Jim, please move to ntop 3.
Thanks, Luca
Paulick, Jim wrote:
------------------------------------------------------------------------------- n t o p v e r s i o n '2.2' p r o b l e m r e p o r t
From: ___Jim Paulick___________
EMail: [EMAIL PROTECTED]
Date: 2004-04-02 14:08:30 GMT
------------------------------------------------------------------------------- Summary
OS: __redhat linux________ version: ___7.3_______
ntop from: ____source__________________ (rpm, source, ports, etc.)
Hardware: CPU: __1.7gig___ (i86, SPARC, etc.) # Processors: ___1__ Memory: __256___ MB Network: Ethernet: 28636313 Broadcast: 675971 Multicast: 939 IP: 25934175
Network Interface 0 eth1 Mfg: ___________intel pro 100_____ Model: ____________________ NIC Speed: 10/100/1000/Other Bus: PCI ISA USB Firewire Other Location: Public Internet / LAN / WAN Bandwidth: Dialup DSL/CableModem fT1 T1 10Mbps T3 100Mbps+ # Hosts (machines): __________
------------------------------------------------------------------------------- Log extract
------------------------------------------------------------------------------- Problem Description
i've enabled sticky-hosts, but hosts are still purged...
Many hosts that get into ntop are still being purged after they are idle for some time because folks go home at night.
-------------------------------------------------------------------------------
ntop version.....2.2 Built on.....07/16/03 03:04:53 PM OS.....i686-pc-linux-gnu Process Id.....930
Command line
Started as....lt-ntop -c --user admin --use-syslog=7 -i eth1
Resolved to....lt-ntop
-c
--user
admin
--use-syslog=7
-i
eth1
Command line parameters are:
-a | --access-log-path.....(default) (nil) -b | --disable-decoders.....(default) No -c | --sticky-hosts.....Yes -d | --daemon.....No -e | --max-table-rows.....(default) 128 -f | --traffic-dump-file.....(default) (nil) -g | --track-local-hosts.....(default) Track all hosts -o | --no-mac.....(default) Trust MAC Addresses -i | --interface (effective).....eth1 -k | --filter-expression-in-extra-frame.....(default) No -l | --pcap-log.....(default) (nil) -m | --local-subnets (effective)..... -n | --numeric-ip-addresses.....(default) No -p | --protocols.....(default) internal list -q | --create-suspicious-packets.....(default) Disabled -r | --refresh-time.....(default) 120 -s | --no-promiscuous.....(default) No -t | --trace-level.....(default) 3 -u | --user.....admin (uid=500, gid=500) -w | --http-server.....(default) Active, all interfaces, port 3000 -z | --disable-sessions.....(default) No -B | --filter-expression.....(default) none -D | --domain.....none -E | --enable-external-tools.....(default) No -F | --flow-spec.....(default) none -K | --enable-debug.....(default) No -L | --use-syslog.....daemon -M | --no-interface-merge (effective).....(default) (Merging Interfaces) Yes -O | --pcap-file-path.....(default) /usr/local/var/ntop -P | --db-file-path.....(default) /usr/local/var/ntop -U | --mapper.....(default) (nil) -W | --https-server.....Uninitialized --throughput-chart-type.....(default) Area --ignore-sigpipe.....(default) No --ssl-watchdog.....(default) No --dynamic-purge-limits.....(default) No --p3p-cp.....(default) none --p3p-uri.....(default) none --disable-stopcap.....(default) No
Note: (effective) means that this is the value after ntop has processed the parameter. (default) means this is the default value, usually (but not always) set by a #define in globals-defines.h.
Run time/Internal
External tool: lsof.....(no -E parameter): Disabled Web server URL.....http://any:3000 SSL Web server (https://).....Not Active GDBM version.....This is GDBM version 1.8.0, as of May 19, 1999. OpenSSL Version.....OpenSSL 0.9.6b [engine] 9 Jul 2001 zlib version.....1.1.4 Protocol Decoders.....Enabled Fragment Handling.....Enabled Tracking only local hosts.....No # IP Protocols Being Monitored.....18 # Protocol slots.....950 # IP Ports Being Monitored.....58 # Ports slots.....116 # Handled SIGPIPE Errors.....0 # Handled HTTP Requests.....19078 Devices (Network Interfaces).....1 Domain name (short)..... IP to country flag table (entries).....47455 Total Hash Collisions (Vendor/Special) (lookup).....0 Local Networks.....127.0.0.0/255.0.0.0 [device eth1]
Memory allocation - data segment
arena limit, getrlimit(RLIMIT_DATA, ...).....-1 Allocated blocks (ordblks).....20475 Allocated (arena).....49529656 Used (uordblks).....43116936 Free (fordblks).....6412720
Memory allocation - mmapped
Allocated blocks (hblks).....4 Allocated bytes (hblkhd).....5005312
Memory Usage
IPX/SAP Hash Size (bytes).....1897 IP to country flag table (bytes).....1454304 (1.4 MB) Bytes per entry.....30.6 Current memory usage.....54534968 Base memory usage.....8340280 Hosts stored (active+cache).....319 = (163 + 156) (very) Approximate memory per host.....141.5KB
Host Memory Cache
Limit.....#define MAX_HOSTS_CACHE_LEN 512 Current Size.....156 Maximum Size.....229 # Entries Reused.....68415
MAC/IPX Hash tables
IPX/SAP Hash Size (entries).....179 IPX/SAP Hash Collisions (load).....0 IPX/SAP Hash Collisions (use).....0
Packet queue
Queued to Process.....0 Maximum queue.....0
Host/Session counts - global
Purge idle hosts.....Enabled Purged hosts.....68571 Maximum hosts to purge per cycle.....512 DEFAULT_MAXIMUM_HOSTS_PURGE_PER_CYCLE.....512 Terminated Sessions.....0
Host/Session counts - Device 0 (eth1) Actual Hash Size.....512 Stored hosts.....163 [31 %] Sessions.....0 Max Num. Sessions.....0
Address Resolution
DNS sniffed:
DNS Packets sniffed.....115215 less 'requests'.....60859 less 'failed'.....13643 less 'reverse dns' (in-addr.arpa).....3228 DNS Packets processed.....37485 Stored in cache (includes aliases).....15352
IP to name - ipaddr2str():
Total calls.....63533 ....OK.....54710 ....Total not found.....8823 ........Not found in cache.....1954 ........Too old in cache.....6869
Queued - dequeueAddress():
Total Queued.....8769 Not queued (duplicate).....54 Maximum Queued.....29 Current Queue.....0
Resolved - resolveAddress():
Addresses to resolve.....8769 ....less 'Error: No cache database'.....0 ....less 'Found in ntop cache'.....0 Gives: # gethost (DNS lookup) calls.....8769
DNS lookup calls:
DNS resolution attempts.....8769 ....Success: Resolved.....2805 ....Failed.....5964 ........HOST_NOT_FOUND.....5963 ........NO_DATA.....0 ........NO_RECOVERY.....0 ........TRY_AGAIN (don't store).....1 ........Other error (don't store).....0 DNS lookups stored in cache.....8768 Host addresses kept numeric.....5964
Vendor Lookup Table
Input lines read.....131 Records added total.....121 .....includes special records.....59 getVendorInfo() calls.....0 getSpecialVendorInfo() calls.....5267 Found 48bit (xx:xx:xx:xx:xx:xx) match.....1 Found 24bit (xx:xx:xx) match.....71 Found multicast bit set.....489 Found LAA (Locally assigned address) bit set.....0
Thread counts
Active.....5 Dequeue.....1 Children (active).....412
Reject duration (seconds).....300 It is now.....Fri Apr 2 09:08:30 2004 Directory (search) order
Data Files......<br>/usr/local/share/ntop<br> Config Files......<br>/usr/local/etc/ntop<br>/etc<br> Plugins....../plugins<br>/usr/local/lib/ntop/plugins<br>
Compile Time: ./configure
./configure parameters.....--with-pcap-include=/usr/include/pcap/ Built on (Host).....i686-pc-linux-gnu Built for (Target).....i686-pc-linux-gnu compiler (cflags).....gcc -DLINUX -g -O2 -Wshadow -Wpointer-arith -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -fPIC -DHAVE_CONFIG_H include path.....-I/usr/include/pcap/ -I/root/ntop2/gdchart0.94c/zlib-1.1.4 -I/root/ntop2/gdchart0.94c -I/root/ntop2/gdchart0.94c/gd-1.8.3 -I/root/ntop2/gdchart0.94c/gd-1.8.3/libpng-1.2.4 system libraries.....-lxml2 -lglib -lpthread -lresolv -lnsl -lm -lssl -lcrypto -lpcap -lgdbm -ldl -lcrypt -lc -L/root/ntop2/gdchart0.94c/zlib-1.1.4 -lz -L/root/ntop2/gdchart0.94c -lgdchart -L/root/ntop2/gdchart0.94c/gd-1.8.3 -lgd -L/root/ntop2/gdchart0.94c/gd-1.8.3/libpng-1.2.4 -lpng install path...../usr/local GNU C (gcc) version.....2.96 20000731 (Red Hat Linux 7.3 2.96-110) (2.96.0)
Internationalization (i18n)
i18n enabled.....No
Compile Time: Debug settings in globals-defines.h
DEBUG.....no ADDRESS_DEBUG.....no DNS_DEBUG.....no DNS_SNIFF_DEBUG.....no FTP_DEBUG.....no GDBM_DEBUG.....no HASH_DEBUG.....no HOST_FREE_DEBUG.....no HTTP_DEBUG.....no IDLE_PURGE_DEBUG.....no MEMORY_DEBUG.....no NETFLOW_DEBUG.....no SEMAPHORE_DEBUG.....no SESSION_TRACE_DEBUG.....no SSLWATCHDOG_DEBUG.....no STORAGE_DEBUG.....no UNKNOWN_PACKET_DEBUG.....no
Compile Time: globals-define.h
PARM_PRINT_ALL_SESSIONS.....no PARM_PRINT_RETRANSMISSION_DATA.....no PARM_FORK_CHILD_PROCESS.....yes (normal) CGI Scripts.....globals-defines.h: #define PARM_USE_CGI Alternate row colors.....globals-defines.h: /* #define PARM_USE_COLOR */ Buggy gethostbyaddr() - use alternate implementation.....globals-defines.h: /* #define PARM_USE_HOST */ MAKE_ASYNC_ADDRESS_RESOLUTION.....yes MAKE_WITH_SSLWATCHDOG.....yes MAKE_WITH_SSLWATCHDOG_RUNTIME (derived).....yes Bad IP Address table size.....globals-defines.h: #define MAX_NUM_BAD_IP_ADDRESSES 3 Minimum refresh interval (seconds).....#define PARM_MIN_WEBPAGE_AUTOREFRESH_TIME 15 Maximum # of Protocols to show in graphs.....#define MAX_NUM_PROTOS 64 Maximum # of routers (Local Subnet Routers report).....#define MAX_NUM_ROUTERS 512 Maximum # of network interface devices.....#define MAX_NUM_DEVICES 32 Maximum # of processes for lsof report.....#define MAX_NUM_PROCESSES_READLSOFINFO 1024 Maximum network size (hosts per interface).....#define MAX_SUBNET_HOSTS 1024 Allocated # of passive FTP sessions.....#define MAX_PASSIVE_FTP_SESSION_TRACKER 384 Inactive passive FTP session timeout (seconds).....#define PARM_PASSIVE_SESSION_MINIMUM_IDLE 60
Compile Time: Hash Table Sizes
Initial size.....#define CONST_HASH_INITIAL_SIZE 32 After 1st extend.....#define CONST_HASH_MINIMUM_SIZE 512 Intermediate increase factor.....#define CONST_HASH_INCREASE_FACTOR 2 Factor growth until.....#define CONST_HASH_FACTOR_MAXIMUM 4096 Then grow (linearly) by.....#define CONST_HASH_TERMINAL_INCREASE 4096
Compile Time: globals-define.h
Chart Format.....globals-report.h: #define CHART_FORMAT ".png"
Compile Time: config.h
CFG_ETHER_HEADER_HAS_EA.....no CFG_MULTITHREADED.....yes HAVE_ALARM.....yes HAVE_ALLOCA.....yes HAVE_ALLOCA_H.....yes HAVE_ARPA_NAMESER_H.....yes HAVE_BACKTRACE.....yes HAVE_BZERO.....yes HAVE_CTIME_R.....yes HAVE_CURSES_H.....no HAVE_DLFCN_H.....yes HAVE_DL_H.....no HAVE_DOPRNT.....no HAVE_ENDPWENT.....yes HAVE_ERRNO_H.....yes HAVE_FACILITYNAMES.....yes HAVE_FCNTL_H.....yes HAVE_FORK.....yes HAVE_GDBM_H.....yes HAVE_GDCPIE_H.....yes HAVE_GD_H.....yes HAVE_GDOME_H.....no HAVE_GETHOSTBYADDR.....yes HAVE_GETHOSTBYADDR_R.....yes HAVE_GETHOSTBYNAME.....yes HAVE_GETHOSTNAME.....yes HAVE_GETIPNODEBYADDR.....no HAVE_GETPASS.....yes HAVE_GETTIMEOFDAY.....yes HAVE_GLIBCONFIG_H.....no HAVE_GLIB_H.....no HAVE_IF_H.....no HAVE_IN6_ADDR.....yes HAVE_INT16_T.....yes HAVE_INT32_T.....yes HAVE_INT64_T.....yes HAVE_INT8_T.....yes HAVE_INTTYPES_H.....yes HAVE_LANGINFO_H.....yes HAVE_LIBC.....yes HAVE_LIBCRYPT.....yes HAVE_LIBCRYPTO.....yes HAVE_LIBDL.....yes HAVE_LIBDLD.....no HAVE_LIBGD.....yes HAVE_LIBGDBM.....yes HAVE_LIBGDOME.....no HAVE_LIBGLIB.....yes HAVE_LIBM.....yes HAVE_LIBNSL.....yes HAVE_LIBPCAP.....yes HAVE_LIBPNG.....yes HAVE_LIBPOSIX4.....no HAVE_LIBPTHREAD.....yes HAVE_LIBPTHREADS.....no HAVE_LIBRESOLV.....yes HAVE_LIBRT.....no HAVE_LIBSOCKET.....no HAVE_LIBSSL.....yes HAVE_LIBWRAP.....no HAVE_LIBXML2.....no HAVE_LIBZ.....yes HAVE_LIMITS_H.....yes HAVE_LOCALE_H.....yes HAVE_LOCALTIME_R.....yes HAVE_LONG_DOUBLE.....no HAVE_MATH_H.....yes HAVE_MEMCHR.....yes HAVE_MEMORY_H.....yes HAVE_MEMSET.....yes HAVE_NCURSES_H.....no HAVE_NDIR_H.....no HAVE_NETDB_H.....yes HAVE_OPENSSL.....yes HAVE_OPENSSL_CRYPTO_H.....yes HAVE_OPENSSL_ERR_H.....yes HAVE_OPENSSL_PEM_H.....yes HAVE_OPENSSL_RSA_H.....yes HAVE_OPENSSL_SSL_H.....yes HAVE_OPENSSL_X509_H.....yes HAVE_PCAP_FREECODE.....yes HAVE_PCAP_H.....yes HAVE_PCAP_OPEN_DEAD.....yes HAVE_PNG_H.....yes HAVE_PTHREAD_H.....yes HAVE_PUTENV.....yes HAVE_PWD_H.....yes HAVE_READLINE.....no HAVE_READLINE_READLINE_H.....no HAVE_RE_COMP.....yes HAVE_REGCOMP.....yes HAVE_REGEX.....yes HAVE_RRD.....no HAVE_RRD_H.....no HAVE_SCHED_H.....yes HAVE_SCHED_YIELD.....yes HAVE_SECURITY_PAM_APPL_H.....yes HAVE_SELECT.....yes HAVE_SEMAPHORE_H.....yes HAVE_SETJMP_H.....yes HAVE_SHADOW_H.....yes HAVE_SIGNAL_H.....yes HAVE_SNPRINTF.....yes HAVE_SOCKET.....yes HAVE_SQRT.....yes HAVE_STDARG_H.....yes HAVE_STDIO_H.....yes HAVE_STDLIB_H.....yes HAVE_STRCASECMP.....yes HAVE_STRCHR.....yes HAVE_STRCSPN.....yes HAVE_STRDUP.....yes HAVE_STRERROR.....yes HAVE_STRFTIME.....yes HAVE_STRING_H.....yes HAVE_STRINGS_H.....yes HAVE_STRNCASECMP.....yes HAVE_STRPBRK.....yes HAVE_STRRCHR.....yes HAVE_STRSPN.....yes HAVE_STRSTR.....yes HAVE_STRTOK_R.....yes HAVE_STRTOUL.....yes HAVE_SYS_DIR_H.....no HAVE_SYS_IOCTL_H.....yes HAVE_SYS_LDR_H.....no HAVE_SYS_NDIR_H.....no HAVE_SYS_RESOURCE_H.....yes HAVE_SYS_SCHED_H.....no HAVE_SYS_SOCKIO_H.....no HAVE_SYS_TIME_H.....yes HAVE_SYS_TYPES_H.....yes HAVE_SYS_UN_H.....yes HAVE_TCPD_H.....yes HAVE_TM_ZONE.....yes HAVE_TZNAME.....no HAVE_U_INT16_T.....yes HAVE_U_INT32_T.....yes HAVE_U_INT64_T.....yes HAVE_UINT64_T.....no HAVE_U_INT8_T.....yes HAVE_UNAME.....yes HAVE_UNISTD_H.....yes HAVE_VFORK.....yes HAVE_VFORK_H.....no HAVE_VPRINTF.....yes HAVE_WORKING_FORK.....yes HAVE_WORKING_VFORK.....yes HAVE_ZLIB_H.....yes MAKE_MICRO_NTOP.....no MAKE_WITH_FTPDATA_ASSUMED.....no MAKE_WITH_GDCHART.....yes MAKE_WITH_I18N.....no MAKE_WITH_IGNORE_SIGPIPE.....no MAKE_WITH_LARGERRDPOP.....no MAKE_WITH_SSLV3_SUPPORT.....no MAKE_WITH_SSLWATCHDOG_COMPILETIME.....no MAKE_WITH_ZLIB.....yes __PROTOTYPES.....yes PROTOTYPES.....yes SETVBUF_REVERSED.....no TIME_WITH_SYS_TIME.....yes TM_IN_SYS_TIME.....no CFG_CONFIGFILE_DIR - config file directory...../usr/local/etc/ntop CFG_DATAFILE_DIR - data file directory...../usr/local/share/ntop CFG_DBFILE_DIR - database file directory...../usr/local/var/ntop CFG_PLUGIN_DIR - plugin file directory...../usr/local/lib/ntop/plugins CFG_RUN_DIR - run file directory...../usr/local/var/ntop CFG_NEED_GETDOMAINNAME (getdomainname(2) function).....yes CFG_xxxxxx_ENDIAN (Hardware Endian).....little
Compile Time: globals-defines.h
EMSGSIZE.....90 ETHERMTU.....1500 LEN_CMDLINE_BUFFER.....4096 LEN_FGETS_BUFFER.....512 LEN_GENERAL_WORK_BUFFER.....1024 LEN_MEDIUM_WORK_BUFFER.....64 LEN_SMALL_WORK_BUFFER.....16 LEN_TIME_STAMP_BUFFER.....2 MAKE_NTOP_PACKETSZ_DECLARATIONS.....no MAKE_RMON_SUPPORT.....yes MAKE_WITH_FORK_COPYONWRITE.....yes MAKE_WITH_HTTPSIGTRAP.....no MAKE_WITH_RRDSIGTRAP.....no MAKE_WITH_SCHED_YIELD.....yes MAKE_WITH_SEMAPHORES.....yes MAKE_WITH_SYSLOG.....yes MAKE_WITH_XMLDUMP.....no MAX_ADDRESSES.....35 MAX_ALIASES.....35 MAX_ASSIGNED_IP_PORTS.....1024 MAXCDNAME.....255 MAX_DEVICE_NAME_LEN.....64 MAXDNAME.....1025 MAX_HASHDUMP_ENTRY.....65535 MAXHOSTNAMELEN.....64 MAX_HOSTS_CACHE_LEN.....512 MAX_IP_PORT.....65534 MAX_IPXSAP_NAME_HASH.....179 MAXLABEL.....63 MAX_LANGUAGES_REQUESTED.....4 MAX_LANGUAGES_SUPPORTED.....8 MAX_LASTSEEN_TABLE_SIZE.....4096 MAX_LEN_VENDOR_NAME.....64 MAX_NFS_NAME_HASH.....12288 MAX_NODE_TYPES.....8 MAX_NUM_BAD_IP_ADDRESSES.....3 MAX_NUM_CONTACTED_PEERS.....8 MAX_NUM_DEQUEUE_THREADS.....yes MAX_NUM_DEVICES.....32 MAX_NUM_DHCP_MSG.....8 MAX_NUM_FIN.....4 MAX_NUM_IGNOREDFLOWS.....32 MAX_NUM_NETWORKS.....32 MAX_NUM_PROBES.....16 MAX_NUM_PROCESSES_READLSOFINFO.....1024 MAX_NUM_PROTOS.....64 MAX_NUM_PROTOS_SCREENS.....5 MAX_NUM_ROUTERS.....512 MAX_NUM_STORED_FLAGS.....4 MAX_PASSIVE_FTP_SESSION_TRACKER.....384 MAX_PER_DEVICE_HASH_LIST.....65535 MAX_SESSIONS_CACHE_LEN.....512 MAX_SSL_CONNECTIONS.....32 NAME_MAX.....255 NETDB_SUCCESS.....0 NS_CMPRSFLGS.....192 NS_MAXCDNAME.....255 PACKETSZ.....512 PARM_ENABLE_EXPERIMENTAL.....no PARM_FORK_CHILD_PROCESS.....yes PARM_MIN_WEBPAGE_AUTOREFRESH_TIME.....15 PARM_PASSIVE_SESSION_MINIMUM_IDLE.....60 PARM_PIPE_READ_TIMEOUT.....15 PARM_SESSION_PURGE_MINIMUM_IDLE.....600 PARM_SHOW_NTOP_HEARTBEAT.....no PARM_SSLWATCHDOG_WAITWOKE_LIMIT.....5 PARM_USE_CGI.....yes PARM_USE_COLOR.....no PARM_USE_HOST.....no PARM_USE_MACHASH_INVERT.....yes PARM_USE_SESSIONS_CACHE.....no PARM_WEDONTWANTTOTALKWITHYOU_INTERVAL.....300 SLL_HDR_LEN.....16 THREAD_MODE.....MT (SSL)
------------------------------------------------------------------------------- Note: The generated id below should be unique. It's essentially a random 6 or 7 character tracking tag for each problem report. Since it's generated on your machine, we can't just use an ever increasing global number.
While it should be unique, it is not traceable back to a specific user or machine. If it makes you uncomfortable just delete it.
Problem Report Id: PR_MWRQU9X
-------------------------------------------------------------------------------
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
-- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman
_______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
