Ntopng does not seem to keep data



  • Hello,
    ntopng does not seem to keep historical data. I've observed this behavior especially when I reboot the pfSense machine.

    pfSense is installed on barebone machine with a 1000 gb hard drive.

    Version info:
    2.3.2-RELEASE-p1 (amd64)
    built on Tue Sep 27 12:13:07 CDT 2016
    FreeBSD 10.3-RELEASE-p9

    thanks for any  help

    Edit: I wish I had 1000 tb.

    Edit 2: I analyzed the symptoms a bit more I found out that it does in fact record historical data. However, I seem to lose this data every time I reboot pfSense.



  • wow thats a BIG hard drive 1000TB ??


  • Banned

    What exactly do you mean by 'historical data'? That space-eating misfeature was abandoned by upstream and is gone from the package (at least in the original form). There are other options accessible from the ntopng Preferences menu.



  • Oh.

    Ok, for some reason I really liked the idea of analyzing what's going on my network for the week. Potentially finding some malware / misconfigurations.

    Right now I feel I need to see it live for detecting threats.

    Thanks for your replies. Grandrivers you made me laugh!


  • Banned

    I'd really suggest to go through the preferences menu in ntopng (not the pfSense package GUI). Namely the On-Disk Timeseries and On-Disk Databases tab.



  • Here are my settings (ntopng)
    (please see attached)

    Am I missing something?






  • I analyzed the symptoms a bit more I found out that it does in fact record historical data. However, I seem to lose this data every time I reboot pfSense.


  • Banned

    Not really sure which pfSense version you are using. The historical data thing is simply gone from ntopng 2.4 package (available on 2.3.3/2.4). End of story.

    
    $ pkg search ntopng
    ntopng-2.4.2016.10.14          Network monitoring tool with command line and web interfaces
    pfSense-pkg-ntopng-0.8.6       pfSense package ntopng
    
    

    P.S. If you are using ramdisks, then kindly stop. Otherwise it will indeed lose all data on every reboot.



  • Version: 2.3.2-RELEASE-p1

    I am not using ramdisks.

    Do you have a suggestion for an alternative ?


  • Banned

    No. It simply works for me. Definitely nothing gone on reboot.



  • I reinstalled the package, let's see how it goes.

    thanks for your help



  • If you go to Hosts > Some local host > Activity Map, does the chart reset after a pfsense reboot? Mine does reset.

    However, if I go to the timeline chart section, it actually shows historical data.