Hi Luca,
I am out of the office today, I will do this tomorrow morning.
Thanks,
Marc.
Sent from my iPhone
Le 2010-07-15 à 04:31, Luca Deri <[email protected]> a écrit :
Marc
please capture a pcap file (tcpdump -s 0 -w luca.pcap) and mail me
luca.pcap. Please capture the flows you're sending to ntop so that I
can reporduce the bug here
Thanks Luca
On 07/13/2010 08:24 PM, Marc Mazuhelli wrote:
Hello Gary,
Thanks for the tip. I can have our networking guy have a look at
this option
(I am not I control of the 6506).
Except that we don't have 32000 interfaces on our 6506! We have a
very
limited number of interfaces (I don't know the exact number, but
I'm sure
it's less than your "dozen or so" interfaces).
So something else seems to be wrong with our ntop / NetFlow setup.
Any other suggestions anyone?
Thank you very much and have a nice day!
Marc.
On 10-07-13 11:15, Gary Gatten at [email protected] wrote?:
Your 6500 is outputting interface level flows and ntop is building
a different
graph for each interface. I see this as well, but I only have a
dozen or so
IF's on my 6509.
Let me get in the office and check my 6509 confs and IOS version.
I think you
can disable the interface "ID" in the flow exports, but don't
recall how right
now.....
----- Original Message -----
From: [email protected] <[email protected]
>
To: [email protected] <[email protected]>
Sent: Tue Jul 13 09:45:55 2010
Subject: [Ntop] Ntop 3.4-pre3 and Netflow
problem: thousands of "interfaces" ?
Hello,
I installed ntop 3.4-pre3 (from svn) on RedHat 5.5. I am trying to
have it
analyse Netflows from a Cisco Catalyst 6500 (we are new to
Netflows, it's
the first time we use them).
As soon as ntop starts up, it sees and interprets traffic that it
receives
via Netflow but this only lasts for a while. After just a few
minutes, in
the "Plugins -> NetFlow -> Statistics" (or "view / Configure")
page, the
table for "Device 1 - NetFlow-device.2" contains thousands and
thousands of
lines with different "interface" numbers. The page takes forever
to load,
especially because every line contains a rrd graph. The lines all
contain
"10.1.254.254:53853" in the " NetFlow Device" column (this
corresponds to
the 6500 that is feeding it Netflows), and a number that starts at
0 and is
incremented by 1 on each line in the "Interface Name/Id" column.
After a few minutes, ntop doesn't show any stats anymore, and the
log shows
this:
Tue Jul 13 10:30:15 2010 **WARNING** RRD:
mkdir(/var/run/ntop34/rrd/interfaces/NetFlow-device.2/NetFlow/
65522_16790297
4_53853/), error 31 Too many links
Tue Jul 13 10:30:15 2010 **WARNING** RRD:
rrd_create(/var/run/ntop34/rrd/interfaces/NetFlow-device.2/NetFlow/
65522_167
902974_53853/ifInOctets.rrd) error: creating
'/var/run/ntop34/rrd/interfaces/NetFlow-device.2/NetFlow/
65522_167902974_538
53/ifInOctets.rrd': No such file or directory
At this point the "rrd/interfaces/NetFlow-device.2/NetFlow"
directory
contains 31999 directories with names like: 24253_167902974_53853,
2415_167902974_53853 or 39447_167902974_53853.
Something seems wrong all these "interfaces" should not be sep
arated, they
all come from the same Netflow!
Any idea on what I can do to fix this?
Thank you very much,
Marc.
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
