Network Traffic Collection

• Previous message (by thread): The Cidr Report
• Next message (by thread): which one a Technical Support or Help Desk
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Ali


On Sat, Feb 25, 2012 at 6:14 PM, Maverick <myeaddress at gmail.com> wrote:
> Thanks Mukom for the wonderful guide, this is really helpful. I have
> few questions about ntop though.
>
> How can I get access to the log files generated by ntop and do my own
> parsing rather than looking for webbased results that are generated.

It's been a while i looked under the hood of ntop. Remember that ntop
itself usually needs to be 'fed' traffic to analyse. I have never done
it myself but if I needed the raw data, I'd mirror a port and capture
it with tcpdump into a pcap file (watch disk space!!) the use whatever
analysis tool suits my needs to look at it.

> Are there any programs available that do parsing of ntops log files.
> When I run ntop on pcap I don't get the throughput graphs as rrd
> doesn't work on pcap is there any work around for that.

Not to my knowledge no. I think there's a switch (-f) for reading data
from a pcap file as opposed to a live feed. I have never played with
that as well.

There are other (possible more feature laden) commercial flow
collectors and analysers out there). I also started following trisul
earlier on in the project, you might want to check it out.



>
> Thanks,
> Ali
>
> On Sat, Feb 25, 2012 at 2:27 AM, Mukom Akong T. <mukom.tamon at gmail.com> wrote:
>> On Fri, Feb 24, 2012 at 12:20 AM, Matlock, Kenneth L
>> <MatlockK at exempla.org> wrote:
>>> Netflow + netflow collector.
>>
>> +1 This guide should give you a good start.
>>
>> http://techowto.files.wordpress.com/2008/09/ntop-guide.pdf
>>
>> Regards
>>
>> --
>> Mukom Akong Tamon
>> ______________
>>
>> "If we can't BREATH, we'll die. Yet, we don't LIVE in order to breath.
>> Ditto we SHOULDN'T WORK just to MAKE MONEY. Doing so puts us on a one
>> way street to IRRELEVANCE."
>>
>>
>> [In Search of Excellence & Perfection] - http://perfexcellence.org
>> [Moments of TechXcellence] - http://techexcellence.net
>> [ICT Business Integration] - http://ibiztech.wordpress.com
>> [About Me] - http://about.me/perfexcellence



-- 
Mukom Akong [Tamon]
______________

“We don't LIVE in order to BREATH. Similarly WORKING in order to make
MONEY puts us on a one way street to irrelevance.“


[In Search of Excellence & Perfection] - http://perfexcellence.org
[Moments of TechXcellence] - http://techexcellence.net
[ICT Business Integration] - http://ibiztech.wordpress.com
[About Me] - http://about.me/perfexcellence

• Previous message (by thread): The Cidr Report
• Next message (by thread): which one a Technical Support or Help Desk
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]