I had continual problems with FreeBSD and ntop 3.1, in fact all of the BSD's. I installed Linux on a box and ntop has ran fine. However, I have ntop (ver 3.0) on one FreeBSD 4.9 box and it runs great for several months now, no problems. I think you will find ntop life much easier on a Linux box.
Shane ----- Original Message ----- From: "Stanley Hopcroft" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, December 23, 2004 5:19 AM Subject: [Ntop] FYI "De fault wid dis system is you,.." 3.1 on FreeBSD 4.x Dear Ladies and Gentlemen, I am writing to report a potentially severe problem with 3.1 on FreeBSD 4.10 (RELEASE). Unfortunately, however, I am delighted to say that after the time it took for me to collect the data below, the problem has ceased. FYI, when ntop 3.1 starts with the --set-pcap-nonblocking option on FreeBSD 4.x, as noted in the FAQ, it _eats_ CPU: on the system below, top reports that the least share of CPU cycles consumed by ntop is 60% - this monitoring a flow of <= 256 kbps (kilo _not_ mega). Like 3.0, however, this usage gradually falls down to more acceptable levels. Unlike 3.0 it takes longer to do so (prob between 10-15 minutes). Please accept my gratitude to the developers of Ntop for sharing their labour, and my best wishes for them and their families at Christmas. I can't wait to see the new look and feel ... Yours sincerely. -- Stanley Hopcroft IP Australia Ph: (02) 6283 3189 Fax: (02) 6281 1353 PO Box 200 Woden ACT 2606 http://www.ipaustralia.gov.au Details tssyd# uname -a FreeBSD tssyd 4.10-RELEASE-p5 FreeBSD 4.10-RELEASE-p5 #1: Sat Dec 4 20:27:57 EST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/TSSYD i386 Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.10-RELEASE-p5 #1: Sat Dec 4 20:27:57 EST 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/TSSYD Timecounter "i8254" frequency 1193182 Hz Timecounter "TSC" frequency 666679001 Hz CPU: Intel Pentium III (666.68-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x683 Stepping = 3 Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,C MOV,PAT,PSE36,MMX,FXSR,SSE> real memory = 134152192 (131008K bytes) avail memory = 127959040 (124960K bytes) tssyd# top -b last pid: 80427; load averages: 0.91, 0.38, 0.15 up 19+00:09:25 21:03:28 17 processes: 2 running, 15 sleeping Mem: 38M Active, 50M Inact, 23M Wired, 4180K Cache, 22M Buf, 8828K Free Swap: 241M Total, 1484K Used, 239M Free PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 80407 nobody 64 0 37700K 25060K RUN 2:27 99.08% 99.02% ntop 81 root 2 0 2596K 632K select 1:26 0.00% 0.00% sshd 84 root 2 0 3056K 912K select 0:39 0.00% 0.00% sendmail 72 root 2 0 1316K 348K select 0:33 0.00% 0.00% ntpd tsitc> lynx -dump -nolist http://tssyd:3000/info.html REFRESH(120 sec): http://tssyd:3000/info.html [ntop_logo.gif] xxx (C) 1998-2004 - L. Deri ntop Configuration Basic Information ntop Version 3.1 Configured on Dec 21 2004 22:05:54 Built on Dec 21 2004 22:06:56 OS i386-unknown-freebsd4.10 ntop Process Id 80407 http Process Id 80407 Command line Started as.... /usr/local/ntop/bin/ntop --skip-version-check --disable-schedyield --set-pcap-nonblocking -o -c -u nobody -d -P /var/log/ntop -w 3000 -i fxp0 -p HTTP=http|https,DNS=domain,Ntop=3000,NBios-IP=netbios-ns|netbios-dgm|n etbios-ssn|microsoft-ds,Mail=lotusnote|pop2|pop3|kpop|smtp|imap,SNMP=s nmp|snmptrap,Telnet=telnet,Cache=3128,BEA=7000-7010,SSH=ssh,TSMBackup= 1500,SAP=3202,PSCAM=4754,Virus=2967,LPD=515,PCAny=5631|5632,FTP=ftp|ft p-data -B ether host 00:60:47:1e:bb:aa Resolved to.... /usr/local/ntop/bin/ntop --skip-version-check --disable-schedyield --set-pcap-nonblocking -o -c -u nobody -d -P /var/log/ntop -w 3000 -i fxp0 -p HTTP=http|https,DNS=domain,Ntop=3000,NBios-IP=netbios-ns|netbios-dgm|n etbios-ssn|microsoft-ds,Mail=lotusnote|pop2|pop3|kpop|smtp|imap,SNMP=s nmp|snmptrap,Telnet=telnet,Cache=3128,BEA=7000-7010,SSH=ssh,TSMBackup= 1500,SAP=3202,PSCAM=4754,Virus=2967,LPD=515,PCAny=5631|5632,FTP=ftp|ft p-data -B ether host 00:60:47:1e:bb:aa Preferences used NOTE: (effective) means that this is the value after ntop has processed the parameter.(default) means this is the default value, usually (but not always) set by a #define in globals-defines.h. -a | --access-log-file (default) (nil) -b | --disable-decoders (default) No -c | --sticky-hosts Yes -d | --daemon Yes -e | --max-table-rows (default) 128 -f | --traffic-dump-file (default) (nil) -g | --track-local-hosts (default) Track all hosts -o | --no-mac Don't trust MAC Addresses -i | --interface (effective) fxp0 -j | --create-other-packets (default) Disabled -k | --filter-expression-in-extra-frame (default) No -l | --pcap-log (default) (nil) -m | --local-subnets (effective) (default) (nil) -n | --numeric-ip-addresses (default) No -p | --protocols HTTP -q | --create-suspicious-packets (default) Disabled -r | --refresh-time (default) 120 -s | --no-promiscuous (default) No -t | --trace-level (default) 3 -u | --user nobody (uid=65534, gid=65534) -w | --http-server (default) Active, all interfaces, port 3000 -z | --disable-sessions (default) No -B | --filter-expression ether host 00:60:47:1e:bb:aa -D | --domain aipo.gov.au -F | --flow-spec (default) none -K | --enable-debug (default) No -L | --use-syslog daemon -M | --no-interface-merge (effective) (default) (Merging Interfaces) Yes -N | --wwn-map (default) (nil) -O | --pcap-file-path (default) /usr/local/ntop-3.1/var/ntop -P | --db-file-path /var/log/ntop -Q | --spool-file-path /var/log/ntop -U | --mapper (default) (nil) -W | --https-server Uninitialized --disable-schedYield Yes --disable-instantsessionpurge (default) No --disable-mutexextrainfo (default) No --disable-stopcap (default) No --fc-only (default) No --no-fc (default) No --no-invalid-lun (default) No --p3p-cp (default) none --p3p-uri (default) none --pcap-nonblocking Yes --skip-version-check Yes --ssl-watchdog (default) No --w3c (default) No NOTE: The --w3c flag makes the generated html MORE compatible with the w3c recommendations, but it in no way addresses all of the compatibility and markup issues. We would like to make ntop more compatible, but some basic issues of looking decent on real-world browsers mean it will never be 100%. If you find any issues, please report them to ntop-dev. Run time/Internal Web server URL http://any:3000 SSL Web server (https://) Not Active GDBM version GDBM version 1.8.3. 10/15/2002 (built Oct 6 2003 07:39:21) OpenSSL Version OpenSSL 0.9.7d 17 Mar 2004 zlib version 1.1.4 gd version (guess) 2.0.21+ Protocol Decoders Enabled Fragment Handling Enabled Tracking only local hosts No # IP Protocols Being Monitored 17 # Protocol slots 3950 # IP Ports Being Monitored 39 # IP Ports slots 78 WebServer Request Queue 10 Devices (Network Interfaces) 1 Domain name (short) au IP to country flag table (entries) 52395 Total Hash Collisions (Vendor/Special) (lookup) 0 ntop Web Server Item http:// https:// # Handled Requests 8 - # Successful requests (200) 7 - # Bad (We don't want to talk with you) requests 0 - # Invalid requests - 403 FORBIDDEN 0 - # Invalid requests - 404 NOT FOUND 0 - NOTE: * Counts may not total because of in-process requests. * Each request to the ntop web server - frameset, individual page, chart, etc. is counted separately # Handled SIGPIPE Errors 0 Host Memory Cache Limit #define MAX_HOSTS_CACHE_LEN 512 Current Size 0 Maximum Size 0 # Entries Reused 0 Packets Received 7111 Processed Immediately 7111 Queued 0 Current Queue 0 Maximum Queue 0 Host/Session counts - global Purged Hosts 0 Terminated Sessions 233 Host/Session counts - Device 0 (fxp0) Hash Bucket Size 1.9 KB Actual Hash Size 16384 Stored hosts 30 Bucket List Length [min 1][max 1][avg 1.0] Max host lookup 0 Session Bucket Size 260 Sessions 114 Max Num. Sessions 114 ----- Address Resolution ----- DNS Sniffing (other hosts requests) DNS Packets sniffed 66 DNS Packets processed 10 Stored in cache (includes aliases) 6 Queued - dequeueAddress() Total Queued 18 Not queued (duplicate) 0 Maximum Queued 9 Current Queue 0 DNS Lookup Calls: DNS resolution attempts 18 ....Success: Resolved 12 ....Failed 6 DNS lookups stored in cache 18 Host addresses kept numeric 6 NOTE: 'DNS lookups stored in cache' includes HOST_NOT_FOUND replies. Thus it may be larger than the number of 'Success: Resolved' queries. Thread counts Active 7 Dequeue 1 Children (active) 4 Directory (search) order Data Files . /usr/local/ntop-3.1/share/ntop Config Files . /usr/local/ntop-3.1/etc/ntop /etc Plugins ./plugins /usr/local/ntop-3.1/lib/ntop/plugins NOTE: REMEMBER that the . (current working directory) value will be different when you run ntop from the command line vs. a cron job or startup script! Compile Time: ./configure ./configure parameters --prefix=/usr/local/ntop-3.1 --disable-ssl --with-gd-include=/usr/local/include Built on (Host) i386-unknown-freebsd4.10 Built for(Target) i386-unknown-freebsd4.10 compiler (CFLAGS) gcc -g -O2 -I/usr/local/include -Wshadow -Wpointer-arith -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -fPIC -DHAVE_CONFIG_H include path -I/usr/local/include system libraries -L/usr/local/lib -lc_r -lc -lcrypt -lssl -lcrypto -lpcap -lgdbm -lgd -lpng -lz install path /usr/local/ntop-3.1 GNU C (gcc) version 2.95.4 20020320 [FreeBSD] (2.95.0) uname data sysname(FreeBSD) release(4.10-RELEASE-p5) version(FreeBSD 4.10-RELEASE-p5 #1: Sat) machine(i386) Internationalization (i18n) i18n enabled No [ Click here for a more extensive, text version of this page, suitable for inclusion into a bug report ] _________________________________________________________________ Report created on Thu Dec 23 21:09:26 2004 [ntop uptime: 8:26] Generated by ntop v.3.1 MT (SSL) [i386-unknown-freebsd4.10] Build: Dec 21 2004 22:06:56. Listening on [fxp0] with kernel (libpcap) filtering expression "ether host 00:60:47:1e:bb:aa" Web report active on interface fxp0 � 1998-2004 by Luca Deri ------------------------------------------------------------------------ -------- > > -- > This message contains privileged and confidential information only > for use by the intended recipient. If you are not the intended > recipient of this message, you must not disseminate, copy or use > it in any manner. If you have received this message in error, > please advise the sender by reply e-mail. Please ensure all > e-mail attachments are scanned for viruses prior to opening or > using. > ------------------------------------------------------------------------ -------- > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
