See in-line -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Vinny Abello > Sent: Tuesday, July 20, 2004 9:48 AM > To: [EMAIL PROTECTED] > Subject: RE: [Ntop-dev] NTOP 2.2c and 3.0 crash with Netflow > > > At 12:44 PM 7/18/2004, you wrote: > >WRONG > > :P > > >Read the stuff in docs/FAQ about hosts. Unless you pick the > options right, > >the number of hosts being monitored is every host in all the packets - > >that's BOTH source and destination. The size/mask of your network is > >largely irrelevant. > > OK.. I swear I have gone through every document I can find and > they all are > very very brief and don't seem to give this information. Maybe > I'm looking > in the entirely wrong place. I was trying to find the info on > ntop.org and > fail to see where complete documentation is under the docs link.
Old cr*p - but Luca doesn't have time to maintain it, nor take it down. > The man > pages just list the options and don't really recommend one thing over > another for specific setups. Please point me in the right direction, I'd > appreciate it. I just need a document stating something to the effect, to > monitor this type of setup, generally use these options... this option is > very memory intensive for internet useage, etc... What's there is docs/FAQ and the back traffic on the lists. Start at Q. Why does ntop use so much memory ? > >What you're going to have to do is to figure out what you want/need to > >monitor and adjust ntop accordingly. Look into > --track-local-hosts and/or > >the -B filter option. > > Mainly, I'd like to monitor all traffic flows for my local hosts on the > network, along with traffic flows to and from all remote ASNs. From what > you're saying, I am apparently monitoring all remote hosts > involved in the > flows as well which is eating up the memory? I believe last time > I ran it, > I did use the -B option if memory serves correctly. I'll try looking over > the docs again, but if there is a much more descriptive document > somewhere > that I'm missing, I'd appreciate a pointer to it. Thanks! :) man ntop and the write up in docs/FAQ on --track-local-hosts > > > >-----Burton > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Behalf Of Vinny Abello > > > Sent: Sunday, July 18, 2004 10:47 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [Ntop-dev] NTOP 2.2c and 3.0 crash with Netflow > > > > > > > > > Well, it's just a single Cisco 7206. We're an ISP and I'm > monitoring all > > > the flows on the router at a certain node on our network. It's > > > using 2+ GB > > > of RAM to do so. In a very basic summary, there are 3 DS3's and a fast > > > ethernet trunk. One DS3 is channelized which is in reality 28 > T1's. The > > > traffic load probably peaks at around 25Mbps. The number of > hosts is not > > > precisely known other than the /18 and two /20's that comprise > > > our network. > > > If NTOP is not the solution for doing this, can someone point > me in the > > > right direction as to what to try? We're not that large of an > ISP and I > > > can't imagine that the larger ISP's have this problem with several > > > OC12/OC48 circuits on a single router watching the flows. > > > Watching just the > > > single router worked a lot longer than more than one. It > probably worked > > > for half a day before it died again. This is on a weekend too > > > when there is > > > a lot less traffic. > > > > > > At 08:11 AM 7/18/2004, you wrote: > > > >How about giving us the info on what you are monitoring? It's quite > > > >possible to throw more hosts at ntop than you have memory to > monitor - in > > > >fact this is discussed frequently - search the back traffic. > > > > > > > >W/ 3.0 and the stopcap option, the web server should remain > up so you can > > > >obtain the PR (Problem Report) and/or the > > > info.html/textinfo.html page which > > > >has the details about what's been stored. > > > > > > > >-----Burton > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > > > > > Behalf Of Vinny Abello > > > > > Sent: Wednesday, July 14, 2004 11:08 AM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: Re: [Ntop-dev] NTOP 2.2c and 3.0 crash with Netflow > > > > > > > > > > > > > > > Hi Luca, > > > > > > > > > > There are still problems with the latest version I just > > > grabbed from CVS. > > > > > It still crashes after about the same amount of time and gives > > > > > this output: > > > > > > > > > > Wed Jul 14 11:43:22 2004 **FATAL_ERROR** malloc(10384) @ > pbuf.c:122 > > > > > returned NULL [no more memory?] > > > > > Wed Jul 14 11:43:22 2004 **WARNING** ntop packet capture STOPPED > > > > > Wed Jul 14 11:43:22 2004 NOTE: ntop web server remains up > > > > > Wed Jul 14 11:43:22 2004 NOTE: Shutdown gracefully and > > > restart with more > > > > > memory > > > > > Wed Jul 14 11:43:22 2004 **FATAL_ERROR** malloc(10384) @ > pbuf.c:122 > > > > > returned NULL [no more memory?] > > > > > Segmentation fault > > > > > > > > > > > > > > > If you'd like, I can get you more information or turn on > > > debugging levels > > > > > or something. Let me know. > > > > > > > > > > At 05:06 AM 7/14/2004, you wrote: > > > > > >Vinny, > > > > > >I have rewritten a lot of code part of the NF plugin. Please > > > fetch ntop > > > > > >from CVS, compile it and let me know if it works for you. > > > Make sure you > > > > > >canfigure both ntop and the NF plugin properly for your > environment. > > > > > > > > > > > >Regards, Luca > > > > > > > > > > > >Vinny Abello wrote: > > > > > > > > > > > >>Hello, > > > > > >> > > > > > >>Please forgive me if this has been discussed and there is a > > > solution to > > > > > >>this somewhere. I couldn't not find an answer, only more people > > > > > with the > > > > > >>same problem. I cannot get NTOP to run for more than a > few minutes > > > > > >>without crashing once I have the Netflow plugin active and > > > a router or > > > > > >>routers sending netflow data to it. I'm running this on > Gentoo Linux > > > > > >>kernel 2.4.26-gentoo-r5 on a P4 2.8GHz CPU (SMP currently > > > > > disabled). Both > > > > > >>2.2c and 3.0 were installed from the Gentoo portage > collection with > > > > > >>emerge. Below is the error output I get from 3.0: > > > > > >> > > > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(8976) > @ pbuf.c:122 > > > > > >>returned NULL [no more memory?] > > > > > >>Tue Jul 13 13:19:28 2004 **WARNING** ntop packet > capture STOPPED > > > > > >>Tue Jul 13 13:19:28 2004 NOTE: ntop web server remains up > > > > > >>Tue Jul 13 13:19:28 2004 NOTE: Shutdown gracefully and restart > > > > > with more > > > > > >>memory > > > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) > @ hash.c:1013 > > > > > >>returned NULL [no more memory?] > > > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) > @ hash.c:1013 > > > > > >>returned NULL [no more memory?] > > > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) > @ hash.c:1013 > > > > > >>returned NULL [no more memory?] > > > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) > @ hash.c:1013 > > > > > >>returned NULL [no more memory?] > > > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) > @ hash.c:1013 > > > > > >>returned NULL [no more memory?] > > > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) > @ hash.c:1013 > > > > > >>returned NULL [no more memory?] > > > > > >>Tue Jul 13 13:19:28 2004 **FATAL_ERROR** malloc(3776) > @ hash.c:1013 > > > > > >>returned NULL [no more memory?] > > > > > >>Tue Jul 13 13:19:28 2004 **WARNING** THREADMGMT: netFlow > > > > > thread(114696) > > > > > >>terminated > > > > > >>Tue Jul 13 13:19:28 2004 THREADMGMT: pcap dispatch thread > > > terminated... > > > > > >>Tue Jul 13 13:19:46 2004 THREADMGMT: Idle Scan thread (49156) > > > > > terminated > > > > > >>Tue Jul 13 13:19:52 2004 **WARNING** THREADMGMT: > Address resolution > > > > > >>thread terminated... > > > > > >>Tue Jul 13 13:21:39 2004 THREADMGMT: Fingerprint Scan > > > thread (32771) > > > > > >>terminated > > > > > >> > > > > > >> > > > > > >>Both 2.2c and 3.0 generally give the same error when they > > > crash (just > > > > > >>displayed differently). Is there a known fix for this? > Should I be > > > > > >>compiling with a different option manually instead of > using Gentoo's > > > > > >>portage? I keep seeing references to there being no more > > > > > memory... I know > > > > > >>this isn't referring to the physical system as it has a > > > total of 4GB of > > > > > >>RAM plus swap and doesn't even touch it. The only thing I'm > > > > > really trying > > > > > >>to do with it currently is run NTOP. It doesn't do much else. > > > > > If any more > > > > > >>information is needed, I'll gladly provide it. Thanks in > > > > > advance for any > > > > > >>help, and again - if this is already answered somewhere, please > > > > > point me > > > > > >>to the information. No further explanations needed. I just > > > > > couldn't find > > > > > >>the solution. Thanks! :) > > > > > >> > > > > > >>Vinny Abello > > > > > >>Network Engineer > > > > > >>Server Management > > > > > >>[EMAIL PROTECTED] > > > > > >>(973)300-9211 x 125 > > > > > >>(973)940-6125 (Direct) > > > > > >>PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 > > > FBCB 0100 977A > > > > > >> > > > > > >>Tellurian Networks - The Ultimate Internet Connection > > > > > >>http://www.tellurian.com (888)TELLURIAN > > > > > >> > > > > > >>There are 10 kinds of people in the world. Those who > > > understand binary > > > > > >>and those that don't. > > > > > >> > > > > > >>_______________________________________________ > > > > > >>Ntop-dev mailing list > > > > > >>[EMAIL PROTECTED] > > > > > >>http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > > > > > > > > > > > > > > > >-- > > > > > >Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ > > > > > >Hacker: someone who loves to program and enjoys being > > > > > >clever about it - Richard Stallman > > > > > > > > > > > >_______________________________________________ > > > > > >Ntop-dev mailing list > > > > > >[EMAIL PROTECTED] > > > > > >http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > > > > > > > Vinny Abello > > > > > Network Engineer > > > > > Server Management > > > > > [EMAIL PROTECTED] > > > > > (973)300-9211 x 125 > > > > > (973)940-6125 (Direct) > > > > > PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB > > > 0100 977A > > > > > > > > > > Tellurian Networks - The Ultimate Internet Connection > > > > > http://www.tellurian.com (888)TELLURIAN > > > > > > > > > > There are 10 kinds of people in the world. Those who understand > > > > > binary and > > > > > those that don't. > > > > > > > > > > _______________________________________________ > > > > > Ntop-dev mailing list > > > > > [EMAIL PROTECTED] > > > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > >_______________________________________________ > > > >Ntop-dev mailing list > > > >[EMAIL PROTECTED] > > > >http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > Vinny Abello > > > Network Engineer > > > Server Management > > > [EMAIL PROTECTED] > > > (973)300-9211 x 125 > > > (973)940-6125 (Direct) > > > PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB > 0100 977A > > > > > > Tellurian Networks - The Ultimate Internet Connection > > > http://www.tellurian.com (888)TELLURIAN > > > > > > There are 10 kinds of people in the world. Those who understand > > > binary and > > > those that don't. > > > > > > _______________________________________________ > > > Ntop-dev mailing list > > > [EMAIL PROTECTED] > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > >_______________________________________________ > >Ntop-dev mailing list > >[EMAIL PROTECTED] > >http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > Vinny Abello > Network Engineer > Server Management > [EMAIL PROTECTED] > (973)300-9211 x 125 > (973)940-6125 (Direct) > PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A > > Tellurian Networks - The Ultimate Internet Connection > http://www.tellurian.com (888)TELLURIAN > > There are 10 kinds of people in the world. Those who understand > binary and > those that don't. > > _______________________________________________ > Ntop-dev mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
