Hi there,
I had to configure ntop and activated NetFlow on a pretty old RouterOS installation, running 3.4.
/ip traffic-flow
set active-flow-timeout=30m cache-entries=32k enabled=yes inactive-flow-timeout=15s interfaces=ether1,ether2,ether3,ether4,ether5,ether6,local
/ip traffic-flow target
add address=10.1.2.3:2055 disabled=no v9-template-refresh=20 v9-template-timeout=30m version=9
But I’am not sure if I did this right, because if I activate NetFlow just for ether1 (my WAN interface) it seems to not catch all traffic, is this correct? So I configured all of my ethernet interfaces and the values looking better.
But the crazy thing is the Network Traffic (IP) listing in ntop, it shoes e.g. Data traffic 700 MB for the host 10.1.1.1, but also 1.4 GB for HTTP traffic, this can’t be right, because it should <= Data traffic.
Any advice would be really appreciated.
–Michael