How Historical Flows Replay Works

Posted · Add Comment

ntop users who have enabled ClickHouse, know that they can search/aggregate/export historical flows and create customized reports. However, in the past months some of our users were uncomfortable of this approach as they preferred to seamlessly analyze historical as live data with the full power of ntopng. In the latest ntopng version we have added […]

HowTo Extend ntopng with new Host/Flow Checks and Alerts

Posted · Add Comment

ntopng can be easily extended with new host/flow checks and alerts. They are developed in C++ with a few Lua files used by the UI to configure the check and format the emitted alerts. In order to introduce you to thir development, we have written a short guide that shows you step-by-step how to develop […]

HowTo Export ntopng Alarms to Checkmk Event Console

Posted · Add Comment

Checkmk is a popular platform for monitoring IT infrastructure. ntopng has been integrated in Checkmk some time ago, enabling users to provide traffic visibility in additional to classic bytes/packets metrics. As ntopng is able to produce traffic alerts that, we have decided to extend ntopng in order to export alert information towards Checkmk event console […]

HowTo Use Cloud Licenses

Posted · Add Comment

As discussed in our spring webinar, it is now possible to use (in beta) cloud licenses with ntopng and nProbe. Contrary to standard licenses that are bound to a physical system (based on the systemId), cloud licenses are “floating” as the same license file can be used on multiple hosts, of course not simultaneously (i.e. […]

Using ClickHouse Cloud with ntopng

Posted · Add Comment

We are happy to announce that from the latest ntopng dev (6.1) version, ntopng supports exporting data (flows & alerts) to ClickHouse Cloud. Below you can find a step-by-step guide. Quick Start First of all let’s start by creating our account and service on the ClickHouse Cloud (you can find the official guide here); remember […]

How Historical Traffic Behaviour Analysis Works

Posted · Add Comment

In ntopng we have implemented various techniques for analysing historical traffic. This post shows you the options available: In timeseries you can see the current traffic rate (line) or the traffic rate of the previous period of time (dotted). This allows you to visually analyse when traffic deviates from previous period of time (see for […]

DoS Detection Using ntopng and NetFlow/IPFIX

Posted · Add Comment

Recently ntopng has been used in academia for detecting DoS (Denial of Service) attacks using NetFlow flows. In this thesis (note that the document it is written in Italian) it is shown how ntopng has been successfully used collect flow and use them to detect DoS attacks. Enjoy !