[150752] in North American Network Operators' Group
Re: Network Traffic Collection
daemon@ATHENA.MIT.EDU (Mukom Akong T.)
Sat Mar 3 02:46:19 2012
In-Reply-To: <CA+vWMo5nVPY-DY9vC=oJbG1N6KukV-ZTKAm8TbrhH3dD4tHCsw@mail.gmail.com>
From: "Mukom Akong T." <mukom.tamon@gmail.com>
Date: Sat, 3 Mar 2012 11:44:38 +0400
To: Maverick <myeaddress@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Ali
On Sat, Feb 25, 2012 at 6:14 PM, Maverick <myeaddress@gmail.com> wrote:
> Thanks Mukom for the wonderful guide, this is really helpful. I have
> few questions about ntop though.
>
> How can I get access to the log files generated by ntop and do my own
> parsing rather than looking for webbased results that are generated.
It's been a while i looked under the hood of ntop. Remember that ntop
itself usually needs to be 'fed' traffic to analyse. I have never done
it myself but if I needed the raw data, I'd mirror a port and capture
it with tcpdump into a pcap file (watch disk space!!) the use whatever
analysis tool suits my needs to look at it.
> Are there any programs available that do parsing of ntops log files.
> When I run ntop on pcap I don't get the throughput graphs as rrd
> doesn't work on pcap is there any work around for that.
Not to my knowledge no. I think there's a switch (-f) for reading data
from a pcap file as opposed to a live feed. I have never played with
that as well.
There are other (possible more feature laden) commercial flow
collectors and analysers out there). I also started following trisul
earlier on in the project, you might want to check it out.
>
> Thanks,
> Ali
>
> On Sat, Feb 25, 2012 at 2:27 AM, Mukom Akong T. <mukom.tamon@gmail.com> w=
rote:
>> On Fri, Feb 24, 2012 at 12:20 AM, Matlock, Kenneth L
>> <MatlockK@exempla.org> wrote:
>>> Netflow + netflow collector.
>>
>> +1 This guide should give you a good start.
>>
>> http://techowto.files.wordpress.com/2008/09/ntop-guide.pdf
>>
>> Regards
>>
>> --
>> Mukom Akong Tamon
>> ______________
>>
>> "If we can't BREATH, we'll die. Yet, we don't LIVE in order to breath.
>> Ditto we SHOULDN'T WORK just to MAKE MONEY. Doing so puts us on a one
>> way street to IRRELEVANCE."
>>
>>
>> [In Search of Excellence & Perfection] - http://perfexcellence.org
>> [Moments of TechXcellence] - http://techexcellence.net
>> [ICT Business Integration] -=C2=A0http://ibiztech.wordpress.com
>> [About Me] - http://about.me/perfexcellence
--=20
Mukom Akong [Tamon]
______________
=E2=80=9CWe don't LIVE in order to BREATH. Similarly WORKING in order to ma=
ke
MONEY puts us on a one way street to irrelevance.=E2=80=9C
[In Search of Excellence & Perfection] - http://perfexcellence.org
[Moments of TechXcellence] - http://techexcellence.net
[ICT Business Integration] -=C2=A0http://ibiztech.wordpress.com
[About Me] - http://about.me/perfexcellence
