Ntop with Pfsense 1.2.3
-
My suggestion, install the "monit" package and have it monitor your ntop process. Monit will automatically restart ntop if/when it dies again. Plus, you get automatic notification when an event occurs. Just do a search for "monit" in the package forum.
Let me know if you need any help.
-
My suggestion, install the "monit" package and have it monitor your ntop process. Monit will automatically restart ntop if/when it dies again. Plus, you get automatic notification when an event occurs. Just do a search for "monit" in the package forum.
Let me know if you need any help.
Does ntop still give accurate information even though it has to be restarted every 4-10 minutes?
-
Sorry, don't know enough about ntop to comment. Maybe someone else does?
-
Well, it looks to me like I've fixed it. Its been running for almost 20 minutes now with no problems. Usually it quits after 3 minutes. Sometimes even 30 secs.
It appears that it was a simple permission and ownership problem.
I just had to do
#chmod -R 755 /var/db/ntop #chown -R nobody:nobody /var/db/ntop
So now its working. I'm going to leave it be for a while and see if it continues to work. I do have one question though. I'm able to start it manually but it does not start when I hit the start service button in the gui. And I'm assuming that it will not start automatically at bootup. I've not tried that yet.
So, is there any way I can get it to start automatically? Also, does this "monit" package give pfsense a command like say, "ntop" so that it will start ntop? Because if not, then as things are right now… it won't work.
-
To automatically start the app on boot, edit the /usr/local/etc/rc.d/ntop.sh script and make sure the ENABLE option is set to "Y". Then, either reboot or run the script "/usr/local/etc/rc.d/ntop.sh start".
Once you get monit installed and running, add a section for ntop (look at the config file for examples). Here is what I use for "bandwidthd":
–-------------------------------------------------------------------
check process bandwidthd with pidfile /var/run/bandwidthd.pid
start program = "/usr/local/etc/rc.d/bandwidthd.sh start" with timeout 60 seconds
stop program = "/usr/local/etc/rc.d/bandwidthd.sh stop"
if 3 restarts within 5 cycles then timeout
group bandwidthdAlso, make sure you have the monit.sh script in /usr/local/etc and it has been ENABLED as well. This will make sure monit gets started when your box reboots.
-
It appears that it was a simple permission and ownership problem.
I just had to do
#chmod -R 755 /var/db/ntop #chown -R nobody:nobody /var/db/ntop
This worked for me as well. I have just fixed our ntop which was not working for a month or so after upgrading to 1.2.3. It also starts and stops from the gui now so i would assume that its completely fixed.
Thanks!
-
I committed a fix for the permissions to the ntop package just now, but I didn't do a version bump yet. If it turns out to work for everyone, I may do that just to signal to people there has been a change.
There were commands in there before that should have fixed the permissions, but the command wasn't specified with the full path so it may have been failing. I'd be curious if anyone who is experiencing the crashes would try to reinstall the ntop now (or rather about 5 minutes from the time of this post to be sure the commit is live on the package server).
I have one server I will be trying this one, where ntop would die quite often.
-
Thanks Jim. I may give ntop a try tonight and report back…
-
So far so good on mine. I upgraded just after I put the fix in and it's still running an hour and a half later (give or take), whereas before it would run at most about 10 minutes.
-
I'm running pfSense 1.2.3-RELEASE with 2 WAN/1 LAN setup and the latest ntop package from the package section and I'm still having problems with the ntop package.
FreeBSD pfsense.smartfox.us 7.2-RELEASE-p5 FreeBSD 7.2-RELEASE-p5 #0: Sun Dec 6
22:57:48 EST 2009 sullrich@FreeBSD_7.2_pfSense_1.2.3_snaps.pfsense.org:/usr
/obj.pfSense/usr/pfSensesrc/src/sys/pfSense.7 i386before, when it just core dump and that was it. Now, when it core dumps after I did the chmod/chown commands from a previous post, I get my system log spammed with these messages:
Feb 2 11:55:53 kernel: rl2: promiscuous mode enabled
Feb 2 11:55:53 kernel: rl2: promiscuous mode disabled
Feb 2 11:55:57 kernel: rl2: promiscuous mode enabled
Feb 2 11:55:58 kernel: rl2: promiscuous mode disabled
Feb 2 11:56:02 kernel: rl2: promiscuous mode enabled
Feb 2 11:56:02 kernel: rl2: promiscuous mode disabled
Feb 2 11:56:06 kernel: rl2: promiscuous mode enabled
Feb 2 11:56:07 kernel: rl2: promiscuous mode disabled
Feb 2 11:56:11 kernel: rl2: promiscuous mode enabled
Feb 2 11:56:11 kernel: rl2: promiscuous mode disabled
Feb 2 11:56:15 kernel: rl2: promiscuous mode enabled
Feb 2 11:56:15 kernel: rl2: promiscuous mode disabled
Feb 2 11:56:20 kernel: rl2: promiscuous mode enabled
Feb 2 11:56:20 kernel: rl2: promiscuous mode disabled
etc etc etcIt just seems to die after 4-5 min after it gets to the end of starting up when it just says collecting data. rl2 is my LAN interface.
I also have darkstat and bandwidthd installed. Would either of these be interferring with ntop? I have an old box running out on a customer's site running both (although i think they're running a 1.2 snapshot) no problem. If there's more data that I need to provide, let me know, please.
Thanks
EDIT I kinda hurried with the original post because we were going to eat lunch. Once I got back, I decided to try and run ntop from the command prompt. I ran ntop and everything seemed to be going fine. I waited about 10 min, had no problems and so I stopped the process. I saw it wasn't able to remove the pid file so I changed the ownership and permissions on the file and decided to try running it from the web GUI. Everything was running fine for a while and then:
Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Started thread for throughput data collection
Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Started thread for throughput data collection
Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683677616]: RRD: Data collection thread running [p51520]
Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683677616]: RRD: Data collection thread running [p51520]
Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Throughput data collection: Thread starting [p51520]
Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Throughput data collection: Thread starting [p51520]
Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Throughput data collection: Thread running [p51520]
Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Throughput data collection: Thread running [p51520]
Feb 2 13:58:55 check_reload_status: reloading filter
Feb 2 14:17:58 kernel: pid 51520 (ntop), uid 0: exited on signal 11 (core dumped)
Feb 2 14:21:12 dnsmasq[35614]: reading /var/dhcpd/var/db/dhcpd.leasesThat dnsmasq entry always seems to happen right after ntop core dumps. Nothing had changed. I was just F5ing the system log to see if it was still running. The only thing I guess I did differently was I didn't try accessing ntop while it was running to see if it'd atleast gather data for a while.
I'm gonna run it via the command prompt again and let it run for a while to see if I can find something more out. I was just interested if someone ran into this before and knew how to fix it.
EDIT II Alright, here's running ntop from the command prompt. I copy and pasted out of the web gui for timestamps but the terminal has the same thing minus the time:
Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683677616]: RRD: Data collection thread running [p56774]
Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683677616]: RRD: Data collection thread running [p56774]
Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683678432]: RRD: Throughput data collection: Thread starting [p56774]
Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683678432]: RRD: Throughput data collection: Thread starting [p56774]
Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683678432]: RRD: Throughput data collection: Thread running [p56774]
Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683678432]: RRD: Throughput data collection: Thread running [p56774]
Feb 2 14:40:21 ntop[56873]: THREADMGMT[t683675712]: ntop RUNSTATE: PREINIT(1)
Feb 2 14:40:21 ntop[56873]: THREADMGMT[t683675712]: ntop RUNSTATE: INIT(2)
Feb 2 14:46:52 kernel: pid 56873 (ntop), uid 0: exited on signal 11 (core dumped)
Feb 2 14:47:28 dnsmasq[35614]: reading /var/dhcpd/var/db/dhcpd.leasesI started the process with the same command-line option found in /usr/local/etc/rc.d/ntop.sh minus the -d so I could see what was going on. I didn't try accessing the web gui or anything while it was running so it was just gathering data. Is anyone else running bandwidthd and having the same issue? Am I gonna be left with having cron or monit restart the program every 5-10 minutes? What am I doing wrong? ???
-
Did you uninstall/reinstall the package after the date on my last post?
Also, those promisc. mode messages are typically seen with the rate package, not ntop. Do you have that installed?
The dnsmasq process happens periodically, and that one happened several minutes after your ntop crash, it's not related.
-
sorry, I didn't see your reply before I made my last edit.
Yes, I have rate installed. Should I try uninstalling it? and I installed ntop today for the first time (Feb 2, 2010).
Also, was old accounts wiped or something? I had an account I thought that was under this username from like 2007 or so and I had to recreate this account a while back to post.
-
The presence of the rate package shouldn't help or hurt ntop.
FYI- ntop is still running on my router at work since my post saying it was OK, and it used to only last 10 minutes and behave exactly like yours (core dump and all).
Old accounts shouldn't be wiped, but I can look one up by username or e-mail if you want me to check on one. Send me a PM if you want me to check.
-
Yeah, I tried removing the rate package and it didn't make a bit of difference. I actually deleted the ntop package after I made that post and reinstalled and got the same results. I had to leave work early for a doctor's appointment and had a fellow technician check it out for me. :-[
Anyways, I'm gonna try a few other things throughout the day and see if I can figure out what's going on. I've been pretty loyal to pfSense since I found the project and since I got hired back to this company after one of the owners departed, I've wanted to move from Endian back to pfSense. The only reason we used Endian was for the web interface it has for OpenVPN. Is the client tls/auth package pretty much the same thing?
As a side note, from what I've read, I can't wait to have the openvpn client export package working for 2.0. I woulda really liked to have used pfSense 2.0-BETA instead of 1.2.3-RELEASE but we ran into the issue where putting the IP in staticly made it where the box wouldn't keep the default route (atleast that's what the other tech said he ran into and said after checking google that he found it was a known issue).
If I figure out what my problem is, I'll be sure to report back to the forum as it's been invaluable for me in the past. :)
-
I removed all the network monitoring packages, rebooted the router and reinstalled ntop and now it works. Go figure.
Sorry :-[
-
I found a problem,the logs:
ERROR: sanity check failed < low memory >
what can I do I just knew how to use it
please teach me I am a chinese
-
Well, it looks to me like I've fixed it. Its been running for almost 20 minutes now with no problems. Usually it quits after 3 minutes. Sometimes even 30 secs.
It appears that it was a simple permission and ownership problem.
I just had to do
#chmod -R 755 /var/db/ntop #chown -R nobody:nobody /var/db/ntop
Thanks, this worked for me as well.
ntop was not working for some weeks, and now i can also starts and stops from the gui -
Seems to be working for me too But I had to uninstall darkstat to keep Ntop from crashing.
-
Hi all,
I'm new to pfSense and it's my first post ;)
I installed a pfSense (1.2.3) for my company using a multiwan connection and I have the same problem. Ntop die quickly. I tried to remove "bandwidthd" and reinstall ntop package, but it doesn't work.
I try the chmod/chown method, but it doesn't work neither.
But, perhaps I found something, in the webgui, when you start ntop, you can select the interface to scan. If I select the 3 (2 wan, 1 lan), there's the problem, ntop die. But when I select only the 2 wan, or when I select only the lan, it seems that ntop doesn't crash (usually ntop crash before 10 minutes, with that configuration ntop doesn't crash in one hour).
So, If someone have an idea to solve that in another way …
Cheers.
Gilles.
-
why do you want Ntop running on the WAN???
LAN should have all the info you need