Mailing List Archive: NTOPNG Host-Hosts Traffic totals

NTOPNG Host-Hosts Traffic totals

Apr 4, 2017, 1:05 PM

Post #1 of 3 (391 views)

Running latest version 2.5.170403

When clicking on the column header title called "Traffic" of the menu
selection Hosts/Hosts, ( and filtering Local Hosts only), it sorts the
output by Traffic totals. Nice. But what are the totals I'm looking at? It
appears to be totals over the "Seen Since" time period. This is not useful.
Local Hosts come and go. I have little to no control over displaying Traffic
totals because it displays only what it has "seen since". Traffic totals are
not helpful unless I can control the time span/period. Regardless of "Seen
Since". Worse yet, if I leave ntopng running without updating/upgrading or
restarting for weeks or months, I see larger totals over time, of course.
BUT, if I restart ntopng those traffic totals all reset to ZERO. I would
like to either set a preference/option to replace "Seen Since" with a time
period 1D/1W/1M/1Y, or at the very least, NOT have the data reset to zeros
unless I want it to reset to zero and replace "Seen Since" with a default
time period of at least 30 days.

I'm trying to manage 400 plus local hosts data usage and it is difficult to
do when restarting ntopng resets traffic totals.

Any guidance or insight is always appreciated.

Dave

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: NTOPNG Host-Hosts Traffic totals [ In reply to ]

mainardi at ntop

Apr 5, 2017, 1:38 AM

Post #2 of 3 (391 views)

Permalink

Dave,

On Tue, Apr 4, 2017 at 10:05 PM, Dave Davis <dave@davispc.com> wrote:

> Running latest version 2.5.170403
>
> When clicking on the column header title called "Traffic" of the menu
> selection Hosts/Hosts, ( and filtering Local Hosts only), it sorts the
> output by Traffic totals. Nice. But what are the totals I'm looking at? It
> appears to be totals over the "Seen Since" time period.

correct

> This is not useful.
> Local Hosts come and go.

As you should have found out from the docs and the help, local hosts are
serialized to redis when the become inactive and get purged from ntopng
memory. When a serialized host becomes active again, it is deserialized and
its data restored (including seen since and totals).

You can control how long a serialized host should stay in redis. The
default is 1 hour but you can tune this from the preferences.

> I have little to no control over displaying Traffic
> totals because it displays only what it has "seen since". Traffic totals
> are
> not helpful unless I can control the time span/period. Regardless of "Seen
> Since". Worse yet, if I leave ntopng running without updating/upgrading or
> restarting for weeks or months, I see larger totals over time, of course.
> BUT, if I restart ntopng those traffic totals all reset to ZERO.

You just have to make local hosts sticky so they will be de-serialized
again on ntopng restart.

> I would
> like to either set a preference/option to replace "Seen Since" with a time
> period 1D/1W/1M/1Y, or at the very least, NOT have the data reset to zeros
> unless I want it to reset to zero and replace "Seen Since" with a default
> time period of at least 30 days.
>

To be honest I think you are tying to use the live ntopng interface to make
historical analyses. You should consider using the MySQL data export or the
enterprise version if you want to make detailed historical analyses. Those
tools will allow you to specify and time range of interest and will give
you all the information you need.

>
> I'm trying to manage 400 plus local hosts data usage and it is difficult to
> do when restarting ntopng resets traffic totals.
>
> Any guidance or insight is always appreciated.
>
> Dave
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>