Hello all, I am using ntop to observe a /20 network which is nearly full, ie approx 80% hosts are up. (it's a cable ISP). my ntop box is a P4 1.7GHz 512 MB ram, 512 swap. My ntop is compiled from the jan 26 (or 27) snapshot.
When ntop runs it takes up memory progressievly untill the swap becomes 0 (ram has
about 1M free), and then the process is killed. In between I get messages like
ntop[12890]: WARNING: releaseMutex() call with an UN-LOCKED mutex [address.c:347]
VPN ntop[12889]: WARNING: releaseMutex() call with an UN-LOCKED mutex [hash.c:150]
Another interesting observation was that when I stopped ntop running with 0 swap from
web interface it took about half hour to free the memory
Jan 29 20:24:29 VPN ntop[8041]: ntop caught signal 0
Jan 29 20:24:29 VPN ntop[8041]: Cleaning up...
Jan 29 20:24:29 VPN ntop[8041]: Waiting until threads terminate...
Jan 29 20:24:30 VPN ntop[8039]: Address resolution terminated...
Jan 29 20:24:32 VPN ntop[8041]: Freeing hash host instances... (1 device(s) to save)
Jan 29 20:57:20 VPN ntop[8041]: 65535 instances freed
Jan 29 20:57:23 VPN ntop[8041]: Unloading plugins (if any)...
I am sending along the full logs (.gz attached) aswell as the textinfo
raj
ntop version.....2.1.55
Built on.....01/29/03 04:26:19 PM
OS.....i686-pc-linux-gnu
ntop Process Id.....8033
http Process Id.....8034
Command line
Started as..../usr/local/bin/ntop -o -i eth0 -P /home/ntop -u ntop -d -m
202.xx.xxx.0/20 -C -E -a /var/log/ntop/ntop.log -W 3001 -r 300 -t 5
Resolved to..../usr/local/bin/ntop
-o
-i
eth0
-P
/home/ntop
-u
ntop
-d
-m
202.xx.xxx.0/20
-C
-E
-a
/var/log/ntop/ntop.log
-W
3001
-r
300
-t
5
Command line parameters are:
-a | --access-log-path...../var/log/ntop/ntop.log
-b | --disable-decoders.....(default) No
-c | --sticky-hosts.....(default) No
-d | --daemon.....Yes
-e | --max-table-rows.....(default) 128
-f | --traffic-dump-file.....(default) (nil)
-g | --track-local-hosts.....(default) Track all hosts
-o | --no-mac.....Don't trust MAC Addresses
-i | --interface (effective).....eth0
-k | --filter-expression-in-extra-frame.....(default) No
-l | --pcap-log.....(default) (nil)
-m | --local-subnets (effective).....202.88.224.0/20
-n | --numeric-ip-addresses.....(default) No
-p | --protocols.....(default) internal list
-q | --create-suspicious-packets.....(default) Disabled
-r | --refresh-time.....300
-s | --no-promiscuous.....(default) No
-t | --trace-level.....5
-u | --user.....ntop (uid=500, gid=500)
-w | --http-server.....(default) Active, all interfaces, port 3000
-z | --disable-sessions.....(default) No
-B | --filter-expression.....(default) none
-D | --domain.....none
-E | --enable-external-tools.....Yes
-F | --flow-spec.....(default) none
-K | --enable-debug.....(default) No
-L | --use-syslog.....daemon
-M | --no-interface-merge (effective).....(default) (Merging Interfaces) Yes
-N | --no-nmap (effective).....Yes (nmap will be used)
-O | --pcap-file-path.....(default) /usr/local/var/ntop
-P | --db-file-path...../home/ntop
-U | --mapper.....(default) (nil)
-W | --https-server.....Active, all interfaces, port 3001
--throughput-chart-type.....(default) Area
--ignore-sigpipe.....(default) No
--ssl-watchdog.....(default) No
--dynamic-purge-limits.....(default) No
--reuse-rrd-graphics.....(default) No
--p3p-cp.....(default) none
--p3p-uri.....(default) none
Note: (effective) means that this is the value after ntop has processed the
parameter.
(default) means this is the default value, usually (but not always) set by a #define
in globals-defines.h.
Run time/Internal
External tool: lsof.....Yes
External tool: nmap.....Yes
Web server URL.....http://<any>:3000
SSL Web server URL.....https://<any>:3001
GDBM version.....This is GDBM version 1.8.0, as of May 19, 1999.
OpenSSL Version.....OpenSSL 0.9.6b [engine] 9 Jul 2001
zlib version.....1.1.4
Protocol Decoders.....Enabled
Fragment Handling.....Enabled
Tracking only local hosts.....No
# IP Protocols Being Monitored.....18
# Protocol slots.....950
# IP Ports Being Monitored.....58
# Ports slots.....116
# Handled SIGPIPE Errors.....0
# Handled HTTP Requests.....544
Devices (Network Interfaces).....1
Domain name (short).....
Host Memory Cache
Limit.....#define MAX_HOSTS_CACHE_LEN 512
Current Size.....0
Maximum Size.....327
# Entries Reused.....14308
MAC/IPX Hash tables
Special MAC Hash Size.....93
Special MAC Hash Collisions (load).....2
IPX/SAP Hash Size.....179
IPX/SAP Hash Collisions (load).....0
Vendor MAC Hash Size.....10257
Vendor MAC Hash Collisions (load).....585
Total Hash Collisions (Vendor/Special) (lookup).....0
Packet queue
Queued to Process.....0
Maximum queue.....0
Host Hash counts
Actual Hash Size.....69632
Stored hosts.....263069 [377 %]
Purge idle hosts.....Enabled
Purged hosts.....14308
Maximum hosts to purge per cycle.....512
DEFAULT_MAXIMUM_HOSTS_PURGE_PER_CYCLE.....512
TCP Session counts
Sessions.....12,439
Max Num. Sessions.....30,573
Terminated.....1,932,933
Address counts
Current Queue.....135544
Maximum Queued.....135544
Total Queued.....144008
Resolved with DNS.....5774
Kept Numeric.....2690
Found in Cache.....0
DNS responses sniffed.....211557
Thread counts
Active.....7
Dequeue.....1
Children (active).....0
lsof data
Updating.....Yes
# Monitored Processes.....13
Directory (search) order
Data Files......<br>/usr/local/share/ntop<br>
Config Files......<br>/usr/local/etc/ntop<br>/etc<br>
Plugins....../plugins<br>/usr/local/lib/ntop/plugins<br>
Compile Time: ./configure
./configure parameters.....--no-create --no-recursion
Built on (Host).....i686-pc-linux-gnu
Built for (Target).....i686-pc-linux-gnu
compiler (cflags).....gcc -DLINUX -g -O2 -Wshadow -Wpointer-arith -Wmissing-prototypes
-Wmissing-declarations -Wnested-externs -fPIC -DHAVE_CONFIG_H
include path.....-I/usr/include -I/usr/include -I/root/ntop-current/gdchart0.94c
-I/root/ntop-current/gdchart0.94c/gd-1.8.3 -I/root/ntop-current/gdchart0.9
4c/gd-1.8.3/libpng-1.2.4
system libraries.....-lpthread -lresolv -lnsl -lc -lm -lz -lssl -lpcap -lgdbm -lcrypto
-ldl -lc -lc -lc -lcrypt -L/usr/lib -lpcap -L/usr/lib -lgdbm -L/root
/ntop-current/gdchart0.94c -lgdchart -L/root/ntop-current/gdchart0.94c/gd-1.8.3 -lgd
-L/root/ntop-current/gdchart0.94c/gd-1.8.3/libpng-1.2.4 -lpng
install path...../usr/local
GNU C (gcc) version.....3.2 20020903 (Red Hat Linux 8.0 3.2-7) (3.2.0)
Internationalization (i18n)
i18n enabled.....No
Compile Time: Debug settings in globals-defines.h
DEBUG.....no
ADDRESS_DEBUG.....no
DNS_DEBUG.....no
DNS_SNIFF_DEBUG.....no
FTP_DEBUG.....no
GDBM_DEBUG.....no
HASH_DEBUG.....no
HHTTP_DEBUG.....no
IDLE_PURGE_DEBUG.....no
MEMORY_DEBUG.....no
NETFLOW_DEBUG.....no
SEMAPHORE_DEBUG.....no
SESSION_TRACE_DEBUG.....no
SSLWATCHDOG_DEBUG.....no
STORAGE_DEBUG.....no
UNKNOWN_PACKET_DEBUG.....no
Compile Time: globals-define.h
PARM_PRINT_ALL_SESSIONS.....no
PARM_PRINT_RETRANSMISSION_DATA.....no
PARM_FORK_CHILD_PROCESS.....yes (normal)
CGI Scripts.....globals-defines.h: #define PARM_USE_CGI
Alternate row colors.....globals-defines.h: /* #define PARM_USE_COLOR */
Buggy gethostbyaddr() - use alternate implementation.....globals-defines.h: /* #define
PARM_USE_HOST */
MAKE_ASYNC_ADDRESS_RESOLUTION.....yes
MAKE_WITH_SSLWATCHDOG.....yes
MAKE_WITH_SSLWATCHDOG_RUNTIME (derived).....yes
Bad IP Address table size.....globals-defines.h: #define MAX_NUM_BAD_IP_ADDRESSES 3
OST_FREE_DEBUG.....no
Bad IP Address timeout (seconds).....#define PARM_WEDONTWANTTOTALKWITHYOU_INTERVAL 300
Minimum refresh interval (seconds).....#define PARM_MIN_WEBPAGE_AUTOREFRESH_TIME 15
Maximum # of Protocols to show in graphs.....#define MAX_NUM_PROTOS 64
Maximum # of routers (Local Subnet Routers report).....#define MAX_NUM_ROUTERS 512
Maximum # of network interface devices.....#define MAX_NUM_DEVICES 32
Maximum # of processes for lsof report.....#define MAX_NUM_PROCESSES_READLSOFINFO 1024
Maximum network size (hosts per interface).....#define MAX_SUBNET_HOSTS 1024
Allocated # of passive FTP sessions.....#define MAX_PASSIVE_FTP_SESSION_TRACKER 384
Inactive passive FTP session timeout (seconds).....#define
PARM_PASSIVE_SESSION_MINIMUM_IDLE 60
Compile Time: Hash Table Sizes
Initial size.....#define CONST_HASH_INITIAL_SIZE 32
After 1st extend.....#define CONST_HASH_MINIMUM_SIZE 512
Intermediate increase factor.....#define CONST_HASH_INCREASE_FACTOR 2
Factor growth until.....#define CONST_HASH_FACTOR_MAXIMUM 4096
Then grow (linearly) by.....#define CONST_HASH_TERMINAL_INCREASE 4096
Compile Time: globals-define.h
Chart Format.....globals-report.h: #define CHART_FORMAT ".png"
Compile Time: config.h
CFG_CONFIGFILE_DIR - config file directory...../usr/local/etc/ntop
CFG_DATAFILE_DIR - data file directory...../usr/local/share/ntop
CFG_DBFILE_DIR - database file directory...../usr/local/var/ntop
MAKE_WITH_SSLV3_SUPPORT.....no
HAVE_ALLOCA_H.....present
HAVE_ARPA_INET_H.....present
HAVE_ARPA_NAMESER_H.....present
HAVE_BACKTRACE.....present
HAVE_CRYPT_H.....present
HAVE_CTIME_R.....present
HAVE_DIRENT_H.....present
HAVE_DLFCN_H.....present
HAVE_DL_H.....absent
HAVE_ERRNO_H.....present
HAVE_ETHERTYPE_H.....absent
HAVE_FCNTL_H.....present
HAVE_GDBM_H.....present
HAVE_GDCHART.....present
HAVE_GETIPNODEBYADDR.....absent
HAVE_GETOPT_H.....present
HAVE_GETOPT_LONG.....present
HAVE_IF_H.....absent
HAVE_INTxx_T Signed ints.....64 present, 32 present, 16 present,8 present
HAVE_U_INTxx_T Unsigned ints.....64 present, 32 present, 16 present,8 present
HAVE_LIBC.....present
HAVE_LIBC_R.....absent
HAVE_LIBDL.....present
HAVE_LIBGDBM.....present
HAVE_LIBKSTAT.....absent
HAVE_LIBNSL.....present
HAVE_LIBPCAP.....present
HAVE_LIBPOSIX4.....absent
HAVE_LIBPTHREAD.....present
HAVE_LIBPTHREADS.....absent
HAVE_LIBRESOLV.....present
HAVE_LIBSOCKET.....absent
HAVE_LIBWRAP (TCP Wrappers).....absent
HAVE_LOCALTIME_R.....present
HAVE_NCURSES_H.....present
HAVE_NETDB_H.....present
HAVE_NETINET_IF_ETHER_H.....present
HAVE_NETINET_IN_H.....present
HAVE_NETINET_IN_SYSTM_H.....present
HAVE_NETINET_IP_H.....present
HAVE_NETINET_IP_ICMP_H.....present
HAVE_NETINET_TCP_H.....present
HAVE_NETINET_UDP_H.....present
HAVE_NET_BPF_H.....present
HAVE_NET_ETHERNET_H.....present
HAVE_NET_IF_H.....present
HAVE_OPENSSL.....present
HAVE_PTHREAD_H.....present
HAVE_PWD_H.....present
HAVE_READLINE.....absent
HAVE_READLINE_READLINE_H.....present
HAVE_REGEX.....present
HAVE_SCHED_H.....absent
HAVE_SECURITY_PAM_APPL_H.....present
HAVE_SEMAPHORE_H.....present
HAVE_SHADOW_H.....present
HAVE_SIGNAL_H.....absent
HAVE_SNPRINTF.....present
HAVE_STDIO_H.....present
HAVE_STDLIB_H.....present
HAVE_STRING_H.....present
HAVE_STRSEP.....absent
HAVE_STRTOK_R.....present
HAVE_SYSLOG_H / HAVE_SYS_SYSLOG_H.....present / present
HAVE_SYS_IOCTL.....absent
HAVE_SYS_LDR_H.....absent
HAVE_SYS_SCHED_H.....absent
HAVE_SYS_SELECT_H.....present
HAVE_SYS_SOCKET_H.....present
HAVE_SYS_SOCKIO_H.....absent
HAVE_SYS_STAT_H.....present
HAVE_SYS_TIME_H.....present
HAVE_SYS_TYPES_H.....present
HAVE_SYS_UN_H.....present
HAVE_SYS_WAIT_H.....present
HAVE_TCPD_H.....present
HAVE_UNISTD_H.....present
HAVE_ZLIB (HTTP gzip compression).....present
HAVE_ZLIB_H.....present
CFG_MULTITHREADED.....yes
MAKE_WITH_IGNORE_SIGPIPE.....no
CFG_NEED_GETDOMAINNAME (getdomainname(2) function).....yes
CFG_NEED_INET_ATON.....no
NTOP_xxxxxx_ENDIAN (Hardware Endian).....little
CFG_PLUGIN_DIR (plugin file directory...../usr/local/lib/ntop/plugins
CFG_RUN_DIR (run file directory)...../usr/local/var/ntop
STDC_HEADERS (ANSI C header files).....yes
ntop.log.gz
Description: GNU Zip compressed data
