Chuck Mariotti
2018-05-11 14:06:33 UTC
We have a pfSense firewall running ntopNG 3.2.180413 (pfSense package) with a number of webservers behind it (HTTPS). Ntop only has about 1 month of data collected.
Our datacenter charges for additional bandwidth utilization and over the last ~3 months we've gotten hit with three large bills for overage.
There is one specific website that would be the likely culprit but I need to provide some proof of utilization (can't do that with the data collected but maybe I can point to specific utilizations over the last month). Google analytics doesn't indicate much difference in users for that site (+3%) but there are other things going on with the site (automated exports/imports/etc... scrapers, etc...) that aren't something that analytics would pickup on. We need to prove that traffic has increased significantly and it would be nice to point to specific peers as culprits (we think it's likely that a half dozen peers connected to the one web server are causing the data utilization spike but have to prove it).
Most ntopng reports seem to want to be real-time or 1 day level rather than historical (I understand this). I can get historical data at the interface level and host level in a graph (I can't seem to select specific date ranges), but I'd like a listing of peers based on traffic volume over a period of time. Everything seems to be driven from realtime reporting (lists peers at the moment, so you can only drive down into those specific peers)... would like to see a listing of peers who used up bandwidth over the last week or month or specific date range... am I not looking in the right place to do this?
Regards,
Chuck
Our datacenter charges for additional bandwidth utilization and over the last ~3 months we've gotten hit with three large bills for overage.
There is one specific website that would be the likely culprit but I need to provide some proof of utilization (can't do that with the data collected but maybe I can point to specific utilizations over the last month). Google analytics doesn't indicate much difference in users for that site (+3%) but there are other things going on with the site (automated exports/imports/etc... scrapers, etc...) that aren't something that analytics would pickup on. We need to prove that traffic has increased significantly and it would be nice to point to specific peers as culprits (we think it's likely that a half dozen peers connected to the one web server are causing the data utilization spike but have to prove it).
Most ntopng reports seem to want to be real-time or 1 day level rather than historical (I understand this). I can get historical data at the interface level and host level in a graph (I can't seem to select specific date ranges), but I'd like a listing of peers based on traffic volume over a period of time. Everything seems to be driven from realtime reporting (lists peers at the moment, so you can only drive down into those specific peers)... would like to see a listing of peers who used up bandwidth over the last week or month or specific date range... am I not looking in the right place to do this?
Regards,
Chuck