Local Networks.....172.25.128.0/255.255.255.0 [all devices]
172.25.129.0/255.255.255.0 [all devices]
172.25.130.0/255.255.255.128 [all devices]
155.132.115.0/255.255.255.0 [all devices]
0.0.0.0/255.255.255.0 [device (null)]
172.25.128.1/255.255.255.0 [device NetFlow-device]
looks perfectly normal. It's the list you gave (--local-subnets), plus the
dummy device plus the address from the "Virtual NetFlow Interface Network
Address" value from the plugin setup. (Although, it's customarily written
as 172.25.128.0/255.255.255.0).
I can't imagine why -d would change things - it does close to nothing...
if(myGlobals.daemonMode) {
daemonize();
traceEvent(CONST_TRACE_ALWAYSDISPLAY, "Now running as a daemon");
}
which is (stripping some comments and useless #ifdefs for clarity)
void daemonize(void) {
int childpid;
FILE *fd;
char pidFileName[NAME_MAX];
signal(SIGHUP, SIG_IGN);
#ifdef HANDLE_DIED_CHILD
signal(SIGCHLD, handleDiedChild);
#else
signal(SIGCHLD, SIG_IGN);
#endif
signal(SIGQUIT, SIG_IGN);
if((childpid=fork()) < 0)
traceEvent(CONST_TRACE_ERROR, "INIT: ERROR: Occurred while daemonizing
(errno=%d)", errno);
else {
if(!childpid) { /* child */
myGlobals.basentoppid = getpid();
sprintf(pidFileName, "%s/%s", DEFAULT_NTOP_PID_DIRECTORY,
DEFAULT_NTOP_PIDFILE);
fd = fopen(pidFileName, "wb");
if(fd == NULL) {
traceEvent(CONST_TRACE_WARNING, "INIT: WARNING: Unable to create
pid file (%s)", pidFileName);
} else {
fprintf(fd, "%d\n", myGlobals.basentoppid);
fclose(fd);
traceEvent(CONST_TRACE_INFO, "INIT: Created pid file (%s)",
pidFileName);
}
traceEvent(CONST_TRACE_INFO, "INIT: Bye bye: I'm becoming a
daemon...");
detachFromTerminal(1);
} else { /* father */
traceEvent(CONST_TRACE_INFO, "INIT: Parent process is exiting (this is
normal)");
exit(0);
}
}
}
and
void detachFromTerminal(int doChdir) {
/* Child processes must log to syslog.
* If no facility was set through -L | --use-syslog=facility
* then force the default
*/
if(myGlobals.useSyslog == FLAG_SYSLOG_NONE)
myGlobals.useSyslog = DEFAULT_SYSLOG_FACILITY;
if(doChdir) chdir("/");
setsid(); /* detach from the terminal */
fclose(stdin);
fclose(stdout);
/*
* clear any inherited file mode creation mask
*/
umask (0);
/*
* Use linebuffered stdout
*/
setvbuf(stdout, (char *)NULL, _IOLBF, 0);
}
At the end of this process, ntop is running without a terminal, but it all
happens way before the plugins are started...
Jul 7 11:18:24 tigger ntop[26077]: INIT: Bye bye: I'm becoming a daemon...
Jul 7 11:18:24 tigger ntop: Wait please: ntop is coming up...
Jul 7 11:18:24 tigger ntop: Processing file /etc/ntop.conf for
parameters...
Jul 7 11:18:24 tigger ntop[26077]: Now running as a daemon
...
Jul 7 11:18:25 tigger ntop[26077]: Loading Plugins
Jul 7 11:18:25 tigger ntop[26077]: Searching for plugins in
/usr/lib/ntop/plugins
...
The only thing I can think of is that the plugin is dying.
Try this... turn off netflow and restart ntop.
Check the log and run ps -A | grep ntop to see the process #s for ntop.
Then start (Admin | Plugins) netflow and check the log and process #s again,
to see if it's still running... e.g. this:
$ grep THREADMGMT /var/log/messages | grep 'Jul 9' >before
$ ps -A | grep ntop >>before
start netflow
$ grep THREADMGMT /var/log/messages | grep 'Jul 9' >after
$ ps -A | grep ntop >>after
$ diff before after
You should see both a thread started, and one running:
$ diff before after
13a14
> Jul 9 09:22:00 tigger ntop[16086]: THREADMGMT: netFlow thread(131081)
started
22a24
> 16086 ? 00:00:00 ntop
If it's no longer running, well, that's a fine mess you've gotten us into
Ollie...
There is code in the rrdPlugin (look for MAKE_WITH_RRDSIGTRAP) that could be
copied into netFlow. This would put a backtrace trap into netFlow to catch
it if it's bombing. I've added this to the cvs this morning.
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Ciprian Badescu
Sent: Monday, July 07, 2003 8:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [Ntop] Netflow Interface Configuration
Hi,
I've done more tests and I found a possible bug:
Running in daemon mode makes ntop not working correctly:
The command line is:
Started as....ntop -L --trace-level 5 @/usr/local/etc/ntop/ntop.conf
Resolved to....ntop
-L
--trace-level
5
--user
ntop
--db-file-path
/var/db/ntop
--interface
none
--http-server
3000
--local-subnets
172.25.128.0/24,172.25.129.0/24,172.25.130.0/25,155.132.115.0/24
--reuse-rrd-graphics
If I add the -d switch, I get no traffic from my netflow device.
Otherwise, starting ntop in foreground, everything is like you said.
Still, from ntop configuration web page:
Local Networks.....172.25.128.0/255.255.255.0 [all devices]
172.25.129.0/255.255.255.0 [all devices]
172.25.130.0/255.255.255.128 [all devices]
155.132.115.0/255.255.255.0 [all devices]
0.0.0.0/255.255.255.0 [device (null)]
172.25.128.1/255.255.255.0 [device NetFlow-device]
So it takes the Netflow IP address (this is the network IP address) and
use it as a network address.
So I'm still unsure if it is the interface IP address, or his local
network address in that input box. But the functionality is unchanged.
--
______V______ Ciprian Badescu
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
