I wrote the below and THOUGHT I sent it, but had not. Good thing I guess, as it's NOT ntops fault! One of my "colleagues" upgraded the IOS on one router and for whatever reason didn't copy the configs correctly - so it was exporting v1 flows! Obviously NOT good! As noted, the routers insist on exporting info for "all" interfaces even though I only want ONE - so I'm working on some sort of netflow interface ID white/black list / filter thing. Ie:; if interface != [list], ignore - else process. This would've prevented the near DOS on myself and will make viewing netflow interface level stats much easier. Anyway..., changed it to v5 and all is well now.
Here's the content I thought I sent - just for FYI: Update - NOT just 4.1.0, 4.0.3 doing something similar / the same. Just started an instance of 4.0.3 and I have 10,000+ "interfaces" in one netflow directory; where each netflow directory represents an ntop netflow "interface" / listener. Unfortunately my Ci$co routers are exporting flow records for interfaces I don't care about, but each router has perhaps five interfaces. Thus, I should have no more than 5 * numberOfExporters, or in my case about... 150 total interfaces / directories for this specific netflow listener - not 10,000 plus! I'm still investigating, but I can assure you this was not the behavior in 3.x.x versions I was running prior to this. FWIW; there seems to be only ONE of my EIGHT netflow interfaces exhibiting this behavior. This makes no sense... If it was nTop I would suspect "all" interfaces would have similar symptoms... G ________________________________ From: Gary Gatten Sent: Monday, June 13, 2011 11:22 AM To: '[email protected]' Subject: netflow or rrd on 4.1.0 FREAKING out Anyone using this combination notice anything "funny" - only NOT funny? For some reason rrd wants to create random / NUMEROUS interfaces in the /rrd/interfaces/netflow/ directory. 2011-06-12T01:02:56.909626-05:00 myhost ntop[13810]: **WARNING** RRD: rrd_up date(/usr/local/var/ntop-410/mydir/rrd/interfaces/mydir/NetFlow/1_169678 280_64541/ifOutOctets.rrd) error: opening '/usr/local/var/ntop-410/FieldInet/rrd /interfaces/Region-29/NetFlow/1_169678280_64541/ifOutOctets.rrd': No such file or directory I have almost 130,000 directories!!! [root@myhost NetFlow]# ls -l | more total 127992 Now, even worse - I have -t 5 set and my log is almost 7GB after only a few days due to rrd messages such as above. It's insane! Anyone else notice this yet - or am I just special? If just me I'll see if I did something "wrong" before I file a bug report. G <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
