It depends. If you are running Ntop on a span port < I have no idea on your setup > / traffic mirror it will track only your local hosts and all the traffic that they produce.. You just will not see any connections made coming in since ntop will not track it. I have a large network here with ~9000 hosts. When I run ntop to track -all- hosts it will run out of memory in about 15-30 minutes on a 2GB memory machine.. And soon run out of swap too and ntop will crash.
If I track only local hosts specifying subnets I still get the traffic they do.. But I do not get any p2p tracking info like I do when I track foreign hosts as well. I wish I could do it 100% of the time, ntop gives me great information tracking foreign hosts. I use it sometimes just if I see a serious spike and I want to know where and who they are connecting to if even for the 15 min it runs =). By the way, what do the logs say when it eats up this memory ? This information is quite usefull sometimes. -----Original Message----- From: Juan Puchalski [mailto:[EMAIL PROTECTED] Sent: Sunday, March 09, 2003 9:50 PM To: [EMAIL PROTECTED] Subject: RE: [Ntop] NTOP eating memory without stopping Thanks for your quick reply! >What's your traffic flow - is the a DLS/Cable/dial w/ a few hosts? I run 2x384 frame relay links, which average a 50% usage on a 24h period. >1. Get a real system... Doesn't have to be a P$-3.06g w/ 2GB of ram, >but something a little beefier - add memory - it's cheap today ... >After the OS and all the other cr*p running, how much is really >available to ntop w/o swapping - that's the critical measurement. Once >ntop starts to swap, you're dead - walking the tables to compute >throughput etc. puts a big load on the system. Yeah, I can see your point. When NTOP isn't running, there's around 47 megs free in the server. When I run it, it gobbles it up quickly and starts to swap. The thing is, I'm pretty much cash/hardware strapped. I live in a south american country going thru an almost-civil-war, and getting new hardware is next to impossible right now. I saw textinfo.html, and doesn't include any memory usage info. Altho I just noticed I never did update to .55! I'm still running .3. Do I gain anything by upgrading to the latest CVS? >3. Don't track external hosts (use the flag to turn it off). People >connecting to you can add a big # of hosts you may not think of. I thought of this, but it brings a small question. The most important thing I track with NTOP is the network usage by each host. How many megs has client A downloaded, who was the culprit of the huge upload spike i just saw in MRTG and that sort of thing. By not tracking external hosts, does NTOP still capture the entire traffic each of my hosts do, or just the L-L traffic inside the network? Juan Puchalski _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
