ntopng

ntopng can be easily extended with new host/flow checks and alerts. They are developed in C++ with a few Lua files used by the UI to configure the check and format the emitted alerts. In order to introduce you to thir development, we have written a short guide that shows you step-by-step how to develop a simple check and alert. If you want you can see a code example of host check that rtiggers an alert when a server contacted a new port after a learning period. If you have …

Checkmk is a popular platform for monitoring IT infrastructure. ntopng has been integrated in Checkmk some time ago, enabling users to provide traffic visibility in additional to classic bytes/packets metrics. As ntopng is able to produce traffic alerts that, we have decided to extend ntopng in order to export alert information towards Checkmk event console where alerts are received.This guide will walk you through configuring ntopng and Checkmk to enable this functionality. In order to do so, within ntopng, it’s necessary to configure a new Endpoints as well as a …

This is to announce that ntopng now enables users to use a new languages: Korean, Spanish and French.  We have also improved translations of German and Italian. The translation is done using an automatic tool so, we cannot guarantee that the translation is completely correct. Error or typos are accepted as a GitHub issue: please open a ticket if you find problems. To change language click on the top right icon in ntopng and enter in the admin page A popup will open, select language and a list of available …

In ntopng we have implemented various techniques for analysing historical traffic. This post shows you the options available: In timeseries you can see the current traffic rate (line) or the traffic rate of the previous period of time (dotted). This allows you to visually analyse when traffic deviates from previous period of time (see for instance in the chart below the traffic drop happened at 10 AM). 2. You can trigger interface alerts based on statistical traffic analysis (exponential smoothing) when traffic exceeds (up/down) its baseline. Note that when this …

Recently ntopng has been used in academia for detecting DoS (Denial of Service) attacks using NetFlow flows. In this thesis (note that the document it is written in Italian) it is shown how ntopng has been successfully used collect flow and use them to detect DoS attacks. Enjoy ! …

Despite ntop has implemented rich network metrics over the years, the two most important metrics that people keep asking us are volume (how much) and time (how long).  Timeseries offer a quick view of the traffic and allow people to immediately spot traffic peaks or absence of transmissions. They are good for traffic analysis but are too complex for producing accounting data and comparing usage overtime. For this reason ntopng provides for each local host an additional feature that allows you to see immediately the amount and time that a …

In this blog post we want to shave our experience squeezing ntopng memory usage to fit into small OT monitoring devices manufactured by our partner Endian. Just to give you an idea of the work we did look at these two images taken on the same network at the same time of the day, before and after our work. As you can see we managed to squeeze the memory from 4 GB to 1.3 GB. Below we describe how we did it. The challenge was to reduce memory usage while …

In ntopng 6.0 Dashboard and Traffic Reports have been completely redesigned and rewritten from scratch with a new, flexible engine which is template-based. In a previous webinar we demonstrated how cute and powerful the new engine is, with the ability to automatically generate periodic reports, and with the promise of releasing a graphical editor for customising it, and let everyone to create its own traffic view on both historical and live traffic data. The graphical editor has been implemented and it is available in ntopng 6.1 (and later versions). In this …