Make sure you set the actual networks you plan to use or that are inherent in your IP address plan, this will allow you to identify within the Active Flows the Local Hosts versus the Remote Hosts, like this: | Local networks list. Larger values require ntopng to use more memory, however if you have plenty of RAM it’s not good to use extremely large values as you will waste resources for no reason.Īnother parameter that needs to be configured in the ntopng configuration file is -m, which is useful for listing local networks. It’s better to have a larger value than a smaller one: small values mean that you will not be able to see all hosts, and performance will also be poor due to the poor tuning of ntopng. This way whenever ntopng restarts it will restart with the same configuration.Īssuming we have 35K Active Host, then the -x value should be configured to at least 70K, and assuming 20K flows, then the -X value should be configured to 40K in other words, set them to double the maximum size you expect on your network. ![]() Usually I prefer to put each directive for ntopng in its own configuration file. | Max number of active flows | (default: 131072) | Max number of active hosts | (default: 131072) ![]() You can also indicate the maximum number of Hosts and Active Flows that ntopng is able to handle in the ntopng configuration file, with the respective directives -x for Hosts, and -X for Active Flows.Ĭonsult the local ntopng help for further information: ~]# ntopng -help If ntopng has difficulty handling the large number of Active Flows and Hosts, a red badge will be visible on the Traffic DashBoard in the upper right corner. Menu Settings -> Preferences -> Cache Settings For more information, consult the ntopng WEB GUI at: ![]() Ntopng will keep the Active Flows and Hosts collected from the network traffic in the memory cache which has a preset cutoff. Nprobe –zmq “tcp://:5556 –zmq-probe-mode –collector port 6363 -n none latter is typically the configuration I adopt for clients so that ntopng can collect flows from one or from multiple nProbes, and see the collector c on the ntopng CLI, even if nProbe is allocated on a separate network, behind a NAT, or shielded behind a firewall.īasically I prepared for any segmented network environment that sees nProbe and ntopng in a distributed environment, with the following diagram describing the flow of network traffic: But in cases where nTop cannot reach nProbe, whereas nProbe can reach nTop, then the configuration follows this second pattern: Nprobe –zmq “tcp://*:5556 -i eth1 -n none -T it happens for example, that ntopng can reach nProbe, then the above configuration is perfect.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |