Hi, I have a Vyatta router here that's reasonably busy. About 150Mbit/sec all in. Sflow sampling at 100. I've been trying to get sflow stuff working and have had some success with sflowtrend.
However, ntop crashes as soon as I enable the sflow monitor on the correct port. If I restart it crashes again almost immediately unless I disable the sflow from being sent to the machines running ntop. On my Ubuntu Maverick desktop (ntop v3.3.3) I get: gavinmc@ceartgoleor:~$ sudo /etc/init.d/ntop restart Stopping network top daemon: No ntop found running; none killed. ntop Starting network top daemon: Tue Apr 12 13:54:32 2011 NOTE: Interface merge enabled by default Tue Apr 12 13:54:32 2011 Initializing gdbm databases ntop gavinmc@ceartgoleor:~$ flow_sample_element length error (expected 8, found 16) flow_sample_element length error (expected 82, found -87752664) flow_sample length error (expected 152, found -87752600) The following appears in the syslog: Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT: RRD: Started thread (t2992331632) for data collection Apr 12 13:54:33 ceartgoleor ntop[13099]: INIT: Created pid file (/var/run/ntop.pid) Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT[t2992331632]: RRD: Data collection thread starting [p13099] Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT[t3079247808]: ntop RUNSTATE: INITNONROOT(3) Apr 12 13:54:33 ceartgoleor ntop[13099]: Now running as requested user 'ntop' (130:141) Apr 12 13:54:33 ceartgoleor ntop[13099]: Note: Reporting device initally set to 0 [eth0] (merged) Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT[t3079247808]: ntop RUNSTATE: RUN(4) Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT[t2983938928]: NPS(1): Started thread for network packet sniffing [eth0] Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT[t2983938928]: NPS(eth0): pcapDispatch thread starting [p13099] Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT[t3044789104]: SFP: Fingerprint scan thread running [p13099] Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT[t3036396400]: SIH: Idle host scan thread running [p13099] Apr 12 13:54:33 ceartgoleor ntop[13099]: THREADMGMT[t2983938928]: NPS(eth0): pcapDispatch thread running [p13099] Apr 12 13:54:43 ceartgoleor ntop[13099]: RRD: Created base directory (/var/lib/ntop/rrd) Apr 12 13:54:43 ceartgoleor ntop[13099]: RRD: Created directory (/var/lib/ntop/rrd/graphics) Apr 12 13:54:43 ceartgoleor ntop[13099]: RRD: Created directory (/var/lib/ntop/rrd/flows) Apr 12 13:54:43 ceartgoleor ntop[13099]: RRD: Created directory (/var/lib/ntop/rrd/interfaces) Apr 12 13:54:43 ceartgoleor ntop[13099]: THREADMGMT[t2958633840]: RRD: Started thread for throughput data collection Apr 12 13:54:43 ceartgoleor ntop[13099]: THREADMGMT[t2992331632]: RRD: Data collection thread running [p13099] Apr 12 13:54:43 ceartgoleor ntop[13099]: THREADMGMT[t2958633840]: RRD: Throughput data collection: Thread starting [p13099] Apr 12 13:54:43 ceartgoleor ntop[13099]: THREADMGMT[t2958633840]: RRD: Throughput data collection: Thread running [p13099] Apr 12 13:54:49 ceartgoleor ntop[13099]: SFLOW: no devices to initialize Apr 12 13:54:55 ceartgoleor ntop[13099]: SFLOW: createsFlowDevice(2) Apr 12 13:54:55 ceartgoleor ntop[13099]: Creating dummy interface, 'sFlow-device.2' Apr 12 13:54:55 ceartgoleor ntop[13099]: Initializing device sFlow-device.2 (1) Apr 12 13:54:55 ceartgoleor ntop[13099]: SFLOW: createsFlowDevice created device 1 Apr 12 13:57:08 ceartgoleor ntop[13099]: SFLOW: Created a UDP socket (16) Apr 12 13:57:08 ceartgoleor ntop[13099]: SFLOW: Collector listening on port 6343 Apr 12 13:57:08 ceartgoleor ntop[13099]: THREADMGMT: SFLOW: Started thread (2931817328) for receiving flows on port 6343 Apr 12 13:57:08 ceartgoleor ntop[13099]: THREADMGMT: SFLOW: thread starting [p13099, t2931817328]... Apr 12 13:57:08 ceartgoleor ntop[13099]: THREADMGMT: SFLOW: thread running [p13099, t2931817328]... Apr 12 13:57:09 ceartgoleor ntop[13099]: **WARNING** packet truncated (78->8232) Apr 12 13:57:09 ceartgoleor kernel: [336978.392097] ntop[13226]: segfault at aec21004 ip 00b3bfa7 sp aebfc328 error 4 in libc-2.12.1.so[a27000+157000] I notice one or two others around with similar problems. I also get a similar problem on Debian Wheezy running v4.0.3. Any thoughts on what to do? Thanks, Gavin _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
