Thanks for the response. Here is the information you asked for.
Steve
1. ntop only stays running for a few minutes.
2.Here are the log messages running with --trace-level 6
Apr 26 14:00:25 NTOP kernel: request_module[net-pf-10]: fork failed, errno 1
Apr 26 14:16:15 NTOP kernel: request_module[net-pf-10]: fork failed, errno 1
3. Here is what I got from running ntop in gdb
Mon 26 Apr 2004 02:20:04 PM EDT [MSGID0325854] [util:5718] CMPFCTN_DEBUG:
setResolvedName(0x0dfcca48) 0 -> 19 129.100.74.79 - hash.c(1169)
Mon 26 Apr 2004 02:20:04 PM EDT [MSGID0325854] [util:5718] CMPFCTN_DEBUG:
setResolvedName(0x0dfcf0e0) 0 -> 19 212.107.32.239 - hash.c(1169)
Mon 26 Apr 2004 02:20:04 PM EDT [MSGID0325854] [util:5718] CMPFCTN_DEBUG:
setResolvedName(0x0dfd1930) 0 -> 19 213.37.12.48 - hash.c(1169)
Mon 26 Apr 2004 02:20:04 PM EDT [MSGID0325854] [util:5718] CMPFCTN_DEBUG:
setResolvedName(0x0dfd44d0) 0 -> 19 158.43.128.72 - hash.c(1169)
Mon 26 Apr 2004 02:20:04 PM EDT [MSGID0325854] [util:5718] CMPFCTN_DEBUG:
setResolvedName(0x0dfd6e40) 0 -> 19 202.248.37.98 - hash.c(1169)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1167272384 (LWP 13932)]
0x414245ae in get_elem (size=84, av_table=0x84c41c4, av_count=0x84c41c0) at
falloc.c:343
343 av_table[index] = av_table[index+1];
(gdb) thread
[Current thread is 8 (Thread 1167272384 (LWP 13932))]
(gdb) list
338 /* Ok, save that element and move all others up one. */
339 val = av_table[index];
340 *av_count -= 1;
341 while (index < *av_count)
342 {
343 av_table[index] = av_table[index+1];
344 index++;
345 }
346
347 return val;
(gdb) info stack
#0 0x414245ae in get_elem (size=84, av_table=0x84c41c4, av_count=0x84c41c0) at
falloc.c:343
#1 0x41424016 in _gdbm_alloc (dbf=0x808a0f0, num_bytes=84) at falloc.c:70
#2 0x41422d6d in gdbm_store (dbf=0x808a0f0, key={dptr = 0x459269ec "3331933886",
dsize = 11}, content=
{dptr = 0x4592699c "ecardview.hallmark.com", dsize = 73}, flags=1) at
gdbmstore.c:124
#3 0x400df7c0 in ntop_gdbm_store () from /usr/lib/libntop-3.0.so
#4 0x400d12d3 in processDNSPacket () from /usr/lib/libntop-3.0.so
#5 0x400cadc0 in incrementUnknownProto () from /usr/lib/libntop-3.0.so
#6 0x400ce128 in processPacket () from /usr/lib/libntop-3.0.so
#7 0x400cb8b3 in queuePacket () from /usr/lib/libntop-3.0.so
#8 0x414070ca in pcap_read () from /usr/lib/libpcap.so.0.6.2
#9 0x4140863b in pcap_dispatch () from /usr/lib/libpcap.so.0.6.2
#10 0x400c387c in pcapDispatch () from /usr/lib/libntop-3.0.so
#11 0x412802b6 in start_thread () from /lib/tls/libpthread.so.0
[EMAIL PROTECTED] wrote:Send Ntop mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://listgateway.unipi.it/mailman/listinfo/ntop
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Ntop digest..."
Today's Topics:
1. Multiple sFlow interfaces? (Chris Moore - GMD)
2. Mac OSX 10.3, v3 ntop and missing libraries! (Roger Burningham)
3. RE: Multiple sFlow interfaces? (Burton M. Strauss III)
4. RE: Mac OSX 10.3, v3 ntop and missing libraries! (Burton M. Strauss III)
5. RE: ntop segfaults with high traffic (PR DCNT6SB) (Burton M. Strauss III)
6. Re: Multiple sFlow interfaces? (Mike Hunter)
7. RE: RPM's (Kenneth Porter)
--__--__--
Message: 1
Organization: Centro di Servizi per la rete di Ateneo - Pisa - Italy
From: Chris Moore - GMD
To: "'[EMAIL PROTECTED]'"
Date: Fri, 23 Apr 2004 10:06:16 -0600
Subject: [Ntop] Multiple sFlow interfaces?
Reply-To: [EMAIL PROTECTED]
Hi,
I'm beginning the process of deploying Ntop for key interfaces throughout my
network. My original idea was to deploy one Ntop box per interface and
naming them according to what they're monitoring, but that adds up to a lot
of machines. In some cases I'll just put multiple NICs in a box to
consolidate them to fewer machines.
But in some cases it's more practical to use sFlow rather than a mirrored
port. But to do this using one Ntop box, I need to figure out how to
configure and (hopefully) uniquely name multiple sFlow virtual interfaces,
running multiple sFlow plugins listening to different ports. So far I've
been unable to find any discussion about how/if this might be accomplished.
In other words (in case I garbled the above), when a user clicks on "Switch
NICs" they might see something like this:
Available Network Interfaces:
*Eth0
*sFlow - Router 1
*sFlow - Router 2
Any ideas/resources?
Thanks,
Chris
_____________________________________________
Chris Moore
WAN Engineer
Guardian Mortgage Documents
[EMAIL PROTECTED]
--__--__--
Message: 2
Organization: Centro di Servizi per la rete di Ateneo - Pisa - Italy
Date: Fri, 23 Apr 2004 17:41:39 +0100
From: Roger Burningham
To:
Subject: [Ntop] Mac OSX 10.3, v3 ntop and missing libraries!
Reply-To: [EMAIL PROTECTED]
Oh dear,
Using a command line has been a learning curve for this Mac fanatic BUT:
I've installed version 3 along with many 'missing' libraries i.e. Png, X11,
gdbm and gd. I now get the following problem under OSX 10.3 - so near yet s=
o
far! (I can now configure, make, make install and )
************************************************************************
#This is my simple start up script!
#!/bin/sh
#Script to start ntop v3
cd /usr/local/ntop/bin
sudo ./ntop -u root -i en0 -w 3000 -m 192.168.0.5/24 =ADd
=20
************************************************************************
=20
Last login: Wed Apr 21 22:13:33 on ttyp2
Welcome to Darwin!
[G3-Laptop:~] reab% /Users/reab/Desktop/StartnTop3.command; exit
Wed Apr 21 22:13:46 2004 ntop v.3.0.0 MT (SSL)
Wed Apr 21 22:13:46 2004 Configured on Mar 23 2004 9:41:54, built on Mar
23 2004 09:44:09.
Wed Apr 21 22:13:46 2004 Copyright 1998-2004 by Luca Deri
Wed Apr 21 22:13:46 2004 Get the freshest ntop from http://www.ntop.org/
Wed Apr 21 22:13:46 2004 Initializing ntop
Wed Apr 21 22:13:46 2004 Checking en0 for additional devices
Wed Apr 21 22:13:46 2004 Resetting traffic statistics for device en0
Wed Apr 21 22:13:46 2004 DLT: Device 0 [en0] is 1, mtu 1514, header 14
Wed Apr 21 22:13:46 2004 Initializing gdbm databases
Wed Apr 21 22:13:46 2004 Now running as requested user 'root' (0:0)
Wed Apr 21 22:13:46 2004 VENDOR: Loading MAC address table.
Wed Apr 21 22:13:46 2004 VENDOR: Checking for MAC address table file
Wed Apr 21 22:13:46 2004 VENDOR: File
'/usr/local/ntop/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
Wed Apr 21 22:13:46 2004 VENDOR: ntop continues ok
Wed Apr 21 22:13:46 2004 VENDOR: Checking for MAC address table file
Wed Apr 21 22:13:46 2004 VENDOR: File '/usr/local/ntop/etc/ntop/oui.txt.gz=
'
does not need to be reloaded
Wed Apr 21 22:13:46 2004 VENDOR: ntop continues ok
Wed Apr 21 22:13:46 2004 INIT: Bye bye: I'm becoming a daemon...
Wed Apr 21 22:13:46 2004 INIT: Parent process is exiting (this is normal)
logout
[Process completed]
=20
************************************************************************
ntop starts during this then produces the following error:
=20
[G3-Laptop:local/ntop/bin] reab% dyld: ./ntop Undefined symbols:
_pcap_lib_version
_pcap_lib_version
************************************************************************
Running 'top' in terminal shows ntop process name changes to crashdump and
then disappears, ntop now not running. I can't find a crash log either!
************************************************************************
My question is what is _pcap_lib_version (shown twice) and why should
undefined symbols shut it down? Is it me?
Help! Anyone! - I'm sure this version is going to be great (version 2.0.1
was OK for me and I've had to temporarily revert back to it) but this is
becoming hard work! I did use Fink to get libpng and then cp'd the two file=
s
(original and alias) to the /usr/local/lib/ which is where all the other
ntop support libraries are.
When I can get this working smoothly I'll post the steps that I took for
others to follow on this list as Apples web site makes no mention of these
issues.
If I can get this to work I may even attempt MRTG on a PC !
Roger Burningham
--__--__--
Message: 3
Organization: Centro di Servizi per la rete di Ateneo - Pisa - Italy
From: "Burton M. Strauss III"
To:
Subject: RE: [Ntop] Multiple sFlow interfaces?
Date: Fri, 23 Apr 2004 12:04:47 -0500
Reply-To: [EMAIL PROTECTED]
Basically, there is just one listener - for all sflow input. So while there
could be multiple sources, the data will get comingled into a single ntop
virtual NIC. For most people, that's what they really want - a consolidated
network picture.
To change that to multiple virtual NICs you'll have to hack the code in
sflowPlugin.com. It's certainly doable - contact me off list if you're
interested in sponsoring the work.
-----Burton
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chris
> Moore - GMD
> Sent: Friday, April 23, 2004 11:06 AM
> To: '[EMAIL PROTECTED]'
> Subject: [Ntop] Multiple sFlow interfaces?
>
>
> Hi,
>
> I'm beginning the process of deploying Ntop for key interfaces
> throughout my
> network. My original idea was to deploy one Ntop box per interface and
> naming them according to what they're monitoring, but that adds
> up to a lot
> of machines. In some cases I'll just put multiple NICs in a box to
> consolidate them to fewer machines.
>
> But in some cases it's more practical to use sFlow rather than a mirrored
> port. But to do this using one Ntop box, I need to figure out how to
> configure and (hopefully) uniquely name multiple sFlow virtual interfaces,
> running multiple sFlow plugins listening to different ports. So far I've
> been unable to find any discussion about how/if this might be
> accomplished.
>
> In other words (in case I garbled the above), when a user clicks
> on "Switch
> NICs" they might see something like this:
>
> Available Network Interfaces:
>
> *Eth0
> *sFlow - Router 1
> *sFlow - Router 2
>
> Any ideas/resources?
>
> Thanks,
>
> Chris
>
> _____________________________________________
> Chris Moore
> WAN Engineer
> Guardian Mortgage Documents
>
> [EMAIL PROTECTED]
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop
--__--__--
Message: 4
Organization: Centro di Servizi per la rete di Ateneo - Pisa - Italy
From: "Burton M. Strauss III"
To:
Subject: RE: [Ntop] Mac OSX 10.3, v3 ntop and missing libraries!
Date: Fri, 23 Apr 2004 12:04:47 -0500
Reply-To: [EMAIL PROTECTED]
Well, those symbols are for libpcap, the packet capture library, which is
the single most important of the required libraries.
IIRC, pcap_version was added in 0.7.1 (but I'm fuzzy on that).
Try installing or upgrading your libpcap.
-----Burton
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger
> Burningham
> Sent: Friday, April 23, 2004 11:42 AM
> To: [EMAIL PROTECTED]
> Subject: [Ntop] Mac OSX 10.3, v3 ntop and missing libraries!
> Importance: High
>
>
> Oh dear,
>
> Using a command line has been a learning curve for this Mac fanatic BUT:
>
> I've installed version 3 along with many 'missing' libraries i.e.
> Png, X11,
> gdbm and gd. I now get the following problem under OSX 10.3 - so
> near yet so
> far! (I can now configure, make, make install and )
>
> ************************************************************************
>
> #This is my simple start up script!
> #!/bin/sh
> #Script to start ntop v3
>
> cd /usr/local/ntop/bin
> sudo ./ntop -u root -i en0 -w 3000 -m 192.168.0.5/24 ­d
>
> ************************************************************************
>
> Last login: Wed Apr 21 22:13:33 on ttyp2
> Welcome to Darwin!
> [G3-Laptop:~] reab% /Users/reab/Desktop/StartnTop3.command; exit
> Wed Apr 21 22:13:46 2004 ntop v.3.0.0 MT (SSL)
> Wed Apr 21 22:13:46 2004 Configured on Mar 23 2004 9:41:54, built on Mar
> 23 2004 09:44:09.
> Wed Apr 21 22:13:46 2004 Copyright 1998-2004 by Luca Deri
> Wed Apr 21 22:13:46 2004 Get the freshest ntop from http://www.ntop.org/
> Wed Apr 21 22:13:46 2004 Initializing ntop
> Wed Apr 21 22:13:46 2004 Checking en0 for additional devices
> Wed Apr 21 22:13:46 2004 Resetting traffic statistics for device en0
> Wed Apr 21 22:13:46 2004 DLT: Device 0 [en0] is 1, mtu 1514, header 14
> Wed Apr 21 22:13:46 2004 Initializing gdbm databases
> Wed Apr 21 22:13:46 2004 Now running as requested user 'root' (0:0)
> Wed Apr 21 22:13:46 2004 VENDOR: Loading MAC address table.
> Wed Apr 21 22:13:46 2004 VENDOR: Checking for MAC address table file
> Wed Apr 21 22:13:46 2004 VENDOR: File
> '/usr/local/ntop/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
> Wed Apr 21 22:13:46 2004 VENDOR: ntop continues ok
> Wed Apr 21 22:13:46 2004 VENDOR: Checking for MAC address table file
> Wed Apr 21 22:13:46 2004 VENDOR: File
> '/usr/local/ntop/etc/ntop/oui.txt.gz'
> does not need to be reloaded
> Wed Apr 21 22:13:46 2004 VENDOR: ntop continues ok
> Wed Apr 21 22:13:46 2004 INIT: Bye bye: I'm becoming a daemon...
> Wed Apr 21 22:13:46 2004 INIT: Parent process is exiting (this is normal)
> logout
> [Process completed]
>
> ************************************************************************
> ntop starts during this then produces the following error:
>
> [G3-Laptop:local/ntop/bin] reab% dyld: ./ntop Undefined symbols:
> _pcap_lib_version
> _pcap_lib_version
>
> ************************************************************************
> Running 'top' in terminal shows ntop process name changes to crashdump and
> then disappears, ntop now not running. I can't find a crash log either!
> ************************************************************************
>
> My question is what is _pcap_lib_version (shown twice) and why should
> undefined symbols shut it down? Is it me?
>
> Help! Anyone! - I'm sure this version is going to be great (version 2.0.1
> was OK for me and I've had to temporarily revert back to it) but this is
> becoming hard work! I did use Fink to get libpng and then cp'd
> the two files
> (original and alias) to the /usr/local/lib/ which is where all the other
> ntop support libraries are.
>
> When I can get this working smoothly I'll post the steps that I took for
> others to follow on this list as Apples web site makes no mention of these
> issues.
>
> If I can get this to work I may even attempt MRTG on a PC !
>
> Roger Burningham
>
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop
--__--__--
Message: 5
Organization: Centro di Servizi per la rete di Ateneo - Pisa - Italy
From: "Burton M. Strauss III"
To:
Subject: RE: [Ntop] ntop segfaults with high traffic (PR DCNT6SB)
Date: Fri, 23 Apr 2004 12:05:55 -0500
Reply-To: [EMAIL PROTECTED]
There's nothing obviously weird... but obviously the PR is generated before
the failure :-)
1. How long does it stay running (seconds, minutes, hours?)
2. What are the last log messages, esp if you run with --trace-level 6?
3. Can you run under gdb - instructions are in the docs/FAQ file - and
capture the actual failure information?
-----Burton
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Steven Fowle
> Sent: Friday, April 23, 2004 10:01 AM
> To: [EMAIL PROTECTED]
> Subject: [Ntop] ntop segfaults with high traffic
>
>
>
> n t o p v e r s i o n '3.0 SourceForge RPM' p r o b l e m
> r e p o r t
>
> From: Steve
>
> EMail: [EMAIL PROTECTED]
>
>
> Date: Fri 23 Apr 2004 02:35:31 PM GMT
>
> Problem Report Id: PR_DCNT6SB
>
> ------------------------------------------------------------------
> ----------
> Summary: ntop segfaults with high traffic
>
--__--__--
Message: 6
Organization: Centro di Servizi per la rete di Ateneo - Pisa - Italy
Date: Fri, 23 Apr 2004 10:17:33 -0700
From: Mike Hunter
To: [EMAIL PROTECTED]
Subject: Re: [Ntop] Multiple sFlow interfaces?
Reply-To: [EMAIL PROTECTED]
On Apr 23, "Chris Moore - GMD" wrote:
> Hi,
>
> I'm beginning the process of deploying Ntop for key interfaces throughout my
> network. My original idea was to deploy one Ntop box per interface and
> naming them according to what they're monitoring, but that adds up to a lot
> of machines. In some cases I'll just put multiple NICs in a box to
> consolidate them to fewer machines.
>
> But in some cases it's more practical to use sFlow rather than a mirrored
> port. But to do this using one Ntop box, I need to figure out how to
> configure and (hopefully) uniquely name multiple sFlow virtual interfaces,
> running multiple sFlow plugins listening to different ports. So far I've
> been unable to find any discussion about how/if this might be accomplished.
>
> In other words (in case I garbled the above), when a user clicks on "Switch
> NICs" they might see something like this:
>
> Available Network Interfaces:
>
> *Eth0
> *sFlow - Router 1
> *sFlow - Router 2
>
> Any ideas/resources?
Would it amount to a lot of wasted cycles to run multiple instances of
ntop on the same machine, one per desired sflow interface?
--__--__--
Message: 7
Organization: Centro di Servizi per la rete di Ateneo - Pisa - Italy
Date: Fri, 23 Apr 2004 16:21:33 -0700
From: Kenneth Porter
To: [EMAIL PROTECTED]
Subject: RE: [Ntop] RPM's
Reply-To: [EMAIL PROTECTED]
--On Thursday, April 22, 2004 11:20 AM -0300 Wilson Pires Jr
wrote:
> How can I use src.rpm instead?
rpmbuild --rebuild foo.src.rpm
I recommend doing this:
useradd buildmeister
su -l buildmeister
mkdir BUILD RPMS SOURCES SPECS SRPMS
echo '%_topdir /home/buildmeister' > ~/.rpmmacros
Now you can rebuild source RPM's as a mortal.
Lots more info here, including mailing lists:
http://rpm.org/
--__--__--
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
End of Ntop Digest
