The amount of ram is too low! You should have at least 1 gb ram and even in that case it would not be enought.
You should start ntop using -g option and even in that option i think that your systems in not enought for a such large network! I said that because you should have a version that has already got the new host refresh routine i think... so try -g and then....upgrade your system or sniff a smaller network Ciao Pietro -----Messaggio originale----- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Per conto di listuser Inviato: gioved� 30 gennaio 2003 9.22 A: [EMAIL PROTECTED] Oggetto: [Ntop] Ntop crashing and memory usage Hello all, I am using ntop to observe a /20 network which is nearly full, ie approx 80% hosts are up. (it's a cable ISP). my ntop box is a P4 1.7GHz 512 MB ram, 512 swap. My ntop is compiled from the jan 26 (or 27) snapshot. When ntop runs it takes up memory progressievly untill the swap becomes 0 (ram has about 1M free), and then the process is killed. In between I get messages like ntop[12890]: WARNING: releaseMutex() call with an UN-LOCKED mutex [address.c:347] VPN ntop[12889]: WARNING: releaseMutex() call with an UN-LOCKED mutex [hash.c:150] Another interesting observation was that when I stopped ntop running with 0 swap from web interface it took about half hour to free the memory Jan 29 20:24:29 VPN ntop[8041]: ntop caught signal 0 Jan 29 20:24:29 VPN ntop[8041]: Cleaning up... Jan 29 20:24:29 VPN ntop[8041]: Waiting until threads terminate... Jan 29 20:24:30 VPN ntop[8039]: Address resolution terminated... Jan 29 20:24:32 VPN ntop[8041]: Freeing hash host instances... (1 device(s) to save) Jan 29 20:57:20 VPN ntop[8041]: 65535 instances freed Jan 29 20:57:23 VPN ntop[8041]: Unloading plugins (if any)... I am sending along the full logs (.gz attached) aswell as the textinfo raj ntop version.....2.1.55 Built on.....01/29/03 04:26:19 PM OS.....i686-pc-linux-gnu ntop Process Id.....8033 http Process Id.....8034 Command line Started as..../usr/local/bin/ntop -o -i eth0 -P /home/ntop -u ntop -d -m 202.xx.xxx.0/20 -C -E -a /var/log/ntop/ntop.log -W 3001 -r 300 -t 5 Resolved to..../usr/local/bin/ntop -o -i eth0 -P /home/ntop -u ntop -d -m 202.xx.xxx.0/20 -C -E -a /var/log/ntop/ntop.log -W 3001 -r 300 -t 5 Command line parameters are: -a | --access-log-path...../var/log/ntop/ntop.log -b | --disable-decoders.....(default) No -c | --sticky-hosts.....(default) No -d | --daemon.....Yes -e | --max-table-rows.....(default) 128 -f | --traffic-dump-file.....(default) (nil) -g | --track-local-hosts.....(default) Track all hosts -o | --no-mac.....Don't trust MAC Addresses -i | --interface (effective).....eth0 -k | --filter-expression-in-extra-frame.....(default) No -l | --pcap-log.....(default) (nil) -m | --local-subnets (effective).....202.88.224.0/20 -n | --numeric-ip-addresses.....(default) No -p | --protocols.....(default) internal list -q | --create-suspicious-packets.....(default) Disabled -r | --refresh-time.....300 -s | --no-promiscuous.....(default) No -t | --trace-level.....5 -u | --user.....ntop (uid=500, gid=500) -w | --http-server.....(default) Active, all interfaces, port 3000 -z | --disable-sessions.....(default) No -B | --filter-expression.....(default) none -D | --domain.....none -E | --enable-external-tools.....Yes -F | --flow-spec.....(default) none -K | --enable-debug.....(default) No -L | --use-syslog.....daemon -M | --no-interface-merge (effective).....(default) (Merging Interfaces) Yes -N | --no-nmap (effective).....Yes (nmap will be used) -O | --pcap-file-path.....(default) /usr/local/var/ntop -P | --db-file-path...../home/ntop -U | --mapper.....(default) (nil) -W | --https-server.....Active, all interfaces, port 3001 --throughput-chart-type.....(default) Area --ignore-sigpipe.....(default) No --ssl-watchdog.....(default) No --dynamic-purge-limits.....(default) No --reuse-rrd-graphics.....(default) No --p3p-cp.....(default) none --p3p-uri.....(default) none Note: (effective) means that this is the value after ntop has processed the parameter. (default) means this is the default value, usually (but not always) set by a #define in globals-defines.h. Run time/Internal External tool: lsof.....Yes External tool: nmap.....Yes Web server URL.....http://<any>:3000 SSL Web server URL.....https://<any>:3001 GDBM version.....This is GDBM version 1.8.0, as of May 19, 1999. OpenSSL Version.....OpenSSL 0.9.6b [engine] 9 Jul 2001 zlib version.....1.1.4 Protocol Decoders.....Enabled Fragment Handling.....Enabled Tracking only local hosts.....No # IP Protocols Being Monitored.....18 # Protocol slots.....950 # IP Ports Being Monitored.....58 # Ports slots.....116 # Handled SIGPIPE Errors.....0 # Handled HTTP Requests.....544 Devices (Network Interfaces).....1 Domain name (short)..... Host Memory Cache Limit.....#define MAX_HOSTS_CACHE_LEN 512 Current Size.....0 Maximum Size.....327 # Entries Reused.....14308 MAC/IPX Hash tables Special MAC Hash Size.....93 Special MAC Hash Collisions (load).....2 IPX/SAP Hash Size.....179 IPX/SAP Hash Collisions (load).....0 Vendor MAC Hash Size.....10257 Vendor MAC Hash Collisions (load).....585 Total Hash Collisions (Vendor/Special) (lookup).....0 Packet queue Queued to Process.....0 Maximum queue.....0 Host Hash counts Actual Hash Size.....69632 Stored hosts.....263069 [377 %] Purge idle hosts.....Enabled Purged hosts.....14308 Maximum hosts to purge per cycle.....512 DEFAULT_MAXIMUM_HOSTS_PURGE_PER_CYCLE.....512 TCP Session counts Sessions.....12,439 Max Num. Sessions.....30,573 Terminated.....1,932,933 Address counts Current Queue.....135544 Maximum Queued.....135544 Total Queued.....144008 Resolved with DNS.....5774 Kept Numeric.....2690 Found in Cache.....0 DNS responses sniffed.....211557 Thread counts Active.....7 Dequeue.....1 Children (active).....0 lsof data Updating.....Yes # Monitored Processes.....13 Directory (search) order Data Files......<br>/usr/local/share/ntop<br> Config Files......<br>/usr/local/etc/ntop<br>/etc<br> Plugins....../plugins<br>/usr/local/lib/ntop/plugins<br> Compile Time: ./configure ./configure parameters.....--no-create --no-recursion Built on (Host).....i686-pc-linux-gnu Built for (Target).....i686-pc-linux-gnu compiler (cflags).....gcc -DLINUX -g -O2 -Wshadow -Wpointer-arith -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -fPIC -DHAVE_CONFIG_H include path.....-I/usr/include -I/usr/include -I/root/ntop-current/gdchart0.94c -I/root/ntop-current/gdchart0.94c/gd-1.8.3 -I/root/ntop-current/gdchart0.9 4c/gd-1.8.3/libpng-1.2.4 system libraries.....-lpthread -lresolv -lnsl -lc -lm -lz -lssl -lpcap -lgdbm -lcrypto -ldl -lc -lc -lc -lcrypt -L/usr/lib -lpcap -L/usr/lib -lgdbm -L/root /ntop-current/gdchart0.94c -lgdchart -L/root/ntop-current/gdchart0.94c/gd-1.8.3 -lgd -L/root/ntop-current/gdchart0.94c/gd-1.8.3/libpng-1.2.4 -lpng install path...../usr/local GNU C (gcc) version.....3.2 20020903 (Red Hat Linux 8.0 3.2-7) (3.2.0) Internationalization (i18n) i18n enabled.....No Compile Time: Debug settings in globals-defines.h DEBUG.....no ADDRESS_DEBUG.....no DNS_DEBUG.....no DNS_SNIFF_DEBUG.....no FTP_DEBUG.....no GDBM_DEBUG.....no HASH_DEBUG.....no HHTTP_DEBUG.....no IDLE_PURGE_DEBUG.....no MEMORY_DEBUG.....no NETFLOW_DEBUG.....no SEMAPHORE_DEBUG.....no SESSION_TRACE_DEBUG.....no SSLWATCHDOG_DEBUG.....no STORAGE_DEBUG.....no UNKNOWN_PACKET_DEBUG.....no Compile Time: globals-define.h PARM_PRINT_ALL_SESSIONS.....no PARM_PRINT_RETRANSMISSION_DATA.....no PARM_FORK_CHILD_PROCESS.....yes (normal) CGI Scripts.....globals-defines.h: #define PARM_USE_CGI Alternate row colors.....globals-defines.h: /* #define PARM_USE_COLOR */ Buggy gethostbyaddr() - use alternate implementation.....globals-defines.h: /* #define PARM_USE_HOST */ MAKE_ASYNC_ADDRESS_RESOLUTION.....yes MAKE_WITH_SSLWATCHDOG.....yes MAKE_WITH_SSLWATCHDOG_RUNTIME (derived).....yes Bad IP Address table size.....globals-defines.h: #define MAX_NUM_BAD_IP_ADDRESSES 3 OST_FREE_DEBUG.....no Bad IP Address timeout (seconds).....#define PARM_WEDONTWANTTOTALKWITHYOU_INTERVAL 300 Minimum refresh interval (seconds).....#define PARM_MIN_WEBPAGE_AUTOREFRESH_TIME 15 Maximum # of Protocols to show in graphs.....#define MAX_NUM_PROTOS 64 Maximum # of routers (Local Subnet Routers report).....#define MAX_NUM_ROUTERS 512 Maximum # of network interface devices.....#define MAX_NUM_DEVICES 32 Maximum # of processes for lsof report.....#define MAX_NUM_PROCESSES_READLSOFINFO 1024 Maximum network size (hosts per interface).....#define MAX_SUBNET_HOSTS 1024 Allocated # of passive FTP sessions.....#define MAX_PASSIVE_FTP_SESSION_TRACKER 384 Inactive passive FTP session timeout (seconds).....#define PARM_PASSIVE_SESSION_MINIMUM_IDLE 60 Compile Time: Hash Table Sizes Initial size.....#define CONST_HASH_INITIAL_SIZE 32 After 1st extend.....#define CONST_HASH_MINIMUM_SIZE 512 Intermediate increase factor.....#define CONST_HASH_INCREASE_FACTOR 2 Factor growth until.....#define CONST_HASH_FACTOR_MAXIMUM 4096 Then grow (linearly) by.....#define CONST_HASH_TERMINAL_INCREASE 4096 Compile Time: globals-define.h Chart Format.....globals-report.h: #define CHART_FORMAT ".png" Compile Time: config.h CFG_CONFIGFILE_DIR - config file directory...../usr/local/etc/ntop CFG_DATAFILE_DIR - data file directory...../usr/local/share/ntop CFG_DBFILE_DIR - database file directory...../usr/local/var/ntop MAKE_WITH_SSLV3_SUPPORT.....no HAVE_ALLOCA_H.....present HAVE_ARPA_INET_H.....present HAVE_ARPA_NAMESER_H.....present HAVE_BACKTRACE.....present HAVE_CRYPT_H.....present HAVE_CTIME_R.....present HAVE_DIRENT_H.....present HAVE_DLFCN_H.....present HAVE_DL_H.....absent HAVE_ERRNO_H.....present HAVE_ETHERTYPE_H.....absent HAVE_FCNTL_H.....present HAVE_GDBM_H.....present HAVE_GDCHART.....present HAVE_GETIPNODEBYADDR.....absent HAVE_GETOPT_H.....present HAVE_GETOPT_LONG.....present HAVE_IF_H.....absent HAVE_INTxx_T Signed ints.....64 present, 32 present, 16 present,8 present HAVE_U_INTxx_T Unsigned ints.....64 present, 32 present, 16 present,8 present HAVE_LIBC.....present HAVE_LIBC_R.....absent HAVE_LIBDL.....present HAVE_LIBGDBM.....present HAVE_LIBKSTAT.....absent HAVE_LIBNSL.....present HAVE_LIBPCAP.....present HAVE_LIBPOSIX4.....absent HAVE_LIBPTHREAD.....present HAVE_LIBPTHREADS.....absent HAVE_LIBRESOLV.....present HAVE_LIBSOCKET.....absent HAVE_LIBWRAP (TCP Wrappers).....absent HAVE_LOCALTIME_R.....present HAVE_NCURSES_H.....present HAVE_NETDB_H.....present HAVE_NETINET_IF_ETHER_H.....present HAVE_NETINET_IN_H.....present HAVE_NETINET_IN_SYSTM_H.....present HAVE_NETINET_IP_H.....present HAVE_NETINET_IP_ICMP_H.....present HAVE_NETINET_TCP_H.....present HAVE_NETINET_UDP_H.....present HAVE_NET_BPF_H.....present HAVE_NET_ETHERNET_H.....present HAVE_NET_IF_H.....present HAVE_OPENSSL.....present HAVE_PTHREAD_H.....present HAVE_PWD_H.....present HAVE_READLINE.....absent HAVE_READLINE_READLINE_H.....present HAVE_REGEX.....present HAVE_SCHED_H.....absent HAVE_SECURITY_PAM_APPL_H.....present HAVE_SEMAPHORE_H.....present HAVE_SHADOW_H.....present HAVE_SIGNAL_H.....absent HAVE_SNPRINTF.....present HAVE_STDIO_H.....present HAVE_STDLIB_H.....present HAVE_STRING_H.....present HAVE_STRSEP.....absent HAVE_STRTOK_R.....present HAVE_SYSLOG_H / HAVE_SYS_SYSLOG_H.....present / present HAVE_SYS_IOCTL.....absent HAVE_SYS_LDR_H.....absent HAVE_SYS_SCHED_H.....absent HAVE_SYS_SELECT_H.....present HAVE_SYS_SOCKET_H.....present HAVE_SYS_SOCKIO_H.....absent HAVE_SYS_STAT_H.....present HAVE_SYS_TIME_H.....present HAVE_SYS_TYPES_H.....present HAVE_SYS_UN_H.....present HAVE_SYS_WAIT_H.....present HAVE_TCPD_H.....present HAVE_UNISTD_H.....present HAVE_ZLIB (HTTP gzip compression).....present HAVE_ZLIB_H.....present CFG_MULTITHREADED.....yes MAKE_WITH_IGNORE_SIGPIPE.....no CFG_NEED_GETDOMAINNAME (getdomainname(2) function).....yes CFG_NEED_INET_ATON.....no NTOP_xxxxxx_ENDIAN (Hardware Endian).....little CFG_PLUGIN_DIR (plugin file directory...../usr/local/lib/ntop/plugins CFG_RUN_DIR (run file directory)...../usr/local/var/ntop STDC_HEADERS (ANSI C header files).....yes _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
