Please, one item per message. Post that way to the public list and everyone gets the benefit of the discussion.
Had you done that, most messages would have gotten through - it's only the excessive size of the attachments that cause it to be held. But, given we have users all over the world reading this list (some/many of whom have slower dialup connections or pay by the bit), don't expect it to get released. If you have a large attachment. post it somewhere and include the pointer in the message to the list or better yet, do some intelligent excerpting. I'll post this so it gets into the archive, then respond individually. -----Burton > -----Original Message----- > From: pc [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 27, 2003 10:16 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Issues w/ ntop 2.2.93 > > I'm resending this message directly where the ntop-devel mailing list quarantined it for the moderator due to its size. Nothing happened with the previous for more then 24hrs. I also did a little more editing and added another attachment, so you can have the moderator delete the first message. > > -----Original Message----- > From: pc [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 26, 2003 9:07 PM > To: [EMAIL PROTECTED] > Subject: Issues w/ ntop 2.2.93 > > The other day I loaded 2.2.93 on my machine and there are a variety of issues that I have found. I'm a newbie around here, so please be a little patient. With the call for comments ASAP, I thought I would pass this along quickly instead of getting better acquainted with the group first. I'm not a networking expert and I'm not a c coder either, but I thought that my experience as a unix/NT SA could be of some use. > > First, my environment: The RedHat source rpm was downloaded and rebuilt on an RedHat 9 system. The system has all the latest RedHat updates installed including the latest kernel. The only thing that I changed in the ntop.spec was the release number so I don't screw up down the street (changed to local1 - a convention I use for locally compiled rpms). This means that NPTL is active. I've attached a copy of the output during the rebuild (see ntop.build.redhat9.rpm.txt). There were no problems encountered with the rebuild process and the install via rpm was also fine. There were a few issues with new vs. old file locations where the previous release was 2.2c from a cvs download. > > This box is somewhat of a toy I use for keeping up with what's happening in the linux world but I also use it for some valid development at times. I have a few services running (secondary DNS, NTP, backup DHCP, etc) for my relatively tiny home network (10 nodes). But I do have a couple of routers on the network and a Cabletron ELS100 switch, so I can do some advanced playing around. Linux firewall features are currently not running on this machine. rrdtool is installed but I'm not currently using it. A PR form is attached for further info (see: myconfig_20030826.txt) > > So here are some things that I've come up with: > > --use-syslog option not working > > The --use-syslog option no longer works on a separate facility. This option was configured and working fine using facility 'local1' on my machine with ntop 2.2c. Initially I had a problem with the -L option that was hard coded in the init.d script, but this has been repaired (see separate init.d issues below). If using -L it processes normally to the daemon facility. With --use-syslog=local1 only the following is being inserted in /var/log/messages: "Processing file /etc/ntop.conf for parameters...", followed by this message AGAIN (strange), followed by "ntop startup succeeded". When ntop is shutdown "ntop shutdown succeeded" is logged. Facility local1.* is configured in /etc/syslog.conf to go to file /var/log/ntop. The file is not being created when ntop is started. Touching the file manually and changing ownership to ntop does not help either (was not required for 2.2c). Looking at the ntop web configuration screen shows that the option is in fact being parsed and the option line shows that facility local1 should be in use. A very interesting aspect is the fact that the ntop web interface sees the log activity. My guess is that the log data is being held in memory. lsof of the ntop process shows an open write only pipe. Further testing by hard coding --use-syslog=local1 in the init script and removing it from /etc/ntop.conf does not help either. > > --access-log ownership error> > > The ntop user needs to own the file specified in the access log option. /etc/rc.d/init.d/ntop has been improved to take care of this (below). > > installed file ownership errors > > All files install as user root. Many of the files and directory structures need to be the ntop user in order for the process to run properly. The documentation is not real clear on which files and directories specifically need to be owned by the ntop user. In the past I have gone through things and made most everything that I could find associated with ntop the ntop user, but I suspect that this is probably not the best situation from a security perspective. Possibly a post configuration script would be best. > > /etc/rc.d/init.d/ntop script errors > > The /etc/rc.d/init.d/ntop service script has several errors. > > 1. In the start() section on line 47 the test needs to be quoted, otherwise the shell will complain that a binary condition is missing. ${db}/ntop_pw.db should be: "${db}/ntop_pw.db" > > 2. The -L option was hard coded. I added some additional logic to test the ntop.config file for the presence of the --use-syslog option. > > 3. The --access-log-path section has been corrected to handle the ownership permission issues stated earlier. > > 4. Cleaned up grep'ing of ntop.conf parameters with '^ *' sequence to prevent pulling data from comment lines. > > 5. --db-file-path - characters have been quoted with \'s for consistency (a nit) > > I tried to keep it in the style consistent with the rest of the script. A copy of the repaired script is attached (see:.ntop.initd.sh) > > /etc/ntop.conf.sample incomplete > > Many ntop configuration options are not included in the new ntop.config.samples file. I have added a variety in my local ntop.conf file and they all appear to parse properly when ntop is invoked. I didn't know if there was a reason for not including them, but I'd be willing to add them all and email the file in. > > admin options on the web interface > > All of the web page admin options that require authentication only return a blank page. The 'Shutdown' and 'Reset Stats' options produce an 'are you sure window' but are otherwise blank. And they don't appear to work either. I did not change the password from the previous ntop version, so the MSIE authentication is probably still active. My guess is that this may be related to the RedHat 9 situation with openssl, but who knows. > > ntop confuses default router and linux box & known host names change > > If I startup ntop and then go and ping everything in my network, all of the hosts are displayed nice and pretty by ntop. But after a while this seems to fall apart. Some things revert back to their manufacturer/MAC address and some others become a simple host name without the domain suffix and sometimes they become an IP address. The one very problematic one is that my box that I run ntop on becomes displayed as the IP address of the default router???? When I look at the host in the ntop web page it in fact displays both the IP addresses in the output. The record for the default router may or may not exist at the time. THIS IS NOT NEW TO v2.2.93! I was having this same issue with 2.2c (and was hoping it might be somehow corrected in the new version). In some of my debugging efforts I've noticed that ntop seems to be very sensitive to the contents of the arp cache at the time the web page is displayed. But once the data for the default route and local machine seemingly merge, nothing corrects it without a restart of ntop. I've attached a web page example of this. Note that the host name that ntop has named it is 172.22.22.254 but the actual IP address is 172.22.22.55. The initial name that ntop named it was pc5.localnet which is in line with it's actual host name. (see: > ntopIPmismatch.zip) > > multicast traffic considered remote> > > Multicast traffic is considered 'remote' traffic by ntop. Is this appropriate? I have locally added 224.0.0.0/8 to my --local-subnets and this workaround is effective for the moment. This is not a new issue either. > > where are the temporary html files created? > > I've looked everywhere and I don't have a clue (here is an opportunity for a free shot!). I see the calls in the access log for these files but they don't seem to be written to disk anywhere by ntop. I've read the FAQ's regarding the strange things that happen with paths running in the daemon mode but still no luck after doing a find of the entire system. Are they written to disk? If not, it might be a nice option to do so. > > allow control host data stay time (purge) to be tuned > > It would be really nice if the host purge time were a runtime configurable instead of a compiled parameter. > > RedHat support? > > On the www.ntop.org website there are a variety of downloads available for a variety of linux distributions, but RedHat is not listed. It's not until you dig into the FAQ's that you find out that RedHat has been used in the development process. Is there an intention to provide RedHat rpm's directly at some point? I definitely prefer rpm as an installation means vs. a manual compile. I'm also familiar with apt and I'm just as familiar with the locking and corruption bugs that apt has brought to the rpm methodology (I'm dealing with them already in another forum). The reason I mention this is that I was initially 'shy' to ntop where it did not 'appear' that it was supported on RedHat. I know that Debian is probably a better environment for what I'm doing, but the fact is that there are several database engines that I have loaded that only support the RedHat flavor. > > -E option is still in FAQ's > > There are a variety of locations in the documentation (particularly the FAQ's) where the -E option is used in an example but this option is no longer available in 2.2.93. > > > So that's it for now... I'll pass along more as I run into them. > > Tim Malnati > > << File: ntop.build.redhat9.rpm.txt >> << File: ntop.initd.sh >> << File: myconfig_20030826.txt >> << File: ntopIPmismatch.zip >> > _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
