I love that Ntop is included in Nethserver. Ability in Ntop to filter hosts between local and remote is a key feature of Ntop that I cannot figure out how to configure for this Nethserver based Ntop instance. Any help? If not, I have a feature request.
Ntop config directs us to define local networks / subnets in the config file ntop.conf
What I find in my conf file is this:
of course it directs me not to modify this file directly since Nethserver will overwrite it. (p.s. I tried to follow the link to the developerās guide, but didnāt work. Is there maybe another manual config file I missed that also feeds into the one show from /etc/ntopng/ntopng.conf ?)
Config file network apparently comes from the interface network(s). This also auto-populates trusted networks:
But why not auto-populate the ntop file with ALL trusted networks? That would be the catās meow! (or is there a way to do this, that I havenāt figured out?) I use a subnet for servers that is distinct from client subnets, so only have servers listed as ālocalā in Ntop, but I really would like to see all connected users as ālocalā. Otherwise Ntop makes much less sense it seems. Let me explain where Iām coming from. In the Hosts view, there is an option for selecting (upper right hand corner of the following image) All hosts, Local Only, or Remote Only. If I want to see local hosts that are not included as local, I would need to sort through a rather extensive list of Remote hosts.
Then there is the Networks view. I will not have chart options, aggregate traffic data, etc of my other local networks without these being included as local subnets. And that would be super useful!!!
If all trusted networks became local networks defined in ntop, I could make this more useful by showing individual vlan/subnet sections of client networks. I would do that by breaking up my trusted network entry from:
10.20.0.0/16
to
10.20.0.0/24
10.20.110.0/24
10.20.120.0/24
10.20.150.0/24
If I could define trusted networks that way in Nethserver and have it copy over into the config file for ntop, that would be VERY nice. (again, or is there a way to do that or an alternate manual config file that I missed?)
(Regarding talk of maybe moving away from Ntop, I think bandwidthd is quite nice, but imo one advantage of Ntop is viewing current traffic at the time of a network slowdown. This is helpful in low bandwidth environments to help determine from where and what type of traffic the Internet resources are being sapped. This is the very type of environment I am working to help at the moment.) Thanks for any help or comments.