[EMAIL PROTECTED] I just finished typing a detailed response and Outlook/Word locked up!!!
Short version, use a single NIC and mirror TX and RX traffic. Your problem will most likely be solved. Gary ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derek Gore Sent: Tuesday, November 18, 2008 12:54 PM To: ntop@unipi.it Subject: Re: [Ntop] rrdtool and ntop --no-mac Gary, Well, the switch can do TX or RX only, or both on one port, but in all three cases I don't get all the info I need. The reason I'm trying to get the complete data set both ways is to help my little dept figure out what's loading the network when we see spikes. However, most of the traffic is highly directional, ie a lot of utilization one way and not much the other, and yet sometimes it's both (between our file servers and media editing lab computers, as well as department backups, etc). So just mirroring one way wouldn't give a very good picture sometimes. As for the update times, well, I've left on the default...never had problems before the dual nics, so I think it's more an issue of trying to save two things at the update interval sometimes. So, I guess, might there be a way to ensure all data is saved for a given time in one go? Or what setting might I change to stop these collisions? Thank you, Derek On Mon, Nov 17, 2008 at 10:57 AM, <[EMAIL PROTECTED]> wrote: Send Ntop mailing list submissions to ntop@unipi.it To subscribe or unsubscribe via the World Wide Web, visit http://listgateway.unipi.it/mailman/listinfo/ntop or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Ntop digest..." Today's Topics: 1. Re: AS number missing (Burton Strauss III) 2. Re: AS number missing (Luca Deri) 3. rrdtool and ntop --no-mac (Derek Gore) 4. Re: rrdtool and ntop --no-mac (Gary Gatten) ---------------------------------------------------------------------- Message: 1 Date: Sun, 16 Nov 2008 15:58:05 -0600 From: "Burton Strauss III" <[EMAIL PROTECTED]> Subject: Re: [Ntop] AS number missing To: <ntop@unipi.it> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="utf-8" The problem with AS numbers is the aggregation. What works for one individual is a reflection of their connection to the network. For example, within the State of XYZ University system, there are multiple AS#s, one per campus, reflecting traffic flow through the state-wide network. But the State provides a consolidated network inter-connection for all campuses and universities to the rest of the world. So outsiders see the aggregated network AS# only. There are organizations that make AS lookups available, but again, it reflects their position in the network. The best know is Cymru: http://www.team-cymru.org/Services/ip-to-asn.html -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aurelien BEAUVOIS Sent: Thursday, November 13, 2008 10:21 AM To: ntop@unipi.it Subject: Re: [Ntop] AS number missing I've modified the script and there are no problem now... If somebody is interessed, you can ask me. Thanks Aurelien Le jeudi 13 novembre 2008 ? 14:50 +0100, Aurelien BEAUVOIS a ?crit : > Hi, > > I've already looked for examples but nothing work. > > I've found a script in the ntop directory > (/root/ntop-3.3.8/utils/AS-list.sh) but I've not more AS numbers on the > html page Hosts... > > Aur?lien > > Le jeudi 13 novembre 2008 ? 13:35 +0100, Allan Eising a ?crit : > > Hi, > > > > The AS information is fetched from a text file that is bundled with > > ntop. This text file has unfortunately not been updated for a long > > time, thus a lot of AS numbers are missing. If you search this mailing > > list you'll find several examples on how to fetch more recent data > > into your AS-list.txt file. > > > > Allan > > > > On Thu, Nov 13, 2008 at 12:42 PM, Aurelien BEAUVOIS > > <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > > > I've activate AS numbers in ntop but some AS numbers missing. > > > > > > Have you an idea to resolve this problem ? > > > > > > Thanks > > > > > > Aur?lien BEAUVOIS > > > Ikoula > > > > > > _______________________________________________ > > > Ntop mailing list > > > Ntop@unipi.it > > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > _______________________________________________ > > Ntop mailing list > > Ntop@unipi.it > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ > Ntop mailing list > Ntop@unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ------------------------------ Message: 2 Date: Mon, 17 Nov 2008 09:23:01 +0100 From: Luca Deri <[EMAIL PROTECTED]> Subject: Re: [Ntop] AS number missing To: ntop@unipi.it Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" An HTML attachment was scrubbed... URL: http://listgateway.unipi.it/pipermail/ntop/attachments/20081117/5aaa87d7 /attachment-0001.html ------------------------------ Message: 3 Date: Mon, 17 Nov 2008 10:43:20 -0700 From: "Derek Gore" <[EMAIL PROTECTED]> Subject: [Ntop] rrdtool and ntop --no-mac To: ntop@unipi.it Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Greetings all, I've recently been working on a project to setup ntop to the end of analyzing our network load/traffic so we can better accommodate the demands of the network. A test case using a simple machine with a single nic went flawlessly. However, when I set up a more powerful machine with 2 nics to start production monitoring, I started getting warnings from RRD tool that go along the lines of this: **WARNING** RRD: rrd_update(/usr/.../ipBytesSent.rrd) error: illegal attempt to update using time 1109523297 when last update time is 1109523297 (minimum one second step) I have, of course, researched this problem a little and tried launching with the --no-mac option as well as configuring via the web interface to not trust macs. Nevertheless, the problem persists. The setup is a gigabit switch hooked into 2 nics on the monitoring computer. One port is mirrored egress, and the other ingress, and I have ntop set to merge the stats from both nics. Does anyone have any suggestions for how I might be able to fix this? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://listgateway.unipi.it/pipermail/ntop/attachments/20081117/33e3c404 /attachment-0001.html ------------------------------ Message: 4 Date: Mon, 17 Nov 2008 11:56:54 -0600 From: "Gary Gatten" <[EMAIL PROTECTED]> Subject: Re: [Ntop] rrdtool and ntop --no-mac To: <ntop@unipi.it> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" I don't think the "no mac" setting will influence these warnings - but you probably need it anyway (most times you do). Maybe check the rrd configs and play with the update timers? Also, any detail you don't "need" disable so that rrd is storing only what you'll actually use. Lastly, if your switch supports it maybe have it mirror TX and RX so you only need a single interface and NIC for monitoring. Merging tends to distort the details of full duplex traffic. Ie: Is 45Mb/s on a T3 bad? Well, if the traffic is all unidirectional - say ingress - yea, probably bad cause that circuit is maxed. If however it's 25 Mb in and 20 Mb out - maybe not so bad - especially if it's legit traffic. Openview sometimes treats a full-duplex link like two half-duplex links merged together: on a T1 running at 1536Kb/s egress it would show up on reports as 50% utilization when really it's 100% of egress. Lastly, these warnings are annoying but I don't *THINK* they're causing any harm. Gary ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derek Gore Sent: Monday, November 17, 2008 11:43 AM To: ntop@unipi.it Subject: [Ntop] rrdtool and ntop --no-mac Greetings all, I've recently been working on a project to setup ntop to the end of analyzing our network load/traffic so we can better accommodate the demands of the network. A test case using a simple machine with a single nic went flawlessly. However, when I set up a more powerful machine with 2 nics to start production monitoring, I started getting warnings from RRD tool that go along the lines of this: **WARNING** RRD: rrd_update(/usr/.../ipBytesSent.rrd) error: illegal attempt to update using time 1109523297 when last update time is 1109523297 (minimum one second step) I have, of course, researched this problem a little and tried launching with the --no-mac option as well as configuring via the web interface to not trust macs. Nevertheless, the problem persists. The setup is a gigabit switch hooked into 2 nics on the monitoring computer. One port is mirrored egress, and the other ingress, and I have ntop set to merge the stats from both nics. Does anyone have any suggestions for how I might be able to fix this? Thank you. <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://listgateway.unipi.it/pipermail/ntop/attachments/20081117/96989a15 /attachment.html ------------------------------ _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop End of Ntop Digest, Vol 54, Issue 8 *********************************** -- Derek Gore Systems Administration (ext 2-3678) HHP Services 108 Richards Building College of Health and Human Performance Brigham Young University Provo, UT 84602 Phone: (801) 422 3678 Mobile: (801) 602 3997 <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop