[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: Re: [Ntop] Queued Alter
From: Luca Deri <deri () ntop ! org>
Date: 2014-01-23 12:19:46
Message-ID: 52E108E2.1060108 () ntop ! org
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Steve
I will exploit Redis for this, don't worry. We're working at a new
"surprise" for ntopng, so stay tuned that in Feb we'll introduce it
Luca
On 01/23/2014 01:13 PM, Steve Clark wrote:
> Hi Luca,
>
> This sounds like a very powerful feature, please consider allowing
> the user to tune it, similar to how one could tune rrd in the old NTOP.
>
> Regards,
> Steve
>
> On 01/23/2014 04:07 AM, Luca Deri wrote:
> > Kaiser
> > it means that host 192.168.112.88 has created, as client, an excessive
> > number of new flow requests (i.e. connections on different ports) in the
> > past few seconds. The flow reported is just an example
> >
> > We're still tuning the algorithm, but in the future ntopng will be able
> > to identify hosts that are likely to misbehave, and of course to avoid
> > generating alerts for server hosts
> >
> > Luca
> >
> >
> > On 01/22/2014 03:58 PM, kaiser@gentrice.net wrote:
> > > Hi,
> > >
> > > We found a Queue Alter in our ntopng installation,
> > >
> > > something like
> > > Wed Jan 22 17:47:32 2014 Error Flows Flood Host 192.168.112.88 on flow UDP \
> > > 192.168.112.88:28462 > 111.221.77.159:40011 [proto: 0/Unknown][1/0 pkts][181/0 \
> > > bytes] [27 hits]
> > >
> > >
> > > what is [1/0 pkts][181/0 bytes] [27 hits] means? Anyone know it?
> > >
> > > br,
> > > kaiser
> > > _______________________________________________
> > > Ntop mailing list
> > > Ntop@listgateway.unipi.it
> > > http://listgateway.unipi.it/mailman/listinfo/ntop
> > _______________________________________________
> > Ntop mailing list
> > Ntop@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop
> >
>
>
> --
> Stephen Clark
> *NetWolves*
> Director of Technology
> Phone: 813-579-3200
> Fax: 813-882-0209
> Email: steve.clark@netwolves.com
> http://www.netwolves.com
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Steve<br>
I will exploit Redis for this, don't worry. We're working at a new
"surprise" for ntopng, so stay tuned that in Feb we'll introduce
it<br>
<br>
Luca<br>
<br>
On 01/23/2014 01:13 PM, Steve Clark wrote:<br>
</div>
<blockquote
cite="mid:1390479207019-027-00064910.sclark.netwolves.com@sclark66.netwolves.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi Luca,<br>
<br>
This sounds like a very powerful feature, please consider
allowing<br>
the user to tune it, similar to how one could tune rrd in the
old NTOP.<br>
<br>
Regards,<br>
Steve<br>
<br>
On 01/23/2014 04:07 AM, Luca Deri wrote:<br>
</div>
<blockquote
cite="mid:1390468077521-066-00010814.ntop-bounces.listgateway.unipi.it@fuji.unipi.it"
type="cite">
<pre wrap="">Kaiser
it means that host 192.168.112.88 has created, as client, an excessive
number of new flow requests (i.e. connections on different ports) in the
past few seconds. The flow reported is just an example
We're still tuning the algorithm, but in the future ntopng will be able
to identify hosts that are likely to misbehave, and of course to avoid
generating alerts for server hosts
Luca
On 01/22/2014 03:58 PM, <a moz-do-not-send="true" class="moz-txt-link-abbreviated" \
href="mailto:kaiser@gentrice.net">kaiser@gentrice.net</a> wrote: </pre>
<blockquote type="cite">
<pre wrap="">Hi,
We found a Queue Alter in our ntopng installation,
something like
Wed Jan 22 17:47:32 2014 Error Flows Flood Host 192.168.112.88 on flow UDP \
192.168.112.88:28462 > 111.221.77.159:40011 [proto: 0/Unknown][1/0 pkts][181/0 \
bytes] [27 hits]
what is [1/0 pkts][181/0 bytes] [27 hits] means? Anyone know it?
br,
kaiser
_______________________________________________
Ntop mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" \
href="mailto:Ntop@listgateway.unipi.it">Ntop@listgateway.unipi.it</a> <a \
moz-do-not-send="true" class="moz-txt-link-freetext" \
href="http://listgateway.unipi.it/mailman/listinfo/ntop">http://listgateway.unipi.it/mailman/listinfo/ntop</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
Ntop mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" \
href="mailto:Ntop@listgateway.unipi.it">Ntop@listgateway.unipi.it</a> <a \
moz-do-not-send="true" class="moz-txt-link-freetext" \
href="http://listgateway.unipi.it/mailman/listinfo/ntop">http://listgateway.unipi.it/mailman/listinfo/ntop</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
Stephen Clark<br>
<b>NetWolves</b><br>
Director of Technology<br>
Phone: 813-579-3200<br>
Fax: 813-882-0209<br>
Email: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:steve.clark@netwolves.com">steve.clark@netwolves.com</a><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.netwolves.com">http://www.netwolves.com</a><br>
</div>
</blockquote>
<br>
</body>
</html>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic