[Ntop] Using ntop to Track Traffic Over an Extended Period, sticky-hosts

Gary Gatten Ggatten at waddell.com
Tue Nov 17 14:26:25 CET 2009 

What is "ntop host name"? Ntop "sniffs" name res requests, but I don't think it looks in http headers for url connects, does it?

If you have the right detail enabled in the rrd plugin, there's a basic gui graph function in ntop to get at said data. Perhaps if you compile with sql it will give you more options?

________________________________

From: ntop-bounces at listgateway.unipi.it 
To: ntop at listgateway.unipi.it 
Sent: Mon Nov 16 13:48:10 2009
Subject: Re: [Ntop] Using ntop to Track Traffic Over an Extended Period,sticky-hosts 


Gary, basically bytesSent and bytesRcvd accumulated over a period of at least a week.  Also the ntop hostname, which for HTTP sites is often more useful than the nslookup information.  With the hostname I can consolidate traffic from sites that show up with different IPs. 

I see where the RRD data is being stored.  I have read Burton Strauss' 2003 paper but am not much further in figuring out how to get useful summary information out of the XML dump.  I think I need to look at the AVERAGE (300 seconds) section, convert bits/second into bytes and sum across the period I am interested in.  I assume the other AVERAGE seconds are 'rollups' of the data. 
        thanks, Norbert 

> What info are you wanting exactly? Seems between rrd (with proper detail selected), sticky hosts, and your dump code - that should cover everything. 






<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop/attachments/20091117/792353df/attachment.htm>

More information about the Ntop mailing list