I see there's no answers to my questions to ntop/ng, I'll post some updated info on the topic to see if someone recognizes anything.
I have installed a new virtual pfS 2.2.2 ("FW2") and installed softflowd on "FW1". FW2 only has one interface, WAN and some ports are opened on WAN side.
FW2 is placed on a special network dedicated to NMS systems, logging etc.
On FW1 in softflowd I have enabled some interfaces and on FW2 the WAN interface (not loopback). No timeout values set.
After having run this for a few days it seems the ntopng GUI works well and it looks good and all that, but as earlier noted not all speaking hosts are present in the statistics.
I have a number of other networks in FW1 and nothing from them is seen in ntopng on FW2.
I have checked with Wireshark inside the flow data actually being received by FW2 from FW1 and they indeed do contain flow info from other interfaces on FW1.
The exported flows are in version 9.
I downloaded a 2 GB file online and that traffic newer showes up in ntopng for the host in question.
Questions
–---------
In ntopng settings there's an option to save historical data, I guess this relates to data being available through the "Historical" interface in ntopng GUI?
How do I manage how many days worth of data is saved? An earlier installation filled up the entire disk of that system and I'd like to be able to manage this in a balanced manner.
Isn't there a setting somewhere to tell ntopng what networks to collect info for? I think there were some settings of that kind in the ntop GUI.
What am I missing?
TIA,
