Hmmm. I don't *think* ntop will give you the granularity nor history you speak of - not without major tweaking. I could be wrong, but 5 minute granularity is about all you can expect, in some cases 60 seconds. Going back "n days" will also prove problematic, unless you have lots of RAM / small numbers of hosts /etc and make them "sticky". Many "detail" counters age out after 24 hours.
You mentioned playing with rrd - MAYBE some knob turning will give you what you need, but I'm thinking not. One second granularity for several hours is hard enough, let alone several days. And, if I'm not mistaken sflow is a periodic sample anyway, and as accurate as the claims of sampled data may or may not be, I suspect it's not even close if you're looking second by second. Netflow won't even help much then. You may want to consider nTop as the "big picture view" and something like Wireshark capturing "everything" you're interested in and saving to a new file every hour on the hour for 72 hours (or whatever). You'll need lot's of disk :) You can save some space by only capturing headers and skipping the data. LMK what you come up with G -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Rick Jones Sent: Monday, April 11, 2011 3:06 PM To: Luca Deri Cc: [email protected] Subject: Re: [Ntop] known double free bug in 4.0.3? On Mon, 2011-04-11 at 20:51 +0200, Luca Deri wrote: > Rick this is a problem that from time to time shows up. I have analyzed > the code a few times and not been able to spot this bug. I appreciate > if you could help I will see what I can find while I'm blindly trying to feel my way around the elephant (that old adage about the several blind men trying to describe an elephant and each saying something completely different based on what part of the elephant they were at :) That will be while I'm poking around the sFlow and RRD areas - I am anxious to figure-out if indeed I can get "pretty pictures" down to one second granularity if I happen to have sFlow counter samples arriving at that rate. The whole N days for interval stats and such heirarchy seems quite well suited to my desires - which is to be able to look at what was going-on down to a one second granularity going back oh three or five days, but letting it aggregate after that. rick > > Thanks Luca > > On Apr 11, 2011, at 7:18 PM, Rick Jones wrote: > > > So, having temporarily worked-around the bit with the libraries not > > being found, I left 4.0.3 running on an Ubuntu 10.10 system over the > > weekend, receiving sFlow counter and flow samples from a switch. When I > > got in this morning I saw an abort message: > > > > *** glibc detected *** /usr/local/bin/ntop: double free or corruption > > (fasttop): 0x00007f6db04e7990 *** > > ======= Backtrace: ========= > > /lib/libc.so.6(+0x774b6)[0x7f6dc0a584b6] > > /lib/libc.so.6(cfree+0x73)[0x7f6dc0a5ec83] > > /usr/lib/libntop-4.0.3.so(ntop_safefree+0x16)[0x7f6dc0fb5826] > > /usr/lib/libntop-4.0.3.so(dequeueAddress+0x49a)[0x7f6dc0faa54a] > > /lib/libpthread.so.0(+0x7971)[0x7f6dbfb91971] > > /lib/libc.so.6(clone+0x6d)[0x7f6dc0ac792d] > > > > is this a known thing, or is it new and requires a more formal bug > > report? > > > > rick jones > > <dump.txt>_______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > --- > We can't solve problems by using the same kind of thinking we used when we > created them - Albert Einstein _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
