Network monitoring with Ntop


Ntop settings for a system that acts as a monitor on a SPAN (mirror-port) for a very fast network:

   $> cat /etc/default/ntop 
   # This file will normally include the debconf template but you can disable
   # that and use this file only.
   . /var/lib/ntop/init.cfg
   #GETOPT="-i 'eth0,eth2,eth3"
   # -z|--disable-sessions disable tcp session tracking
   # -x 4096 max number of hash entries (default 8192)
   # -X $((32768 * 2)) (default 32768)
   # -b disable protocol analysis (busy network here)
   # -o do not trust MAC addresses (we are on a span port)
   GETOPT=' -M -b -o -z -X 65536 '

monitoring:sflow

Advertisement