Anyone use sflowtool? On Nov 30, 2007 3:00 AM, <[EMAIL PROTECTED]> wrote:
> Send Ntop mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://listgateway.unipi.it/mailman/listinfo/ntop > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Ntop digest..." > > > Today's Topics: > > 1. Large scale, multi subnet NetFlow monitoring. (Adam J. Miller) > 2. RE: Large scale, multi subnet NetFlow monitoring. (Gary Gatten) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 29 Nov 2007 09:20:37 -0600 (CST) > From: "Adam J. Miller" <[EMAIL PROTECTED]> > Subject: [Ntop] Large scale, multi subnet NetFlow monitoring. > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain;charset=iso-8859-1 > > Hello all, > I am currently trying to setup ntop to monitor netflow reports from > roughly twenty different Cisco devices, I have about 100 class C > networks running across this hardware and I am starting to see some > issues with ntop handling this amount of load. As I type this my > server is at 10gb of ram usage and still climbing, and in order to get > it to even catch netflows for more tha a minute or so I have to set > the -x and -X parameters to rather high numbers because the defaults > do not seem to be enough. I was also noticing in some documentation > that ntop isn't really "geared towards" this kind of setup but I was > hoping that I would still be able to make it functional. Is there any > way to accomplish what I am trying to do with ntop? > All suggestions and comments are welcome, if you are in need of more > information about the network setup I would be more than willing to > respond to questions if it would further assist others in analyzing my > situation. Thank you for your time. > > -Adam > > > ------------------------------ > > Message: 2 > Date: Thu, 29 Nov 2007 10:12:42 -0600 > From: "Gary Gatten" <[EMAIL PROTECTED]> > Subject: RE: [Ntop] Large scale, multi subnet NetFlow monitoring. > To: <[email protected]>, <[EMAIL PROTECTED]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > I'm currently receiving flows from ~ 190 devices / sources on a PIII-750 > with 768MB of RAM. 180 or so are remote T1 sites with 10 - 50 users, so > the flows / minute from them aren't all the high. The other 10'ish > devices are high speed links with many flows / minute. I'm currently > using nTop 3.2.1 on FreeBSD 6.1. 3.3.3 I couldn't get to work and ran > out of time so went back to 3.2.1. > > I recommend several things - the -x and -X as you mentioned. Also, > there are MANY tweaks in the globals-defines.h Not sure why some of > these (or all of them) aren't available in a run-time conf file, but I'm > not a developer so I'm sure there's a reason. > > Also, I have about 14 different netflow devices configured in two > instances. One instance has 8 devices for the remote sites - each > device for a different geographic / admin area. The other instance has > the netflow devices for the local high speed stuff. > > If you're using 10GB of RAM, something is SERIOUSLY broken or you're > monitoring many hundreds of thousands of hosts. > > G > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Adam J. Miller > Sent: Thursday, November 29, 2007 9:21 AM > To: [email protected] > Subject: [Ntop] Large scale, multi subnet NetFlow monitoring. > > Hello all, > I am currently trying to setup ntop to monitor netflow reports from > roughly twenty different Cisco devices, I have about 100 class C > networks running across this hardware and I am starting to see some > issues with ntop handling this amount of load. As I type this my > server is at 10gb of ram usage and still climbing, and in order to get > it to even catch netflows for more tha a minute or so I have to set > the -x and -X parameters to rather high numbers because the defaults > do not seem to be enough. I was also noticing in some documentation > that ntop isn't really "geared towards" this kind of setup but I was > hoping that I would still be able to make it functional. Is there any > way to accomplish what I am trying to do with ntop? > All suggestions and comments are welcome, if you are in need of more > information about the network setup I would be more than willing to > respond to questions if it would further assist others in analyzing my > situation. Thank you for your time. > > -Adam > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > > > ------------------------------ > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > End of Ntop Digest, Vol 42, Issue 27 > ************************************ >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
