Hi, Is it viable / recommended to write n2disk cache to (low latency) network storage?
I have multiple servers I would like to capture certain traffic profile on but then some time later be able to extract pcaps realated to certain application events. My thinking is I'd rather not have to do the npacpextract "on box" and then have to work out how to copy them somewhere else on the network when I could just do the npacpextract directly off network storage. Are there any limitations / gotchas I should be aware of if using npacpextract from a network attached cache while it is being written? Also, this comes back to a question I asked the other day. but assuming I wanted to npacpextract a certain pcap that happened between timestamps X and Y on port Z but I'm not sure yet if that data has been yet flushed to disk. are my only options either to: * use the [--max-file-duration|-t] $secs option and wait $secs after the associated application event until attempting to npacpextract * force an explicit flush by sending a USR1 signal to the n2disk process. (this approach would be complicated if the cache is on network storage and the consumer wishing to run npacpextract is on a different machine than the n2disk process) It seems like the first option is the least worst approach. Can you suggest any others? Thanks, RD
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
