What would you like to add or change?:
For network security monitoring ntopng is needed for layer 2 analysis. Having one ntopng instance per organization is not enough, as in most cases north - south and east - west traffic can not be monitored with only instance. Using RSPAN like technologies in order to get network traffic from remote locations back to the central ntopng instance is cumbersome and prone to configuration error.
We therefore would like to have a distributed ntopng architecture, where one ntopng instance is the "master" and distributed ntopng instances are followers. Alerts from all instances should be visible in the main instance. Check or configuration settings are done on the master instance and then distributed to the follower instances. Also when the main instance is updated, the follower instances are updated as well.
Why do you and others need this?:
Almost any industrial network monitoring need a multi instance setup.
lucaderi
commented
1 year ago
What would you like to add or change?: For network security monitoring ntopng is needed for layer 2 analysis. Having one ntopng instance per organization is not enough, as in most cases north - south and east - west traffic can not be monitored with only instance. Using RSPAN like technologies in order to get network traffic from remote locations back to the central ntopng instance is cumbersome and prone to configuration error. We therefore would like to have a distributed ntopng architecture, where one ntopng instance is the "master" and distributed ntopng instances are followers. Alerts from all instances should be visible in the main instance. Check or configuration settings are done on the master instance and then distributed to the follower instances. Also when the main instance is updated, the follower instances are updated as well.
Why do you and others need this?: Almost any industrial network monitoring need a multi instance setup.