date:20160913

Re: [Ntop-misc] Even there are 16 child processes, ntopng only uses 2

2016-09-13 Thread Sacha Yunusic

For some reason, after 1 hour of nothing happening, everything goes fine now…

I’ll wait to happened again before open that ticket.. thanks.

From: ntop-misc-boun...@listgateway.unipi.it 
[mailto:ntop-misc-boun...@listgateway.unipi.it] On Behalf Of Luca Deri
Sent: martes, 13 de septiembre de 2016 14:34
To: ntop-misc@listgateway.unipi.it
Subject: Re: [Ntop-misc] Even there are 16 child processes,ntopng only uses 2

Sacha,

can you please file a ticket on github and attach the current status (# of 
hosts and flows etc) so we can trck this issue?

Luca

On 13 Sep 2016, at 18:32, Sacha Yunusic  wrote:

Hi!

I’m starting to use ntopng that is receiving flows from a Cisco switch 
4507 thru netflow.

I start nprobe and ntop in the same server (Dell R720, 24 cores, 128GB 
RAM, 1TB HD), and I can enter to the GUI, but as soon as I try to look into one 
specific host (http://server:4000/lua/host_details.lua?host=192.168.200.104 
 ), two child 
processes of ntopng takes 100% of one core each (so, two out of 24) and it 
takes forever this simple task.

Now, after 45 minutes since I click on that link, nothing happened and 
the browser is still “thinking”.

So, my questios are: 

-  Why is taking so much CPU for that simple task

-  Why it doesn’t use more CPU if there are 16 child processes 
and is only using two

I’m using ntopng Pro [Small Business Edition] v.2.5.160816, running on 
Centos 7.1 x64 installed with yum using /etc/yum.repos.d/ntop.repo. 

This is how I run nprobe:

# nprobe --collector-port 2055 --zmq "tcp://*:5888  " 
--redis 127.0.0.1:6379 -n none

This is how I run ntopng:

# ntopng -i tcp://127.0.0.1:5888   --redis 
127.0.0.1:6379 -w 4000 -m 192.168.0.0/16

This is what I see in stdout where I wun ntopng: 

13/Sep/2016 13:02:09 [Lua.cpp:5420] WARNING: Script failure 
[/usr/share/ntopng/scripts/lua/find_host.lua][attempt to index a userdata value]

Sacha Yunusic | Gerente Técnico | Pentagon Security & Akainix

Av. Kennedy 4700, Piso 10, Of. 1002, Edificio New Century, Vitacura | 
Código Postal (ZIP Code) 7630454

Central: (56-2) 2246 1050 | Directo: (56-2) 2246 2620 | Cel: (56-9) 
9883 4752 | www.penta-sec.com   & www.akainix.com 

___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it  
http://listgateway.unipi.it/mailman/listinfo/ntop-misc 

___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] Even there are 16 child processes, ntopng only uses 2

2016-09-13 Thread Luca Deri

Sacha,
can you please file a ticket on github and attach the current status (# of 
hosts and flows etc) so we can trck this issue?

Luca
> On 13 Sep 2016, at 18:32, Sacha Yunusic  wrote:
> 
> Hi!
> I’m starting to use ntopng that is receiving flows from a Cisco switch 4507 
> thru netflow.
> I start nprobe and ntop in the same server (Dell R720, 24 cores, 128GB RAM, 
> 1TB HD), and I can enter to the GUI, but as soon as I try to look into one 
> specific host (http://server:4000/lua/host_details.lua?host=192.168.200.104 
> ), two child 
> processes of ntopng takes 100% of one core each (so, two out of 24) and it 
> takes forever this simple task.
> Now, after 45 minutes since I click on that link, nothing happened and the 
> browser is still “thinking”.
> So, my questios are: 
> -  Why is taking so much CPU for that simple task
> -  Why it doesn’t use more CPU if there are 16 child processes and is 
> only using two
>  
> I’m using ntopng Pro [Small Business Edition] v.2.5.160816, running on Centos 
> 7.1 x64 installed with yum using /etc/yum.repos.d/ntop.repo. 
>  
> This is how I run nprobe:
> # nprobe --collector-port 2055 --zmq "tcp://*:5888 " --redis 
> 127.0.0.1:6379 -n none
>  
> This is how I run ntopng:
> # ntopng -i tcp://127.0.0.1:5888  --redis 
> 127.0.0.1:6379 -w 4000 -m 192.168.0.0/16
>  
>  
> This is what I see in stdout where I wun ntopng: 
> 13/Sep/2016 13:02:09 [Lua.cpp:5420] WARNING: Script failure 
> [/usr/share/ntopng/scripts/lua/find_host.lua][attempt to index a userdata 
> value]
>  
> 
> Sacha Yunusic | Gerente Técnico | Pentagon Security & Akainix
> Av. Kennedy 4700, Piso 10, Of. 1002, Edificio New Century, Vitacura | Código 
> Postal (ZIP Code) 7630454
> Central: (56-2) 2246 1050 | Directo: (56-2) 2246 2620 | Cel: (56-9) 9883 4752 
> | www.penta-sec.com  & www.akainix.com 
> 
>  
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it 
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
> 
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] nProbe delay.

2016-09-13 Thread Luca Deri

Gabriel
can you please provide a pcap with the flow so I can see what you mean?

Luca
> On 13 Sep 2016, at 10:22, Gabriel Zamorski  wrote:
> 
> Hello,
> 
> I’m using nProbe from yesterday with my WanGuard Flow Sensor. There are logs 
> on it like this: "Received flow from 142 seconds ago on interface "eth5". 
> Adjusting flow delay from 141 to 142”
> 
> I asked the WanGuard Support and I got the answer:
> 
> "The flow delay is the amount of time between the start time of the flow and 
> the time the flow was received by the Sensor.
> You can tune the flow export time (delay) in the flow exporter. “
> 
> So, the question is - what can I do to minimize this delay?
> 
> 
> Regards,
> 
> Gabriel
> 
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] Even there are 16 child processes, ntopng only uses 2

2016-09-13 Thread Sacha Yunusic

Hi!

I'm starting to use ntopng that is receiving flows from a Cisco switch 4507 
thru netflow.

I start nprobe and ntop in the same server (Dell R720, 24 cores, 128GB RAM, 1TB 
HD), and I can enter to the GUI, but as soon as I try to look into one specific 
host (http://server:4000/lua/host_details.lua?host=192.168.200.104), two child 
processes of ntopng takes 100% of one core each (so, two out of 24) and it 
takes forever this simple task.

Now, after 45 minutes since I click on that link, nothing happened and the 
browser is still "thinking".

So, my questios are: 

-  Why is taking so much CPU for that simple task

-  Why it doesn't use more CPU if there are 16 child processes and is 
only using two

 

I'm using ntopng Pro [Small Business Edition] v.2.5.160816, running on Centos 
7.1 x64 installed with yum using /etc/yum.repos.d/ntop.repo. 

 

This is how I run nprobe:

# nprobe --collector-port 2055 --zmq "tcp://*:5888" --redis 127.0.0.1:6379 -n 
none

 

This is how I run ntopng:

# ntopng -i tcp://127.0.0.1:5888 --redis 127.0.0.1:6379 -w 4000 -m 
192.168.0.0/16

 

 

This is what I see in stdout where I wun ntopng: 

13/Sep/2016 13:02:09 [Lua.cpp:5420] WARNING: Script failure 
[/usr/share/ntopng/scripts/lua/find_host.lua][attempt to index a userdata value]

 

 

Sacha Yunusic | Gerente Técnico | Pentagon Security & Akainix

Av. Kennedy 4700, Piso 10, Of. 1002, Edificio New Century, Vitacura | Código 
Postal (ZIP Code) 7630454

Central: (56-2) 2246 1050 | Directo: (56-2) 2246 2620 | Cel: (56-9) 9883 4752 | 
www.penta-sec.com   & www.akainix.com 
 

 

___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] nProbe delay.

2016-09-13 Thread Gabriel Zamorski

Hello,

I’m using nProbe from yesterday with my WanGuard Flow Sensor. There are logs on 
it like this: "Received flow from 142 seconds ago on interface "eth5". 
Adjusting flow delay from 141 to 142”

I asked the WanGuard Support and I got the answer: 

"The flow delay is the amount of time between the start time of the flow and 
the time the flow was received by the Sensor. 
You can tune the flow export time (delay) in the flow exporter. “

So, the question is - what can I do to minimize this delay?


Regards, 

Gabriel 



smime.p7s
Description: S/MIME cryptographic signature
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] Even there are 16 child processes, ntopng only uses 2

Re: [Ntop-misc] Even there are 16 child processes, ntopng only uses 2

Re: [Ntop-misc] nProbe delay.

[Ntop-misc] Even there are 16 child processes, ntopng only uses 2

[Ntop-misc] nProbe delay.

5 matches

Site Navigation

Mail list logo

Footer information