[Ntop] ntop chokes under load

[Neal Rauhauser]

I have a FreeBSD 4.11 box with 256 meg of ram, a P3/700,  and a ten gig 
disk. The machine has two integrated Intel fxp type ethernet cards and 
does nothing but ntop. The link it is monitoring is a peering connection 
between two fairly large ISPs and it carries about four mbits of traffic 
with many, many src/dst pairs on a continuous basis.

I installed FreeBSD 4.11, used cvsup to update /usr/ports, then built 
and installed ntop. I start it using /usr/local/etc/rc.d/ntop.sh, it 
runs fine for about four minutes, then it stops collecting statistics. 
The contents of /var/log/messages seems relevant - look at the ioctl 
error messages near the very end of the listing. I also included the 
details on what packages are installed on the box - any suggestions?


Mar 18 13:37:12 hunter ntop[62335]:   ntop v.3.1 MT (SSL)
Mar 18 13:37:12 hunter ntop[62335]:   Configured on Mar 14 2005 
12:07:13, built on Mar 14 2005 12:08:50.
Mar 18 13:37:12 hunter ntop[62335]:   Copyright 1998-2004 by Luca Deri 
<[EMAIL PROTECTED]>
Mar 18 13:37:12 hunter ntop[62335]:   Get the freshest ntop from 
http://www.ntop.org/
Mar 18 13:37:12 hunter ntop[62335]:   Initializing ntop
Mar 18 13:37:12 hunter ntop[62335]:   NONBLOCK: pcap_setnonblock(), 
device 0, succeeded
Mar 18 13:37:12 hunter ntop[62335]:   **WARNING** NONBLOCK: cpu usage 
may be high - see man page and FAQ
Mar 18 13:37:12 hunter ntop[62335]:   Checking fxp1 for additional devices
Mar 18 13:37:12 hunter ntop[62335]:   Resetting traffic statistics for 
device fxp1
Mar 18 13:37:12 hunter ntop[62335]:   DLT: Device 0 [fxp1] is 1, mtu 
1514, header 14
Mar 18 13:37:12 hunter ntop[62335]:   Initializing gdbm databases
Mar 18 13:37:12 hunter ntop[62335]:   VENDOR: Loading MAC address table.
Mar 18 13:37:12 hunter ntop[62335]:   VENDOR: Checking for MAC address 
table file
Mar 18 13:37:12 hunter ntop[62335]:   VENDOR: File 
'/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
Mar 18 13:37:12 hunter ntop[62335]:   VENDOR: ntop continues ok
Mar 18 13:37:12 hunter ntop[62335]:   VENDOR: Checking for MAC address 
table file
Mar 18 13:37:12 hunter ntop[62335]:   VENDOR: File 
'/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded
Mar 18 13:37:12 hunter ntop[62335]:   VENDOR: ntop continues ok
Mar 18 13:37:12 hunter ntop[62335]:   Fingeprint: Loading signature file.
Mar 18 13:37:12 hunter ntop[62335]:   Fingeprint: ...loaded 1697 records
Mar 18 13:37:12 hunter ntop[62335]:   INIT: Parent process is exiting 
(this is normal)
Mar 18 13:37:12 hunter ntop[62336]:   INIT: Bye bye: I'm becoming a 
daemon...
Mar 18 13:37:12 hunter ntop[62336]:   Now running as a daemon
Mar 18 13:37:12 hunter ntop[62336]:   ASN: Checking for Autonomous 
System Number table file
Mar 18 13:37:12 hunter ntop[62336]:   **WARNING** ASN: Unable to open 
file 'AS-list.txt'
Mar 18 13:37:12 hunter ntop[62336]:   I18N: This instance of ntop does 
not support multiple languages
Mar 18 13:37:12 hunter ntop[62336]:   IP2CC: Checking for IP address <-> 
Country Code mapping file
Mar 18 13:37:12 hunter ntop[62336]:   IP2CC: Loading file 
'/usr/local/etc/ntop/p2c.opt.table.gz'
Mar 18 13:37:14 hunter ntop[62336]:   IP2CC: ...found 52395 lines
Mar 18 13:37:14 hunter ntop[62336]:   GDVERCHK: Guessing at libgd version
Mar 18 13:37:14 hunter ntop[62336]:   GDVERCHK: ... as 2.0.21+
Mar 18 13:37:14 hunter ntop[62336]:   Initializing external applications
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Started thread 
(141537280) for network packet analyser
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Started thread 
(141539328) for fingerprinting
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Started thread 
(141540352) for idle hosts detection
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Started thread 
(141541376) for DNS address resolution
Mar 18 13:37:14 hunter ntop[62336]:   Calling plugin start functions (if 
any)
Mar 18 13:37:14 hunter ntop[62336]:   SSL: Initializing...
Mar 18 13:37:14 hunter ntop[62336]:   SSL_PRNG: Automatically initialized!
Mar 18 13:37:14 hunter ntop[62336]:   SSL initialized successfully
Mar 18 13:37:14 hunter ntop[62336]:   INITWEB: Initializing web server
Mar 18 13:37:14 hunter ntop[62336]:   INITWEB: Initializing tcp/ip 
socket connections for web server
Mar 18 13:37:14 hunter ntop[62336]:   INITWEB: Initialized socket, port 
3000, address (any)
Mar 18 13:37:14 hunter ntop[62336]:   INITWEB: Waiting for HTTP 
connections on port 3000
Mar 18 13:37:14 hunter ntop[62336]:   INITWEB: Initialized ssl socket, 
port 3001, address (any)
Mar 18 13:37:14 hunter ntop[62336]:   INITWEB: Waiting for HTTPS (SSL) 
connections on port 3001
Mar 18 13:37:14 hunter ntop[62336]:   INITWEB: Starting web server
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Started thread 
(141543424) for web server
Mar 18 13:37:14 hunter ntop[62336]:   Listening on [fxp1]
Mar 18 13:37:14 hunter ntop[62336]:   Loading Plugins
Mar 18 13:37:14 hunter ntop[62336]:   Searching for plugins in 
/usr/local/lib/ntop/plugins
Mar 18 13:37:14 hunter ntop[62336]:   ICMP: Welcome to icmpWatchPlugin. 
(C) 1999-2004 by Luca Deri
Mar 18 13:37:14 hunter ntop[62336]:   LASTSEEN: Welcome to 
LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni
Mar 18 13:37:14 hunter ntop[62336]:   NETFLOW: Welcome to NetFlow.(C) 
2002-04 by Luca Deri
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Packet processor 
thread running...
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Fingerprint scan 
thread running...
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Idle host scan thread 
running...
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Address resolution 
thread running...
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: web connections thread 
(62336) started...
Mar 18 13:37:14 hunter ntop[62336]:   Note: SIGPIPE handler set (ignore)
Mar 18 13:37:14 hunter ntop[62336]:   WEB: ntop's web server is now 
processing requests
Mar 18 13:37:14 hunter ntop[62336]:   PDA: Welcome to PDAPlugin. (C) 
2001-2004 by L.Deri and W.Brock
Mar 18 13:37:14 hunter ntop[62336]:   RRD: Welcome to rrdPlugin. (C) 
2002-04 by Luca Deri.
Mar 18 13:37:14 hunter ntop[62336]:   SNMP: Welcome to snmpPlugin. (C) 
2004 by F.Fusco and G.Giardina
Mar 18 13:37:14 hunter ntop[62336]:   SFLOW: Welcome to sFlow.(C) 
2002-04 by Luca Deri
Mar 18 13:37:14 hunter ntop[62336]:   XML: Welcome to xmldump plugin. 
(C) 2003-2004 by Burton Strauss
Mar 18 13:37:14 hunter ntop[62336]:   Calling plugin start functions (if 
any)
Mar 18 13:37:14 hunter ntop[62336]:   RRD: Welcome to the RRD plugin
Mar 18 13:37:14 hunter ntop[62336]:   RRD: Mask for new directories is 0700
Mar 18 13:37:14 hunter ntop[62336]:   RRD: Mask for new files is 0066
Mar 18 13:37:14 hunter ntop[62336]:   RRD: Started thread (147308544) 
for data collection.
Mar 18 13:37:14 hunter ntop[62336]:   NETFLOW: no devices to initialize
Mar 18 13:37:14 hunter ntop[62336]:   Now running as requested user 
'nobody' (65534:65534)
Mar 18 13:37:14 hunter ntop[62336]:   INIT: Created pid file 
(/var/db/ntop/ntop.pid)
Mar 18 13:37:14 hunter ntop[62336]:   Note: Reporting device initally 
set to 0 [fxp1]
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: Started thread 
(147309568) for network packet sniffing on fxp1
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: rrd thread (147308544) 
started
Mar 18 13:37:14 hunter ntop[62336]:   THREADMGMT: pcapDispatch(fxp1) 
thread running...
Mar 18 13:39:52 hunter ntop[62336]:   **WARNING** Address resolution 
queue is full [4096 slots]
Mar 18 13:39:52 hunter ntop[62336]:   Addresses in excess won't be 
resolved - ntop continues
Mar 18 13:41:28 hunter ntop[62336]:   **ERROR** Reading packets on 
device 0 (fxp1): 'read: Inappropriate ioctl for device'
Mar 18 13:41:28 hunter ntop[62336]:   THREADMGMT: pcapDispatch thread 
terminated...
Mar 18 13:43:15 hunter ntop[62361]:   **ERROR** http generation failed, 
alarm() tripped. Please report this to ntop-dev list!
Mar 18 13:43:18 hunter ntop[62362]:   **ERROR** http generation failed, 
alarm() tripped. Please report this to ntop-dev list!
Mar 18 13:45:12 hunter ntop[62336]:   CLEANUP: ntop caught signal 15
Mar 18 13:45:12 hunter ntop[62336]:   CLEANUP: Cleaning up, set 
FLAG_NTOPSTATE_TERM
Mar 18 13:45:12 hunter ntop[62336]:   SIGPIPE: Handled (ignored) 0 errors
Mar 18 13:45:12 hunter ntop[62336]:   CLEANUP: Locking purge mutex (may 
block for a little while)
Mar 18 13:45:12 hunter ntop[62336]:   CLEANUP: Locked purge mutex, 
continuing shutdown
Mar 18 13:45:12 hunter ntop[62336]:   FREE_HOST: Start, 1 device(s)
Mar 18 13:45:13 hunter ntop[62336]:   FREE_HOST: End, freed 5533
Mar 18 13:45:13 hunter ntop[62336]:   PLUGIN_TERM: Unloading plugins (if 
any)
Mar 18 13:45:13 hunter ntop[62336]:   RRD: Locking mutex (may block for 
a little while)
Mar 18 13:45:13 hunter ntop[62336]:   RRD: Locked mutex, continuing shutdown
Mar 18 13:45:13 hunter ntop[62336]:   RRD: killThread() succeeded
Mar 18 13:45:13 hunter ntop[62336]:   RRD: Thanks for using the rrdPlugin
Mar 18 13:45:13 hunter ntop[62336]:   RRD: Done
Mar 18 13:45:13 hunter ntop[62336]:   NETFLOW: Terminating NetFlow
Mar 18 13:45:13 hunter ntop[62336]:   NETFLOW: no devices to terminate ()
Mar 18 13:45:13 hunter ntop[62336]:   NETFLOW: Thanks for using ntop NetFlow
Mar 18 13:45:13 hunter ntop[62336]:   NETFLOW: Done
Mar 18 13:45:13 hunter ntop[62336]:   CLEANUP: Freeing device fxp1 (idx=0)
Mar 18 13:45:13 hunter ntop[62336]:   STATS: 410,567 packets received by 
filter on fxp1
Mar 18 13:45:13 hunter ntop[62336]:   STATS: 220,232 packets dropped 
(according to libpcap)
Mar 18 13:45:13 hunter ntop[62336]:   STATS: 0 packets dropped (by ntop)
Mar 18 13:45:13 hunter ntop[62336]:   TERM: Removed pid file 
(/var/db/ntop/ntop.pid)

expat-1.95.8        XML 1.0 parser written in C
freetype2-2.1.9     A free and portable TrueType font rendering engine
gd-2.0.33_1,1       A graphics library for fast creation of images
gdbm-1.8.3_1        The GNU database manager
gettext-0.14.1      GNU gettext package
gmake-3.80_2        GNU version of 'make' utility
jpeg-6b_3           IJG's jpeg compression utilities
libgnugetopt-1.2    GNU getopt library
libiconv-1.9.2_1    A character set conversion library
libnet-1.0.2a,1     A C library for creating IP packets
libtool-1.3.5_2     Generic shared library support script (version 1.3)
libtool-1.5.10_1    Generic shared library support script (version 1.5)
lrzsz-0.12.20_1     Receive/Send files via X/Y/ZMODEM protocol.  (unrestrictive
m4-1.4.1            GNU m4
minicom-2.1         An MS-DOS Telix serial communication program "workalike"
nmap-3.81           Port scanning utility for large networks
ntop-3.1_1          Network monitoring tool with command line and web interface
pcre-5.0            Perl Compatible Regular Expressions library
pkgconfig-0.15.0_1  A utility used to retrieve information about installed libr
png-1.2.8_1         Library for manipulating PNG images
--
"Now my sails are filling, with winds so willing, and I'm as good as gone 
again" - Saint of Circumstance
_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop