I decided to to try ntop on my pfSense 1.2.3 (Feb. 25) and it works at first, but after a while the service stops. In the logs I see:
ntop: warning: /etc/hosts.allow, line 4: can't get client address: Bad file descriptor
and it gets repeated hundreds of times. I haven't changed any configuration file and this is the result of
# # hosts.allow access control file for "tcp wrapped" applications. # ALL : ALL : allow
same for me
The error you see is nothing to worry about according to this old ntop mailing list http://email@example.com/msg11232.html
From my own experience:-
1. NTOP needs atleast 1GB of ram!
2. P2P applications will kill NTOP!!!
3. Enabling the option in NTOPs own GUI for "-c | –sticky-hosts" w/out enabling filters (for your lan e.g 192.168.1.0/24) can crash your NTOP as it stores ALL internal and external hosts in memory until the service is stopped or the pfsense box is rebooted, if your network has heavy P2P traffic, see note 2.
4. Sometimes this fix can work -> a) uninstall NTOP, b) remove NTOP directory "rm -rf /var/db/ntop", c) reinstall NTOP.
5. This post should be in the packages section as its not an issue directly a result from pfsense 1.2.3 :P
With the above fix, I have been able to run it for days on end w/out any issues, unless of course a new client comes along and deciedes to download the latest episode of "Lost" on my network!
There has been many occasions in the past where the CPU would hit the roof on my box (1.2ghz - 1GB ram - mini itx), as I said, note 4 fixes it for me.
Hope that helps.
Thank you for the useful info. I'll give it a try!