one week data has 1 hour resolution).
    . If you are using InfluxDB, data will be written "raw" and you can configure the retention time directly from the ntopng gui. 


Sorry to trouble you, but I hope you can reply.


You are welcome!

Regards,

Emanuele



Best Regards,
Ebihara


_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to