Re CPU ... There's nothing explicitly in the software that should increase CPU usage. However, we did move from pcap_loop() to pcap_dispatch(). If Solaris is a user-land threads implementation, then the discussion we've been having here re FreeBSD may also apply.
Also, understand that this is often specious - since the system calls checking for packets are interruptable, within broad limits converting to poll() type routines doesn't impact other processes. Since most system calls allow higher priority work to take control (and round-robin equal priority work), if there is something ready to run it gets CPU. So the difference becomes how often we check (poll()) for an available packet. Still, it should not be an issue, especially since we strongly recommend that ntop be the only thing on the box. Re hosts - read docs/FAQ, the man page and this list (it's discussed on ONE of them) for info on the -x parameter. Understand it's pretty crude. But it will limit the number of HostTraffic entries ntop creates. Also, read the discussion in docs/FAQ on hosts - why there's nothing ntop can control about this as it's due to external forces... -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Wilson Sent: Thursday, May 05, 2005 12:48 PM To: [EMAIL PROTECTED] Subject: [Ntop-dev] ntop v3.0 package and Memory Growth Hi, working backwards from ntop v3.1 due to HIGH CPU usage and now on pre-packaged v3.0 build. I have included some host info and my start-up (with output). You will notice, from my 'top' monitoring that Memory is running as high as 1266Mb but, I started only 318 Mb 24 hours prior ! Is this an intended effect or some process gone awry ? Finally, is there some switch I can enable to limit this memory growth as we are looking to deploy this on a host running a dedicated application that has some 'visibility' to our Organization and, don't wish to impact it. "# uname -a SunOS 5.8 Generic_117350-21 sun4u sparc SUNW,Ultra-250 # isainfo -k sparcv9 ntop -P /usr/local/share/ntop -u ntop -c Tue May 03 16:09:24 2005 ntop v.3.0 SourceForge .tgz MT (SSL) Tue May 03 16:09:24 2005 Configured on Jun 13 2004 5:52:30, built on Jun 13 2004 06:56:02. Tue May 03 16:09:24 2005 Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]> Tue May 03 16:09:24 2005 Get the freshest ntop from http://www.ntop.org/ Tue May 03 16:09:24 2005 Initializing ntop Tue May 03 16:09:24 2005 **WARNING** Truncated network size (device hme0) to 1024 hosts (real netmask 255.255.252.0) Tue May 03 16:09:24 2005 Checking hme0 for additional devices Tue May 03 16:09:24 2005 Resetting traffic statistics for device hme0 Tue May 03 16:09:24 2005 DLT: Device 0 [hme0] is 1, mtu 1514, header 14 Tue May 03 16:09:24 2005 Initializing gdbm databases Tue May 03 16:09:24 2005 Now running as requested user 'ntop' (100:100) Tue May 03 16:09:24 2005 VENDOR: Loading MAC address table. Tue May 03 16:09:24 2005 VENDOR: Checking for MAC address table file Tue May 03 16:09:24 2005 VENDOR: Loading newer file '/usr/local/etc/ntop/specialMAC.txt.gz' Tue May 03 16:09:24 2005 VENDOR: ...found 61 lines Tue May 03 16:09:24 2005 VENDOR: ...loaded 59 records Tue May 03 16:09:24 2005 VENDOR: Checking for MAC address table file Tue May 03 16:09:24 2005 VENDOR: Loading newer file '/usr/local/etc/ntop/oui.txt.gz' Tue May 03 16:09:27 2005 VENDOR: ...found 44580 lines Tue May 03 16:09:27 2005 VENDOR: ...loaded 7231 records Tue May 03 16:09:27 2005 OSFP: Checking for OS fingerprint table file Tue May 03 16:09:27 2005 OSFP: Loading file '/usr/local/etc/ntop/etter.passive.os.fp.gz' Tue May 03 16:09:27 2005 ASN: Checking for Autonomous System Number table file Tue May 03 16:09:27 2005 **WARNING** ASN: Unable to open file 'AS-list.txt' Tue May 03 16:09:27 2005 I18N: This instance of ntop does not support multiple languages Tue May 03 16:09:27 2005 IP2CC: Checking for IP address <-> Country Code mapping file Tue May 03 16:09:27 2005 IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz' Tue May 03 16:09:30 2005 IP2CC: ...found 52395 lines Tue May 03 16:09:30 2005 GDVERCHK: Guessing at libgd version Tue May 03 16:09:30 2005 GDVERCHK: ... as 2.0.21+ Tue May 03 16:09:30 2005 Initializing external applications Tue May 03 16:09:30 2005 Initializing semaphores, mutexes and threads Tue May 03 16:09:30 2005 NOTE: atfork() handler registered for mutexes, rc 0 Tue May 03 16:09:30 2005 THREADMGMT: Started thread (4) for network packet analyser Tue May 03 16:09:30 2005 THREADMGMT: Packet processor thread running... Tue May 03 16:09:30 2005 THREADMGMT: Started thread (5) for fingerprinting Tue May 03 16:09:30 2005 THREADMGMT: Started thread (6) for idle hosts detection Tue May 03 16:09:30 2005 THREADMGMT: Started thread (7) for DNS address resolution Tue May 03 16:09:30 2005 Calling plugin start functions (if any) Tue May 03 16:09:30 2005 Sniffying... Tue May 03 16:09:30 2005 INIT: Created pid file (/usr/local/share/ntop/ntop.pid) Tue May 03 16:09:30 2005 Listening on [hme0] Tue May 03 16:09:30 2005 Now running as requested user 'ntop' (100:100) Tue May 03 16:09:30 2005 Loading Plugins Tue May 03 16:09:30 2005 Searching for plugins in /usr/local/lib/ntop/plugins Tue May 03 16:09:30 2005 ICMP: Welcome to icmpWatchPlugin. (C) 1999-2004 by Luca Deri Tue May 03 16:09:30 2005 LASTSEEN: Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni Tue May 03 16:09:30 2005 NETFLOW: Welcome to NetFlow.(C) 2002-04 by Luca Deri Tue May 03 16:09:30 2005 PDA: Welcome to PDAPlugin. (C) 2001-2004 by L.Deri and W.Brock Tue May 03 16:09:30 2005 **WARNING** Unable to load plugin '/usr/local/lib/ntop/plugins/rrdPlugin.so' Tue May 03 16:09:30 2005 **WARNING** Message is 'ld.so.1: ntop: fatal: relocation error: file /usr/local/lib/ntop/plugins/rrdPlugin.so: symbol rrd_clear_error: referenced symbol not found' Tue May 03 16:09:30 2005 SNMP: Welcome to snmpPlugin. (C) 2004 by F.Fusco and G.Giardina Tue May 03 16:09:30 2005 **WARNING** Plugin 'snmpPlugin.so' discarded: compiled for a different ntop version Tue May 03 16:09:30 2005 **WARNING** Expected ntop version '3.1', actual plugin ntop version '3.0'. Tue May 03 16:09:30 2005 SFLOW: Welcome to sFlowPlugin. (C) 2002-04 by Luca Deri Tue May 03 16:09:30 2005 XML: Welcome to xmldump plugin. (C) 2003-2004 by Burton Strauss Tue May 03 16:09:30 2005 NFS: Welcome to nfsWatchPlugin. (C) 1999-2004 by Luca Deri Tue May 03 16:09:30 2005 Calling plugin start functions (if any) Tue May 03 16:09:30 2005 SSL is present but https is disabled: use -W <https port> for enabling it Tue May 03 16:09:30 2005 THREADMGMT: Fingerprint scan thread running... Tue May 03 16:09:30 2005 CHKVER: **********************PRIVACY**NOTICE********************** Tue May 03 16:09:30 2005 THREADMGMT: Idle host scan thread running... Tue May 03 16:09:30 2005 THREADMGMT: Address resolution thread running... Tue May 03 16:09:30 2005 CHKVER: * ntop instances may record individually identifiable * Tue May 03 16:09:30 2005 CHKVER: * information on a remote system as part of the version * Tue May 03 16:09:30 2005 CHKVER: * check. * Tue May 03 16:09:30 2005 CHKVER: * * Tue May 03 16:09:30 2005 CHKVER: * You may request - via the --skip-version-check option * Tue May 03 16:09:30 2005 CHKVER: * that this check be skipped and that no individually * Tue May 03 16:09:30 2005 CHKVER: * identifiable information be recorded. * Tue May 03 16:09:30 2005 CHKVER: * * Tue May 03 16:09:30 2005 CHKVER: * In general, we ask you to permit this check because it * Tue May 03 16:09:30 2005 CHKVER: * benefits both the users and developers of ntop. * Tue May 03 16:09:30 2005 CHKVER: * * Tue May 03 16:09:30 2005 CHKVER: * Review the man ntop page for more information. * Tue May 03 16:09:30 2005 CHKVER: * * Tue May 03 16:09:30 2005 CHKVER: **********************PRIVACY**NOTICE********************** Tue May 03 16:09:30 2005 CHKVER: Checking current ntop version at version.ntop.org/version.xml Tue May 03 16:09:30 2005 **ERROR** CHKVER: Unable to connect socket: Network is unreachable(128) Tue May 03 16:09:30 2005 CHKVER: Checking current ntop version at www.burtonstrauss.com/version.xml Tue May 03 16:09:30 2005 **ERROR** CHKVER: Unable to connect socket: Network is unreachable(128) Tue May 03 16:09:53 2005 Admin user password has been set Tue May 03 16:09:53 2005 Note: Reporting device initally set to 0 [hme0] (merged) Tue May 03 16:09:53 2005 INITWEB: Initializing web server Tue May 03 16:09:53 2005 INITWEB: Initializing tcp/ip socket connections for web server Tue May 03 16:09:53 2005 INITWEB: Initialized socket, port 3000, address (any) Tue May 03 16:09:53 2005 INITWEB: Waiting for HTTP connections on port 3000 Tue May 03 16:09:53 2005 INITWEB: Starting web server Tue May 03 16:09:53 2005 THREADMGMT: Started thread (10) for web server Tue May 03 16:09:53 2005 THREADMGMT: web connections thread (675) started... Tue May 03 16:09:53 2005 THREADMGMT: Started thread (11) for network packet sniffing on hme0 Tue May 03 16:09:53 2005 THREADMGMT: pcap dispatch thread running... Tue May 03 16:09:53 2005 Note: SIGPIPE handler set (ignore) Tue May 03 16:09:53 2005 WEB: ntop's web server is now processing requests Tue May 03 16:24:50 2005 NOTE: -L | --use-syslog=facility not specified, child processes will log to the default (24). Top OutPut after 2 days running =============================== last pid: 974; load averages: 1.09, 1.07, 1.07 08:31:00 37 processes: 35 sleeping, 2 on cpu CPU states: 0.0% idle, 49.3% user, 1.9% kernel, 48.8% iowait, 0.0% swap Memory: 1152M real, 17M free, 1337M swap in use, 1555M swap free May 4 21:30:44 Lab06 /usr/lib/snmp/snmpdx: Agent snmpd appeared dead but responded to ping PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND 675 ntop 10 0 0 1266M 956M cpu/1 42.5H 49.40% ntop ** NOTE Memory !! ** 680 root 1 58 0 2632K 600K cpu/0 4:49 0.10% top" Thanks, John Wilson Descartes Systems Group 519.746.6114 x2544 _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
