I'm looking for a tool to passively listen on a mirroring port in order to collect statistical data about network bandwidth usage, protocols, hosts, etc.
Ntop is great. But once restarted it (almost) resets all stats. As far as I know, there is no elegant solution to enable persistent storage on Ntop.
Can someone please point me to a similar tool that can handle restarts?
From ntop FAQ
Q1(a). Can I store data in a SQL database?
Q1(b). When ntop stops I lose all my data. Why?
Q1(c). Why doesn't the -S option work?
A. ntop used to optionally store some data in a SQL database. The code was broken, difficult to maintain, etc. and was removed. A LONG TIME AGO. If you are reading about this in 'some' documentation - update.
Current ntop is 3.1, which is the only version we support.
There are scripts that various users have offered to take the data dump and insert it into a SQL database. Search the back traffic on the mailing list for them.
Yes, ntop uses memory based structures to hold usage data and they are lost when you reset or restart ntop.
Persistent storage is in the RRD databases - there's a paper @ SourceForge that explains them.
There was another option for some persistence - it was -S - look in FAQarchive for an article about it, "What was the -S option?".
Here's a whole lot of netflow/sFlow collectors. I can't recommend any particular one myself.
http://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html