WRONG
:P
Read the stuff in docs/FAQ about hosts. Unless you pick the options right, the number of hosts being monitored is every host in all the packets - that's BOTH source and destination. The size/mask of your network is largely irrelevant.
OK.. I swear I have gone through every document I can find and they all are very very brief and don't seem to give this information. Maybe I'm looking in the entirely wrong place. I was trying to find the info on ntop.org and fail to see where complete documentation is under the docs link. The man pages just list the options and don't really recommend one thing over another for specific setups. Please point me in the right direction, I'd appreciate it. I just need a document stating something to the effect, to monitor this type of setup, generally use these options... this option is very memory intensive for internet useage, etc...
What you're going to have to do is to figure out what you want/need to monitor and adjust ntop accordingly. Look into --track-local-hosts and/or the -B filter option.
Mainly, I'd like to monitor all traffic flows for my local hosts on the network, along with traffic flows to and from all remote ASNs. From what you're saying, I am apparently monitoring all remote hosts involved in the flows as well which is eating up the memory? I believe last time I ran it, I did use the -B option if memory serves correctly. I'll try looking over the docs again, but if there is a much more descriptive document somewhere that I'm missing, I'd appreciate a pointer to it. Thanks! :)
-----Burton
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Vinny Abello > Sent: Sunday, July 18, 2004 10:47 AM > To: [EMAIL PROTECTED] > Subject: RE: [Ntop-dev] NTOP 2.2c and 3.0 crash with Netflow > > > Well, it's just a single Cisco 7206. We're an ISP and I'm monitoring all > the flows on the router at a certain node on our network. It's > using 2+ GB > of RAM to do so. In a very basic summary, there are 3 DS3's and a fast > ethernet trunk. One DS3 is channelized which is in reality 28 T1's. The > traffic load probably peaks at around 25Mbps. The number of hosts is not > precisely known other than the /18 and two /20's that comprise > our network. > If NTOP is not the solution for doing this, can someone point me in the > right direction as to what to try? We're not that large of an ISP and I > can't imagine that the larger ISP's have this problem with several > OC12/OC48 circuits on a single router watching the flows. > Watching just the > single router worked a lot longer than more than one. It probably worked > for half a day before it died again. This is on a weekend too > when there is > a lot less traffic. > > At 08:11 AM 7/18/2004, you wrote: > >How about giving us the info on what you are monitoring? It's quite > >possible to throw more hosts at ntop than you have memory to monitor - in > >fact this is discussed frequently - search the back traffic. > > > >W/ 3.0 and the stopcap option, the web server should remain up so you can > >obtain the PR (Problem Report) and/or the > info.html/textinfo.html page which > >has the details about what's been stored. > > > >-----Burton > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Behalf Of Vinny Abello > > > Sent: Wednesday, July 14, 2004 11:08 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [Ntop-dev] NTOP 2.2c and 3.0 crash with Netflow > > > > > > > > > Hi Luca, > > > > > > There are still problems with the latest version I just > grabbed from CVS. > > > It still crashes after about the same amount of time and gives > > > this output: > > > > > > Wed Jul 14 11:43:22 2004 **FATAL_ERROR** malloc(10384) @ pbuf.c:122 > > > returned NULL [no more memory?] > > > Wed Jul 14 11:43:22 2004 **WARNING** ntop packet capture STOPPED > > > Wed Jul 14 11:43:22 2004 NOTE: ntop web server remains up > > > Wed Jul 14 11:43:22 2004 NOTE: Shutdown gracefully and > restart with more > > > memory > > > Wed Jul 14 11:43:22 2004 **FATAL_ERROR** malloc(10384) @ pbuf.c:122 > > > returned NULL [no more memory?] > > > Segmentation fault > > > > > > > > > If you'd like, I can get you more information or turn on > debugging levels > > > or something. Let me know. > > > > > > At 05:06 AM 7/14/2004, you wrote: > > > >Vinny, > > > >I have rewritten a lot of code part of the NF plugin. Please > fetch ntop > > > >from CVS, compile it and let me know if it works for you. > Make sure you > > > >canfigure both ntop and the NF plugin properly for your environment. > > > > > > > >Regards, Luca > > > > > > > >Vinny Abello wrote: > > > > > > > >>Hello, > > > >> > > > >>Please forgive me if this has been discussed and there is a > solution to > > > >>this somewhere. I couldn't not find an answer, only more people > > > with the > > > >>same problem. I cannot get NTOP to run for more than a few minutes > > > >>without crashing once I have the Netflow plugin active and > a router or > > > >>routers sending netflow data to it. I'm running this on Gentoo Linux > > > >>kernel 2.4.26-gentoo-r5 on a P4 2.8GHz CPU (SMP currently > > > disabled). Both > > > >>2.2c and 3.0 were installed from the Gentoo portage collection with > > > >>emerge. Below is the error output I get from 3.0: > > > >> > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(8976) @ pbuf.c:122 > > > >>returned NULL [no more memory?] > > > >>Tue Jul 13 13:19:28 2004 **WARNING** ntop packet capture STOPPED > > > >>Tue Jul 13 13:19:28 2004 NOTE: ntop web server remains up > > > >>Tue Jul 13 13:19:28 2004 NOTE: Shutdown gracefully and restart > > > with more > > > >>memory > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) @ hash.c:1013 > > > >>returned NULL [no more memory?] > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) @ hash.c:1013 > > > >>returned NULL [no more memory?] > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) @ hash.c:1013 > > > >>returned NULL [no more memory?] > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) @ hash.c:1013 > > > >>returned NULL [no more memory?] > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) @ hash.c:1013 > > > >>returned NULL [no more memory?] > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) @ hash.c:1013 > > > >>returned NULL [no more memory?] > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) @ hash.c:1013 > > > >>returned NULL [no more memory?] > > > >>Tue Jul 13 13:19:28 2004 **WARNING** THREADMGMT: netFlow > > > thread(114696) > > > >>terminated > > > >>Tue Jul 13 13:19:28 2004 THREADMGMT: pcap dispatch thread > terminated... > > > >>Tue Jul 13 13:19:46 2004 THREADMGMT: Idle Scan thread (49156) > > > terminated > > > >>Tue Jul 13 13:19:52 2004 **WARNING** THREADMGMT: Address resolution > > > >>thread terminated... > > > >>Tue Jul 13 13:21:39 2004 THREADMGMT: Fingerprint Scan > thread (32771) > > > >>terminated > > > >> > > > >> > > > >>Both 2.2c and 3.0 generally give the same error when they > crash (just > > > >>displayed differently). Is there a known fix for this? Should I be > > > >>compiling with a different option manually instead of using Gentoo's > > > >>portage? I keep seeing references to there being no more > > > memory... I know > > > >>this isn't referring to the physical system as it has a > total of 4GB of > > > >>RAM plus swap and doesn't even touch it. The only thing I'm > > > really trying > > > >>to do with it currently is run NTOP. It doesn't do much else. > > > If any more > > > >>information is needed, I'll gladly provide it. Thanks in > > > advance for any > > > >>help, and again - if this is already answered somewhere, please > > > point me > > > >>to the information. No further explanations needed. I just > > > couldn't find > > > >>the solution. Thanks! :) > > > >> > > > >>Vinny Abello > > > >>Network Engineer > > > >>Server Management > > > >>[EMAIL PROTECTED] > > > >>(973)300-9211 x 125 > > > >>(973)940-6125 (Direct) > > > >>PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 > FBCB 0100 977A > > > >> > > > >>Tellurian Networks - The Ultimate Internet Connection > > > >>http://www.tellurian.com (888)TELLURIAN > > > >> > > > >>There are 10 kinds of people in the world. Those who > understand binary > > > >>and those that don't. > > > >> > > > >>_______________________________________________ > > > >>Ntop-dev mailing list > > > >>[EMAIL PROTECTED] > > > >>http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > > > > > > > >-- > > > >Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ > > > >Hacker: someone who loves to program and enjoys being > > > >clever about it - Richard Stallman > > > > > > > >_______________________________________________ > > > >Ntop-dev mailing list > > > >[EMAIL PROTECTED] > > > >http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > Vinny Abello > > > Network Engineer > > > Server Management > > > [EMAIL PROTECTED] > > > (973)300-9211 x 125 > > > (973)940-6125 (Direct) > > > PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB > 0100 977A > > > > > > Tellurian Networks - The Ultimate Internet Connection > > > http://www.tellurian.com (888)TELLURIAN > > > > > > There are 10 kinds of people in the world. Those who understand > > > binary and > > > those that don't. > > > > > > _______________________________________________ > > > Ntop-dev mailing list > > > [EMAIL PROTECTED] > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > >_______________________________________________ > >Ntop-dev mailing list > >[EMAIL PROTECTED] > >http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > Vinny Abello > Network Engineer > Server Management > [EMAIL PROTECTED] > (973)300-9211 x 125 > (973)940-6125 (Direct) > PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A > > Tellurian Networks - The Ultimate Internet Connection > http://www.tellurian.com (888)TELLURIAN > > There are 10 kinds of people in the world. Those who understand > binary and > those that don't. > > _______________________________________________ > Ntop-dev mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev
_______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
There are 10 kinds of people in the world. Those who understand binary and those that don't.
_______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
