I seem to be experiencing the same issues. My router interfaces show a large amount of traffic, but ntop is reporting much less. Please post if you come to any conclusions as to the cause or fix.
FCC -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Tuesday, February 08, 2005 10:09 AM To: [email protected] Subject: RE: [Ntop] Ntop netflow rrd updates netFlow takes each flow and adds it to the appropriate accumulators. There is no summarization at all. The rrd graphs will show normalized rates, but that's discussed in the paper (you are confusing the arrival of netFlow data which is stored into ntop's accumulators with the updates of the rrd files which occurs based on the time setting in the rrd plugin). Read the stats in the netFlow plugin. A common culprit is data being thrown away due to port 0 (not tcp/ip) etc. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of BALDWIN, BILL (SBCSI) Sent: Tuesday, February 08, 2005 9:22 AM To: [email protected] Subject: [Ntop] Ntop netflow rrd updates Hello All! I have searched the archives and read the code and I still need some help. [Environment Division] - (ok I just admitted my age :) Ntop v3.1.0 Redhat 2.4.21-x.Elsmp Dual Pentium III 1.5GHz, 1.5G RAM, 4-36GB Raid 5 HD's GDBM 1.8.4 Built from source: no special switches except for --enable-sslv3 all other switches are for directories Running as a netflow collector: -i none -M -m (8 /20's) No changes to myrrd directory or rrd configuration Successfully running on other RH9 platforms gathering libpcap data The netflow plugin is correctly receiving the data from the router and reports no processing errors. The router has been configured to send netflow data at-will (i.e. not every 5 minutes and not a 5 minute sampling). This results in netflow data coming into the plugin at approximately every 7 seconds or sooner depending on network traffic. The question: With data coming in so frequently, is storing and averaging ALL results for the time period or using the last update for the PDP. >From "Ntop, persistent data and rrd" ..."Anyway, ntop isn't SUPPOSED to make more than one update per interval." I ask because from what we see in the reports, we see data values that are far too low (i.e. 30pps, 40K HTTP, etc.) for a router that is averaging 155Mbs. Thanks for your help, Bill _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
