Hi Gerard,
Right now, this is how you can implement the view you request:
- If the networks are not spread across multiple collectors and are
some defined set, you can define local networks globally to get charts
by local networks:
https://www.ntop.org/guides/ntopng/basic_concepts/hosts.html#local-hosts .
- You can also group hosts by local network, ip address or mac address
on a collector interface basis by the means of "Host Pools". Please
check out
https://www.ntop.org/guides/ntopng/web_gui/hosts.html#host-pools . You
will need to enable Host Pools timeseries generation in order to see the
charts.
Please note that currently in ntopng the charts/report information is
not generated "on demand" but rather it is precomputed periodically
during the monitoring. This means that you can't currently apply a
dynamic filter like subnet filter on the charts page. However, we have
implemented a new flow database storage which would allow us to be more
dynamic on such kind of queries, although we still have to evaluate the
possible drawbacks of such a dynamic approach.
Regards,
Emanuele
On 1/15/19 6:41 PM, Gerard Beekmans wrote:
Hi,
When I get the data issues ironed out (see previous thread), I am also
having a hard time how to actually create the kinds of reports we need.
The Netflow traffic received by nprobe is aggregate traffic consisting
of traffic from all our remote locations, showing each individual
device inside those LANs.
The type of graph shown when going to Interfaces -> Netflow collector
interface -> historical chart page is exactly what I need to see, but
it needs to be filtered by subnet so I can see traffic belonging to
just that group of hosts.
I can’t use the Hosts -> Hosts overview because this shows me the
individual computers at the remote locations. We don’t use NAT so
there isn’t a single host entry that corresponds to their router’s WAN
interface. Also, hosts don’t seem to have a historical timeseries type
chart like Interfaces does. The pie chart on a host’s Protocols page
isn’t useful – we need the graphs according to time of day. The
Protocols page does have a link at the very bottom to a historical
reports page (host.details.lua?host=IP&page=historical) but those
pages are blank. Maybe this needs to be enabled somewhere but I
haven’t found the setting yet.
I tried using the “Traffic Report” as well but all it lets me specify
is interfaces and protocols as filters. What I miss is the ability to
add subnets to drill down to specific locations only.
Is any of this possible with ntopng or am I trying to make it do
something that it’s not designed to do?
Thanks,
Gerard Beekmans
Sr. Network Engineer
First Nations Technical Services Advisory Group Inc.
Phone: 780-638-2739
Fax: 780-483-8632
Helpdesk: 1-888-999-3356
Email: gbeekm...@tsag.net <mailto:gbeekm...@tsag.net>
Santa Fe Plaza
18232 - 102 Avenue NW
Edmonton, AB T5S 1S7
http://www.tsag.net <http://www.tsag.net/>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
