See in-line... -----Burton
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ted > Kaczmarek > Sent: Monday, December 15, 2003 11:37 AM > To: [EMAIL PROTECTED] > Subject: RE: [Ntop] Inmon's response to updated sflow plugin question > > > After looking through configure for this I realized you were referring > to ntop switch itself :-). > But.... > Cvs from Friday would segfault if -i none was passed, suspect not all > the commits were completed when I checked out cvs. Yeah - the commit was on Saturday US/Central AM IIRC > Cvs from today if I run > ntop -u ntop -w 3330 -i none > > I still get option to switch nic and do see sflow data, but nothing for > IP Traffic > Remote ->Remote > Remote to Remote IP Traffic > Warning > Nothing To Display > > I am guessing that is the way it supposed to work, since I don't know > any better. The sflow data I have appears to be valid, I do see some > weird character for Client port , but it does not always appear like > that. I tested this with mozilla based epiphany and IE6, both get the > below type of characters displayed instead of protocol/port number. > > [EMAIL PROTECTED]@[EMAIL PROTECTED]@ > > The weird part is the link works and clicking it send me to the > Recent Users of Port 33109. This seems to be related to ports it does > not recognize as services, something I can hopefully address and > contribute something useful :-) > Actually, that sort of makes sense. In fact, I'll bet that looking at any sFlow records in a browser or some other tool that doesn't understand it is going to hurt. The data format is binary and so most non-aware tools stupidly convert 16 and 32 bit binary values to their character equivalents. For example, the binary value 33109 0x8155 55 which is the character 81 (unprintable) and 55 (U). If this is a link generated by sFlow pluging, it could just be that InMon's code hasn't been updated to call the makeHostLink() function and it doing it 'by hand'. > If I run > ntop -d -u ntop -w 3330 -i none > > I get no option to switch to sflow interface and do not see any sflow > data. Why running as a daemon as opposed to in terminal changes anything > is a little perplexing. You know, this almost sounds like you have TWO separate ntop prefsCache.db files, one which is being referenced when you run -d and one which is not. Try adding the -P parameter to make sure ntop looks for stuff in the 'right' place. Do a locate and make sure you don't have multiple sets of the ntop .db files. Or it could be that the sFlow plugin is just crashing when run as a daemon. After it starts up and things stablize, try doing $ ps axfm | grep ntop and look to see how many 'ntop' threads are running. Then go to the admin | plugins menu and start sFlow. Then see how many threads are running. Check the log (/var/log/system or whatever it is) and see if you're getting the sFlow startup messages. You may need to run with -t 4 to see 'em. > Anyway, this is some serious progress, hopefully the holidays are nice > to me and I can donate something greater than the 20 Euros. > > I am starting to test with -c to store the data, and will update when I > get a chance. > > > Many thanks and Happy Holidays to all the wonderful people who make this > possible. > > Regards, > Ted _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
