Simone/James,
Thanks for your replies and suggestions.
I may have inadvertently steered the conversation away from the core
issue by omitting some info.
When launching ntopng, regardless of launching a single instance or
multiple instances, the core issue is that the process does not
consistently launch as a specific user (instead of nobody).
I have adjusted the config to remove the specific user option and launch
as nobody instead. After doing a recursive chown of the ntopng data
folders, this appears to have resolved my issue of ntopng launching in a
hung state (in single and multiple instance). ntopng now launches as
nobody, and folders/files are owned nobody:nogroup.
To answer the why: I'm using apache in front of ntopng to allow for LDAP
authentication (and multi-tenant). When two users were simultaneously
using a single instance of ntopng to look at different segments
(interfaces), the traffic would default to the last interface selected
by either user. This was causing tug-o-wars between different users
looking at different segments. This is probably due to my using apache
in front of ntopng.
The workaround I came up with was to launch multiple instances to avoid
tug-o-war.
I'll need to take another look at ntopng's built in multi-tenant
options. Does it natively support LDAP authentication? When multiple
users login, does it keep the interface selected per user?
Again, thanks for the replies and suggestions.
-Nicholas
On 2016-08-28 02:55, Simone Mainardi wrote:
Hi,
As already suggested by James, using a single instance is recommended
to monitor multiple interfaces on the same box. ntopng is also
multi-tenant so you have the option to create users and associate
interfaces and networks to them. In this way you can create
non-privileged users that don't have access to all the traffic.
However, if you still want to run multiple instances on the same box,
you must use for each instance a different:
- redis database id
- data dir
- http port
- pid file
or things will be messed up...
simone
On Fri, Aug 26, 2016 at 11:54 PM, James Lay <[email protected]>
wrote:
On 2016-08-26 15:39, [email protected] wrote:
v.2.4.160818 [Professional Edition]
GIT rev:
2.4-stable:d786da67470dd879c5bbe13d38a7f95f2b598626:20160818
Pro rev: r641
System Id: 3BB0D75C7A06AB13
Built on: Ubuntu 14.04.5 LTS
I am spawning 3 different ntopng instances to monitor different
network segments on different ethernet adapters. When launching
ntopng
it is occasionally not running as the user specified via --user.
Launching ntopng via: ntopng /etc/ntopng/this.ntopng.conf
Launching using the following config:
--daemon
--community
--http-port 15000
--dns-mode 0
--interface eth1
--disable-login 1
--data-dir /opt/ntopng/this
--disable-alerts
--user ntopng
--pid /var/run/this.ntopng.pid
--disable-autologout
--disable-host-persistency
--sticky-hosts none
Occasionally it will run as user ntopng and function properly.
When it
doesn't it launches as root and will not function. I will have to
manually kill the proc and relaunch a few times before it will
finally
run as user ntopng.
This issue surfaced when updating from a 2015 community build to
2.4.
Has anyone else run into this issue? Any suggestions on how to
resolve?
Thanks in advance,
Nicholas
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop [1]
Three instances..wow. Any reason you're not running just one
instance to monitor all three? I use the below cli options for two:
-i eth0 -i ppp0 -i view:eth0,ppp0
which allows me three "interfaces" to view in ntop, eth0, ppp0, and
an aggregate of both. I realize this doesn't address your question
at all, but I thought I'd throw it out there anyways.
James
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop [1]
Links:
------
[1] http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
