Mailing List Archive: Few questions after installation

Dear All,
Good time of the day,

I have few questions after installing ntopng, too small for separate topics:

1. Where do incorrect logins go? I want to configure fail2ban, but
cannot find authentication failures in logs.

2. I have only one data source, so on a dashboard, right column mostly
repeats middle one. Any way to hide it? Even better, same chart with
breakdown by host would be great (of course, for top hosts only).

3. Cpu utilization by ntopng process on server is quite high when its
page is open in browser: 15-20% for dashboard, ~10% for about page etc.
(on a 1.6GHz Xeon). When I open several tabs things starts to lag
noticeably (Firefox CPU utilization is also pretty high BTW). Lowering
update frequency to 60 seconds does not help. Is it normal?

4. Throughput values shown in many places are very noisy. Our Cisco ASA
only sends flow updates to nprobe once a minute, therefore any attempts
to measure bandwidth with greater frequency is futile. I set update
frequency to 60 seconds in ntopng preferences, but charts on dashboard
etc. are still updated every second with random values. Any way to slow
them down?

5. Torrent traffic is only detected for seeding, not for downloads,
right? I tried to test-download couple of gigs but ntopng only reported
several megabytes and few kbps as BitTorrent application traffic for my
host. (ASDM, in contrast, displayed correct bandwidth usage.)

Thanks in advance,
With Best Regards,
Marat Khalili

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Khalili,

Please read the comments below.

On 12/14/2016 09:47 AM, Marat Khalili wrote:
> Dear All,
> Good time of the day,
>
> I have few questions after installing ntopng, too small for separate
> topics:
>
> 1. Where do incorrect logins go? I want to configure fail2ban, but
> cannot find authentication failures in logs.
Currently incorrect logins for ntopng are not logged to any log file.

> 2. I have only one data source, so on a dashboard, right column mostly
> repeats middle one. Any way to hide it? Even better, same chart with
> breakdown by host would be great (of course, for top hosts only).
The dashboard is not configurable right now. Your particular setup would
be a special case.

> 3. Cpu utilization by ntopng process on server is quite high when its
> page is open in browser: 15-20% for dashboard, ~10% for about page
> etc. (on a 1.6GHz Xeon). When I open several tabs things starts to lag
> noticeably (Firefox CPU utilization is also pretty high BTW). Lowering
> update frequency to 60 seconds does not help. Is it normal?
It is a known issue, we plan to move to websockets to reduce cpu load.

> 4. Throughput values shown in many places are very noisy. Our Cisco
> ASA only sends flow updates to nprobe once a minute, therefore any
> attempts to measure bandwidth with greater frequency is futile. I set
> update frequency to 60 seconds in ntopng preferences, but charts on
> dashboard etc. are still updated every second with random values. Any
> way to slow them down?
Graphs are conceived to present real time data, so data gaps when
reading periodic updates are normal.

> 5. Torrent traffic is only detected for seeding, not for downloads,
> right? I tried to test-download couple of gigs but ntopng only
> reported several megabytes and few kbps as BitTorrent application
> traffic for my host. (ASDM, in contrast, displayed correct bandwidth
> usage.)
Torrent should actually be detected for both seeding and downloads. If
it isn't, please open a bug report on https://github.com/ntop/nDPI with
a sample .pcap file in order to receive support. Thank you.

Regards,
Emanuele

>
> Thanks in advance,
> With Best Regards,
> Marat Khalili
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop