Gary Gatten wrote:
Your system looks like it has plenty of power. The dnsCache.db file has
given me problems in the past. Once it starts getting "big" nTop seems
to die more and more frequently.
What is your CPU load averages and % util when it's up? Do you have rrd
enabled? What is the size of your RCV queue for the netflow udp port
when you run 'netstat -a'?
Some other things to try:
-t 5 = most verbose logging
-x and -X: I've doubled the defaults
Check out the globaldefines.h TONS of tweaks in there, several that
could fix your name resolution failures mentioned below. Not sure why
these tweaks aren't available in a runtime config file? That would be
nice!
Tweaking the defaults all depends on how many hosts your monitoring and
how chatty they are. I have 3,000'ish local + internet hosts, so
defaults didn't work to well for me.
Gary
Hey thanks for the suggestions but i tried all of them save for editing
the globaldefines.h for the time being
To answer from before yes i'm running rrd and the netstat -a doesn't
show any queue as far as i know
I don't have nearly 3000 local hosts it's closer to 75 +/-25
Total CPU usage sits around 3-6% or so
Ntop seems to be utilizing less than 1% cpu
and about 2-3% memory
Seems to still die quietly even with the debug level turned up to 5
Here's a log output if it gives anyone ideas
TIA
James
Oct 25 10:24:51 server ntop[14018]: [MSGID0578348] **WARNING** packet
truncated (8814->8232)
Oct 25 10:24:51 server ntop[14018]: [MSGID0578348] **WARNING** packet
truncated (8814->8232)
Oct 25 10:24:51 server ntop[14018]: [MSGID0578348] **WARNING** packet
truncated (13194->8232)
Oct 25 10:24:51 server ntop[14018]: [MSGID0578348] **WARNING** packet
truncated (11734->8232)
Oct 25 10:24:51 server ntop[14018]: [MSGID0578348] **WARNING** packet
truncated (13194->8232)
Oct 25 10:26:49 server ntop[14018]: [MSGID8757584] SFP: Ending
fingerprint scan cycle 2 - checked 1, resolved 1
Oct 25 10:26:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 0
[eth0] FINISHED selection, 0 [out of 51] hosts selected
Oct 25 10:26:49 server ntop[14018]: [MSGID8439789] IDLE_PURGE: Device
eth0: no hosts [out of 50] deleted
Oct 25 10:26:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 1
[NetFlow-device.2] FINISHED selection, 0 [out of 51] hosts selected
Oct 25 10:26:49 server ntop[14018]: [MSGID8439789] IDLE_PURGE: Device
NetFlow-device.2: no hosts [out of 50] deleted
Oct 25 10:27:14 server ntop[14018]: [MSGID8989160] RRD: Cycle 2 ended,
78 RRDs updated, 0.019 seconds
Oct 25 10:28:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 0
[eth0] FINISHED selection, 0 [out of 51] hosts selected
Oct 25 10:28:49 server ntop[14018]: [MSGID8439789] IDLE_PURGE: Device
eth0: no hosts [out of 50] deleted
Oct 25 10:28:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 1
[NetFlow-device.2] FINISHED selection, 0 [out of 51] hosts selected
Oct 25 10:28:49 server ntop[14018]: [MSGID8439789] IDLE_PURGE: Device
NetFlow-device.2: no hosts [out of 50] deleted
Oct 25 10:30:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 0
[eth0] FINISHED selection, 0 [out of 51] hosts selected
Oct 25 10:30:49 server ntop[14018]: [MSGID8439789] IDLE_PURGE: Device
eth0: no hosts [out of 50] deleted
Oct 25 10:30:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 1
[NetFlow-device.2] FINISHED selection, 0 [out of 51] hosts selected
Oct 25 10:30:49 server ntop[14018]: [MSGID8439789] IDLE_PURGE: Device
NetFlow-device.2: no hosts [out of 50] deleted
Oct 25 10:32:13 server ntop[14018]: [MSGID8989160] RRD: Cycle 3 ended,
78 RRDs updated, 0.007 seconds
Oct 25 10:32:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 0
[eth0] FINISHED selection, 4 [out of 51] hosts selected
Oct 25 10:32:49 server ntop[14018]: [MSGID8477291] IDLE_PURGE: Device 0
[eth0]: 4/50 hosts deleted, elapsed time is 0.020674 seconds (0.005168
per host)
Oct 25 10:32:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 1
[NetFlow-device.2] FINISHED selection, 18 [out of 51] hosts selected
Oct 25 10:32:49 server ntop[14018]: [MSGID8477291] IDLE_PURGE: Device 1
[NetFlow-device.2]: 18/50 hosts deleted, elapsed time is 0.019502
seconds (0.001083 per host)
Oct 25 10:32:49 server ntop[14018]: [MSGID9233555] MAC prefix
'00:14:C2' not found in vendor database
Oct 25 10:34:19 server ntop[14018]: [MSGID8757584] SFP: Ending
fingerprint scan cycle 5 - checked 2, resolved 2
Oct 25 10:34:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 0
[eth0] FINISHED selection, 0 [out of 51] hosts selected
Oct 25 10:34:49 server ntop[14018]: [MSGID8439789] IDLE_PURGE: Device
eth0: no hosts [out of 50] deleted
Oct 25 10:34:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 1
[NetFlow-device.2] FINISHED selection, 5 [out of 51] hosts selected
Oct 25 10:34:49 server ntop[14018]: [MSGID8477291] IDLE_PURGE: Device 1
[NetFlow-device.2]: 5/50 hosts deleted, elapsed time is 0.019518 seconds
(0.003904 per host)
Oct 25 10:36:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 0
[eth0] FINISHED selection, 4 [out of 51] hosts selected
Oct 25 10:36:49 server ntop[14018]: [MSGID8477291] IDLE_PURGE: Device 0
[eth0]: 4/50 hosts deleted, elapsed time is 0.019556 seconds (0.004889
per host)
Oct 25 10:36:49 server ntop[14018]: [MSGID0825709] IDLE_PURGE: Device 1
[NetFlow-device.2] FINISHED selection, 0 [out of 51] hosts selected
Oct 25 10:36:49 server ntop[14018]: [MSGID8439789] IDLE_PURGE: Device
NetFlow-device.2: no hosts [out of 50] deleted
Oct 25 10:37:13 server ntop[14018]: [MSGID8989160] RRD: Cycle 4 ended,
81 RRDs updated, 0.011 seconds
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
