Honestly just for troubleshooting purposes I would install just ntopng from http://packages.ntop.org/ stable and see if you are seeing the same resource usage.
I'm running 2.0.151021 <https://github.com/ntop/ntopng/commit/a6a0601c17e7bb005bd4a6640005a45650702a58> - Professional Edition on centos 7 Here's my interface stats. Received Packets 93.74 GB [236,384,984 Pkts] Dropped Packets 0 Pkts From: [email protected] [mailto:[email protected]] On Behalf Of Dpto. Datos Television Costa Blanca Sent: Wednesday, November 04, 2015 10:41 AM To: [email protected] Subject: Re: [Ntop] Hardware requirements Tasks: 94 total, 1 running, 93 sleeping, 0 stopped, 0 zombie Cpu(s): 10.6%us, 3.6%sy, 0.0%ni, 34.9%id, 45.4%wa, 0.0%hi, 5.6%si, 0.0%st Mem: 2051056k total, 1978260k used, 72796k free, 1504k buffers Swap: 2094076k total, 1063816k used, 1030260k free, 39088k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1621 nobody 20 0 1609m 592m 15m D 55 29.6 2:45.03 ntopng 1352 redis 20 0 1500m 596m 468 S 5 29.8 0:31.86 redis-server 25691 redis 20 0 1499m 1.1g 176 D 4 57.0 0:18.77 redis-server Right now, in the iface with less traffic im having more than 68% of dropped packets and it is not showing the real bw usage. In the iface with more traffic im having like 96.98% of dropped packets. I've upgraded to the last version of nightly builds and in both interfaces Family is PF_RING. My configuration is: cor@ntopng:~$ cat /etc/ntopng/ntopng.conf -n=3 -w=3010 -W=0 -m="84.*.*.0/23,185.*.*.0/22,5.*.*.0/24,94.*.*.0/24,178.*.*.0/24,178.*.*.0/24,185.*.*.0/22,185.*.*.0/22" -A=1 -E=all -D=all -S=all -X=524288 -x=262144 -d=/storage/ntopng -C -G=/var/tmp/ntopng.pid -i=eth1 -i=eth2 And is made from nbox. Thanks, El 04/11/2015 a las 17:27, Joseph Jackson escribió: When host usage is 100% what is the process(s) that are causing the usage? Is it ntopng or something else? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Dpto. Datos Television Costa Blanca Sent: Wednesday, November 04, 2015 9:51 AM To: [email protected]<mailto:[email protected]> Subject: Re: [Ntop] Hardware requirements Hi Jospeh, host resource usage is 100% almost 100% of the time. I tried with and without PF_RING with same result. Capture NICs are Intel Corporation 82541GI Gigabit Ethernet Controller El 04/11/2015 a las 16:46, Joseph Jackson escribió: Whats the host resource usage when you are seeing the packet loss? When you select the interface from ntop dashboard does it show it using PF_Ring? I have a box that captures on 2 10gig interfaces at around 30K pps (just a subset of traffic) but it's a pretty beefy box. What is your capture nic? Joseph From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Dpto. Datos Television Costa Blanca Sent: Wednesday, November 04, 2015 9:43 AM To: [email protected]<mailto:[email protected]> Subject: Re: [Ntop] Hardware requirements Hello?! Can anyone confirm my messages are showing correctly in the list? Thanks in advance! El 30/10/2015 a las 10:59, Dpto. Datos Television Costa Blanca escribió: Hi all! Im bumping this. We want to buy the Pro version, but firts we want to test the community one. At this moment, we have a 4x Intel(R) Xeon(TM) CPU 2.80GHz with 2Gb RAM and 35Gb SCSI RAID1 in Ubuntu 12.04 We've installed nbox to control ntopng. With this configuration, we have more than 50% of packet drop and a few issues. While I have this: 8,436 Hosts<http://185.29.68.24:3010/lua/hosts_stats.lua> 254 Aggregations<http://185.29.68.24:3010/lua/aggregated_hosts_stats.lua> 14,101 Flows<http://185.29.68.24:3010/lua/flows_stats.lua> If I go to Hosts -> Networks only 2 of my local networks appear while I have configured 8 local networks. The 2 ones who appear in the Networks, are always the same (the 2 first configured in the -m option) and if I go to Hosts -> Hosts, only 40 hosts appears in the list. In Flows, only 1825 flows appears. I'm doing something wrong? All that info was only monitoring 1 interface. If I setup to monitor the 2Gb interfaces, packetdrop grows and interface get really really slow. What kind of hardware do I need to monitor both interfaces? Or, maybe, what kind of hardware configuration? P.E. Do i need 3 servers, 2 for nprobes and 1 for ntopng? We are planning to move to a 10G in the next year, so please, take that also into consideration. We know with the Pro version we can do some kind of traffic shaping, take that into consideration too. Without all that info, we cant buy the ntop licenses. Thanks in advance and Best Regards, El 27/10/2015 a las 18:06, Dpto. Datos Television Costa Blanca escribió: Hi All, What hardware or kind of configuration do you recommend for monitoring 2 Gb interfaces (port mirror mode)? Thanks in advance!!! --Daniel _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
