1) Unless you changed you syslog configuration, the messages will not be in /var/log/ntop, but wherever 'daemon' messages go.
-L | --use-syslog
daemon
Please track those down and include them.
2) Please use meaningful subjects
3) Dropped (libpcap)92.3% 171,736 certainly isn't good. What version of
libpcap are you running? 0.8.x is best, 0.7.2 usually ok, 0.6.x is bad.
4) Which thread library is Debian implementing? NPTL or pthreads (I *think*
it's NPTL because of the 2.6 kernel, but I'm not sure)
-----Burton
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> [EMAIL PROTECTED]
> Sent: Friday, June 25, 2004 2:48 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Ntop] Newbie question
>
>
>
> n t o p v e r s i o n '3.0 SourceForge .tgz' p r o b l e m
> r e p o r t
>
> From: Peter
>
> EMail: [EMAIL PROTECTED]
>
> Date: Fri Jun 25 07:32:28 2004
>
> Problem Report Id: PR_8ANDMCX
>
> ------------------------------------------------------------------
> ----------
> Summary
>
>
>
>
>
> OS(uname): sysname(Linux) release(2.6.6-2-686) version(#1 Wed Jun
> 16 01:25:38 PDT 2004) machine(i686)
>
> ntop from: debian (rpm, source, ports, etc.)
>
> Hardware: CPU: 1700 Celeron (i86, SPARC, etc.)
> # Processors: 1
> Memory: 256 MB
>
> dont know where to get this from:
>
> Packets
> Received: 178274
> Processed: 178274 (immediately)
> Queued: 0
> Lost: 0 (queue full)
> Queue: Current: 0 Maximum: 0
>
> Network:
> Merged packet counts:
> Received: 178274
> Ethernet: 178274
> Broadcast: 250
> Multicast: 1
> IP: 177956
>
> Network Interface 0 eth0
> Received (pcap): 729
> Dropped (pcap): 0
> Mfg: ____________________ Model: ____________________
> NIC Speed: 10/100/1000/Other Bus: PCI ISA USB Firewire Other
> Location: Public Internet / LAN / WAN
> Bandwidth: Dialup DSL/CableModem fT1 T1 10Mbps T3 100Mbps+
> # Hosts (machines): __________
>
>
> ------------------------------------------------------------------
> ----------
> Log extract
>
> with this command:
> grep ntop /var/log/messages | head -n 15
>
> there comes nothing output
>
>
> ------------------------------------------------------------------
> ----------
> Problem Description
>
> ntop is only counting the half traffic!
>
>
>
>
>
>
> ------------------------------------------------------------------
> ----------
> ntop Configuration
>
>
> ntop version
> 3.0 SourceForge .tgz
> Configured on
> May 17 2004 11:23:10
> Built on
> May 17 2004 11:24:36
> OS
> i686-pc-linux-gnu
> This version of ntop is
> the CURRENT stable version
> Next version recheck is
> Fri Jul 9 19:36:28 2004
> ntop Process Id
> 2178
> http Process Id
> 2178
> Command line
> Started as
> /usr/sbin/ntop -d -L -u ntop -P
> /var/lib/ntop -a
> /var/lib/ntop/access.log -i eth0 -O
> /var/log/ntop/
> Resolved to
> /usr/sbin/ntop -d -L -u ntop -P
> /var/lib/ntop -a
> /var/lib/ntop/access.log -i eth0 -O
> /var/log/ntop
> -a | --access-log-file
> /var/lib/ntop/access.log
> -b | --disable-decoders
> (default) No
> -c | --sticky-hosts
> (default) No
> -d | --daemon
> Yes
> -e | --max-table-rows
> (default) 128
> -f | --traffic-dump-file
> (default) (nil)
> -g | --track-local-hosts
> (default) Track all hosts
> -o | --no-mac
> (default) Trust MAC Addresses
> -i | --interface (effective)
> eth
> -j | --create-other-packets
> (default) Disabled
> -k |
> --filter-expression-in-extra-frame
> (default) No
> -l | --pcap-log
> (default) (nil)
> -m | --local-subnets (effective)
> (default) (nil)
> -n | --numeric-ip-addresses
> (default) No
> -p | --protocols
> (default) internal list
> -q | --create-suspicious-packets
> (default) Disabled
> -r | --refresh-time
> (default) 120
> -s | --no-promiscuous
> (default) No
> -t | --trace-level
> (default) 3
> -u | --user
> ntop (uid=102, gid=102)
> -w | --http-server
> (default) Active, all interfaces,
> port 3000
> -z | --disable-sessions
> (default) No
> -B | --filter-expression
> (default) none
> -D | --domain
> none
> -F | --flow-spec
> (default) none
> -K | --enable-debug
> (default) No
> -L | --use-syslog
> daemon
> -M | --no-interface-merge
> (effective)
> (default) (Merging Interfaces) Yes
> -N | --wwn-map
> (default) (nil)
> -O | --pcap-file-path
> /var/log/ntop
> -P | --db-file-path
> (default) /var/lib/ntop
> -Q | --spool-file-path
> (default) /var/lib/ntop
> -U | --mapper
> (default) (nil)
> -W | --https-server
> Uninitialized
> --disable-schedYield
> (default) No
> --disable-instantsessionpurge
> (default) No
> --disable-mutexextrainfo
> (default) No
> --disable-stopcap
> (default) No
> --fc-only
> (default) No
> --no-fc
> (default) No
> --no-invalid-lun
> (default) No
> --p3p-cp
> (default) none
> --p3p-uri
> (default) none
> --set-pcap-nonblocking
> (default) No
> --ssl-watchdog
> (default) No
> --w3c
> (default) No
> NOTE: The --w3c flag makes the
> generated html MORE compatible with
> the w3c recommendations, but it in
> no way addresses all of the
> compatibility and markup issues. We
> would like to make ntop more
> compatible, but some basic issues of
> looking decent on real-world
> browsers mean it will never be 100%.
> If you find any issues, please
> report them to ntop-dev.
>
> Note: (effective) means that this is
> the value after ntop has processed
> the parameter.
> (default) means this is the default
> value, usually (but not always) set
> by a #define in globals-defines.h.
> Run time/Internal
> Web server URL
> http://any:3000
> SSL Web server (https://)
> Not Active
> GDBM version
> GDBM version 1.8.3. 10/15/2002
> (built Sep 9 2003 00:02:26)
> OpenSSL Version
> OpenSSL 0.9.7d 17 Mar 2004
> zlib version
> 1.2.1.1
> gd version (guess)
> 1.8.x
> Protocol Decoders
> Enabled
> Fragment Handling
> Enabled
> Tracking only local hosts
> No
> # IP Protocols Being Monitored
> 18
> # Protocol slots
> 868
> # IP Ports Being Monitored
> 56
> # IP Ports slots
> 112
> WebServer Request Queue
> 10
> Devices (Network Interfaces)
> 1
> Domain name (short)
> (nil)
> IP to country flag table (entries)
> 52395
> Total Hash Collisions
> (Vendor/Special) (lookup)
> 0
> ntop Web Server
> Item
> http://
> https://
> # Handled
> Requests
> 1697
> -
> # Successful
> requests
> (200)
> 1693
> -
> # Bad (We
> don't want
> to talk with
> you)
> requests
> 0
> -
> # Invalid
> requests -
> 401 DENIED
> 3
> -
> # Invalid
> requests -
> 403
> FORBIDDEN
> 0
> -
> # Invalid
> requests -
> 404 NOT
> FOUND
> 0
> -
> Notes:
> * Counts
> may not
> total
> because
> of
> in-process requests.
> * Each
> request
> to the
> ntop web
> server -
> frameset, individual page, chart, etc. is counted separately
> # Handled SIGPIPE Errors
> 0
> Memory allocation - data segment
> arena limit, getrlimit(RLIMIT_DATA,
> ...)
> -1
> Allocated blocks (ordblks)
> 16
> Allocated (arena)
> 10178560
> Used (uordblks)
> 10003856
> Free (fordblks)
> 174704
> Memory allocation - mmapped
> Allocated blocks (hblks)
> 4
> Allocated bytes (hblkhd)
> 2289664
> Host Memory Cache
> Limit
> #define MAX_HOSTS_CACHE_LEN 512
> Current Size
> 0
> Maximum Size
> 0
> # Entries Reused
> 0
> Packets
> Received
> 185179
> Processed Immediately
> 185179
> Queued
> 0
> Current Queue
> 0
> Maximum Queue
> 0
> --set-pcap-nonblocking sleep count
> 0
> Host/Session counts - global
> Purged Hosts
> 144
> Terminated Sessions
> 2,400
> Host/Session counts - Device 0
> (eth0)
> Hash Bucket Size
> 3.7 KB
> Actual Hash Size
> 16384
> Stored hosts
> 6
> Bucket List Length
> [min 1][max 1][avg 1.0]
> Max host lookup
> 0
> Session Bucket Size
> 260
> Sessions
> 3
> Max Num. Sessions
> 79
> Address Resolution
> DNS Sniffed
> DNS Packets
> sniffed
> 480
> DNS Packets
> processed
> 1
> Stored in cache
> (includes aliases)
> 1
> Queued
> Total Queued
> 8
> Not queued
> (duplicate)
> 2
> Maximum Queued
> 2
> Current Queue
> 0
> DNS Lookup Calls
> DNS resolution
> attempts
> 8
> ....Success:
> Resolved
> 2
> ....Failed
> 6
> DNS lookups stored
> in cache
> 8
> Host addresses
> kept numeric
> 6
> REMEMBER: 'DNS lookups stored in
> cache' includes HOST_NOT_FOUND
> replies, so that it may be larger
> than the number of 'Success:
> Resolved' queries.
> Thread counts
> Active
> 8
> Dequeue
> 1
> Children (active)
> 812
> Directory (search) order
> Data Files
> .
> /usr/share/ntop
> Config Files
> .
> /etc/ntop
> /etc
> Plugins
> ./plugins
> /usr/lib/ntop/plugins
> Compile Time: ./configure
> ./configure parameters
> CFLAGS=-DMAKE_WITH_IGNORE_SIGPIPE
> --prefix=/usr --libdir=/usr/lib
> --sysconfdir=/etc
> --localstatedir=/var/lib
> --bindir=/usr/sbin
> --mandir=/usr/share/man
> --enable-tcpwrap
> --with-zlib-lib=/usr/lib
> --with-zlib-include=/usr/include
> --with-libpng-lib=/usr/lib
> --with-libpng-include=/usr/include
> Built on (Host)
> i686-pc-linux-gnu
> Built for(Target)
> i686-pc-linux-gnu
> compiler (cflags)
> gcc -g -DMAKE_WITH_IGNORE_SIGPIPE
> -I/usr/local/include -g -Wshadow
> -Wpointer-arith -Wmissing-prototypes
> -Wmissing-declarations
> -Wnested-externs -fPIC
> -DHAVE_CONFIG_H
> include path
> -I/usr/include
> -I/home/ola/build/debian/ntop/ntop-3.0/myrrd
> system libraries
> -L/usr/local/lib -L/usr/lib
> -L/usr/lib
> -L/home/ola/build/debian/ntop/ntop-3.0/myrrd -lgdome -lxml2
> -lglib -lpthread -lresolv -lnsl -lcrypt -lc -lssl -lcrypto -lpcap
> -lgdbm -lgd -lpng -lz -lmyrrd
> install path
> /usr
> GNU C (gcc) version
> 3.3.3 (Debian 20040401) (3.3.3)
> uname data
> sysname(Linux) release(2.6.6-2-686)
> version(#1 Wed Jun 16 01:25:38 PDT
> 2004) machine(i686)
> Internationalization (i18n)
> i18n enabled
> No
>
> Click here for a more extensive, text version of this page, suitable for
> inclusion into a bug report!
>
>
>
> ________________________________________________________________________
> Report created on Fri Jun 25 09:39:15 2004 [ntop uptime: 15:09:29]
> Generated by ntop v.3.0 SourceForge .tgz MT (SSL) [i686-pc-linux-gnu]
> Build: May 17 2004 11:24:36. Version: the CURRENT stable version
> Listening on [eth0] without a kernel (libpcap) filtering expression
> Web report active on interface eth0
> � 1998-2004 by Luca Deri
>
> ------------------------------------------------------------------
> ----------
>
>
> So I dont know why ntop is only counting the half:
> And on http://192.168.0.99:3000/trafficStats.html
> there comes a message that 92.3 % Packets are dropped!?
>
> Is it good or bad?
>
> Dropped (libpcap)92.3% 171,736
> Dropped (ntop)0.0%0
> Total Received (ntop)186,071
> Total Packets Processed186,071
> Unicast99.9%185,817
> Broadcast0.1%253 Multicast0.0%1
>
> Have a have a wrong configuration?
> I only installed it from debian packages..
>
>
> Viele Gruesse,
> Peter.
>
>
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
