Hi Thanks for clarifying. see below
On Tue, Sep 6, 2016 at 4:35 PM, <[email protected]> wrote: > Simone/James, > > Thanks for your replies and suggestions. > > I may have inadvertently steered the conversation away from the core issue > by omitting some info. > > When launching ntopng, regardless of launching a single instance or > multiple instances, the core issue is that the process does not > consistently launch as a specific user (instead of nobody). > > I have adjusted the config to remove the specific user option and launch > as nobody instead. After doing a recursive chown of the ntopng data > folders, this appears to have resolved my issue of ntopng launching in a > hung state (in single and multiple instance). ntopng now launches as > nobody, and folders/files are owned nobody:nogroup. > > To answer the why: I'm using apache in front of ntopng to allow for LDAP > authentication (and multi-tenant). When two users were simultaneously using > a single instance of ntopng to look at different segments (interfaces), the > traffic would default to the last interface selected by either user. This > was causing tug-o-wars between different users looking at different > segments. This is probably due to my using apache in front of ntopng. > > The workaround I came up with was to launch multiple instances to avoid > tug-o-war. > > I'll need to take another look at ntopng's built in multi-tenant options. > Does it natively support LDAP authentication? yes, it does support LDAP authentication. > When multiple users login, does it keep the interface selected per user? > yes, selected interface should be per user. If that is not the case, then there may be a bug somewhere. In that case, please post an issue on our github tracker. > > Again, thanks for the replies and suggestions. > Thank you > > -Nicholas > > > On 2016-08-28 02:55, Simone Mainardi wrote: > >> Hi, >> >> As already suggested by James, using a single instance is recommended >> to monitor multiple interfaces on the same box. ntopng is also >> multi-tenant so you have the option to create users and associate >> interfaces and networks to them. In this way you can create >> non-privileged users that don't have access to all the traffic. >> >> However, if you still want to run multiple instances on the same box, >> you must use for each instance a different: >> - redis database id >> - data dir >> - http port >> - pid file >> >> or things will be messed up... >> >> simone >> >> On Fri, Aug 26, 2016 at 11:54 PM, James Lay <[email protected]> >> wrote: >> >> On 2016-08-26 15:39, [email protected] wrote: >>> >>> v.2.4.160818 [Professional Edition] >>>> GIT rev: >>>> 2.4-stable:d786da67470dd879c5bbe13d38a7f95f2b598626:20160818 >>>> Pro rev: r641 >>>> System Id: 3BB0D75C7A06AB13 >>>> Built on: Ubuntu 14.04.5 LTS >>>> >>>> I am spawning 3 different ntopng instances to monitor different >>>> network segments on different ethernet adapters. When launching >>>> ntopng >>>> it is occasionally not running as the user specified via --user. >>>> >>>> Launching ntopng via: ntopng /etc/ntopng/this.ntopng.conf >>>> >>>> Launching using the following config: >>>> >>>> --daemon >>>> --community >>>> --http-port 15000 >>>> --dns-mode 0 >>>> --interface eth1 >>>> --disable-login 1 >>>> --data-dir /opt/ntopng/this >>>> --disable-alerts >>>> --user ntopng >>>> --pid /var/run/this.ntopng.pid >>>> --disable-autologout >>>> --disable-host-persistency >>>> --sticky-hosts none >>>> >>>> Occasionally it will run as user ntopng and function properly. >>>> When it >>>> doesn't it launches as root and will not function. I will have to >>>> manually kill the proc and relaunch a few times before it will >>>> finally >>>> run as user ntopng. >>>> >>>> This issue surfaced when updating from a 2015 community build to >>>> 2.4. >>>> >>>> Has anyone else run into this issue? Any suggestions on how to >>>> resolve? >>>> >>>> Thanks in advance, >>>> Nicholas >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop [1] >>>> >>> >>> Three instances..wow. Any reason you're not running just one >>> instance to monitor all three? I use the below cli options for two: >>> >>> -i eth0 -i ppp0 -i view:eth0,ppp0 >>> >>> which allows me three "interfaces" to view in ntop, eth0, ppp0, and >>> an aggregate of both. I realize this doesn't address your question >>> at all, but I thought I'd throw it out there anyways. >>> >>> James >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop [1] >>> >> >> >> >> Links: >> ------ >> [1] http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
