On 2018-04-26, Infoomatic <infooma...@gmx.at> wrote: > Hi, > > Today I discovered some interesting details: I guess ntopng has a memory > leak, thus eating all my 4GB RAM and some 3GB swap - this appeared in the > morning, so after all the backups and heavy traffic occured. > When I fired up a rcctl stop ntopng the ssh connection stalled. The firewall > could not handle further connections, and established connections dropped. > The system could not answer to ping packets etc. > This now also happened on a 2nd machine. After 20 minutes (when I was in a > taxi to the datacenter) I could login again and realized that ntopng was > stopped and swap was freed. > > I have now disabled ntopng. I kindly ask the devs to take a look at this! If > you need a testsetup for this or if I can do anything, just contact me.
First off, it's not a big surprise to have a hanging machine if you run it out of memory. ntopng is not really stable. There is a newer version upstream but it crashes very often with certain packet types suggesting bugs in the packet parsers. If you run ntopng at all, I would recommend you only run it while you need to investigate traffic, not leave it running unattended permanently. It might also be a good idea to set login.conf limits for it, if you start it via the rc.d script you can add an "ntopng" class with say datasize=2500M.
