Ntopng does not seem to keep data
ntopng does not seem to keep historical data. I've observed this behavior especially when I reboot the pfSense machine.
pfSense is installed on barebone machine with a 1000 gb hard drive.
built on Tue Sep 27 12:13:07 CDT 2016
thanks for any help
Edit: I wish I had 1000 tb.
Edit 2: I analyzed the symptoms a bit more I found out that it does in fact record historical data. However, I seem to lose this data every time I reboot pfSense.
wow thats a BIG hard drive 1000TB ??
What exactly do you mean by 'historical data'? That space-eating misfeature was abandoned by upstream and is gone from the package (at least in the original form). There are other options accessible from the ntopng Preferences menu.
Ok, for some reason I really liked the idea of analyzing what's going on my network for the week. Potentially finding some malware / misconfigurations.
Right now I feel I need to see it live for detecting threats.
Thanks for your replies. Grandrivers you made me laugh!
I'd really suggest to go through the preferences menu in ntopng (not the pfSense package GUI). Namely the On-Disk Timeseries and On-Disk Databases tab.
Here are my settings (ntopng)
(please see attached)
Am I missing something?
I analyzed the symptoms a bit more I found out that it does in fact record historical data. However, I seem to lose this data every time I reboot pfSense.
Not really sure which pfSense version you are using. The historical data thing is simply gone from ntopng 2.4 package (available on 2.3.3/2.4). End of story.
$ pkg search ntopng ntopng-2.4.2016.10.14 Network monitoring tool with command line and web interfaces pfSense-pkg-ntopng-0.8.6 pfSense package ntopng
P.S. If you are using ramdisks, then kindly stop. Otherwise it will indeed lose all data on every reboot.
I am not using ramdisks.
Do you have a suggestion for an alternative ?
No. It simply works for me. Definitely nothing gone on reboot.
I reinstalled the package, let's see how it goes.
thanks for your help
If you go to Hosts > Some local host > Activity Map, does the chart reset after a pfsense reboot? Mine does reset.
However, if I go to the timeline chart section, it actually shows historical data.