RE: [Ntop] issues with reporting - persistent storage (-S flag)

Sun, 24 Feb 2002 10:01:39 -0800 

Ok - you understand about ntop's periodic purges of idle hosts etc, right?

Check the code - whether it saves out the information is dependent upon the
'-S' flag.  And what type of machine it is:

    case 'S':
      /*
       * Persitent storage only for 'local' machines
       * Courtesy of Joel Crisp <[EMAIL PROTECTED]>
       *
       * 0 = no storage
       * 1 = store all hosts
       * 2 = store only local hosts
       */
      myGlobals.usePersistentStorage = atoi(optarg);
      if((myGlobals.usePersistentStorage > 2)
         || (myGlobals.usePersistentStorage < 0)) {
        printf("FATAL ERROR: -S flag accepts value in the 0-2 range.\n");
        exit(-1);
      }
      break;

re hash.h:

void freeHostInfo(int theDevice, HostTraffic *host, u_int hostIdx, int
actualDeviceId) {
...

  if(myGlobals.usePersistentStorage != 0) {
    if((!broadcastHost(host))
       && ((myGlobals.usePersistentStorage == 1)
           || subnetPseudoLocalHost(host)
           /*
             Courtesy of
             Joel Crisp <[EMAIL PROTECTED]>
           */
           ))
      storeHostTrafficInstance(host);
  }

  purgeHostIdx(theDevice, hostIdx);
...


So, set the -S flag in the man page, etc.

If you're frequently losing hosts (say you have a ping bot or whatever), you
can always adjust timeouts (just know that this will cost you memory!):

          address.c:  1415   #define ADDRESS_PURGE_TIMEOUT 12*60*60 /* 12
hours */
             http.c:   107   #define HTTP_REQUEST_TIMEOUT  -5
             util.c:    60   #define PASSIVE_SESSION_PURGE_TIMEOUT    60 /*
seconds */
             ntop.h:  1288   #define DB_TIMEOUT_REFRESH_TIME      30 /*
seconds */
             ntop.h:  1839   #define STATE_TIMEOUT                8
             ntop.h:  1847   /* This is the 2MSL timeout as defined in the
TCP standard (RFC 761) */
             ntop.h:  1848   #define TWO_MSL_TIMEOUT          120        /*
2 minutes */
             ntop.h:  1849   #define DOUBLE_TWO_MSL_TIMEOUT
(2*TWO_MSL_TIMEOUT)
             ntop.h:  1851   #define IDLE_HOST_PURGE_TIMEOUT  10*60    /*
30 minutes */
             ntop.h:  1852   #define IDLE_SESSION_TIMEOUT     10*60    /*
10 minutes */
             ntop.h:  1853   #define PURGE_ADDRESS_TIMEOUT    120*60   /*
2  hours   */
             ntop.h:  1854   #define PIPE_READ_TIMEOUT        15       /*
seconds */
            rules.h:    57   #define MIN_SCAN_TIMEOUT 10

-----Burton

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Igor
Schein
Sent: Friday, February 22, 2002 12:25 PM
To: [EMAIL PROTECTED]
Subject: [Ntop] issues with reporting


<snip>

3) After a certain period of inactivity, a host disapears from the list.
When it's active again and reappears, the traffic counter starts from zero.
IIRC, stable version didn't behave like that, and I was able to accumulate
traffic statistics for host over a few day period.  Is it a bug or a feature
in development version?  I see some merit on both behaviors, so I think it'd
be useful to be able to flip between them with a flag.


_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop

Reply via email to