ntopng stopping/exiting/crashing
-
Hey,
I'm not to sure how to dig into this problem so I'm reaching out for help from beginning to end.
I'm pfsense version 2.7.2-RELEASE. I've the package ntopng installed version 0.8.13_10. My issue is ntopng appears to keep stopping/exiting/crashing. Not sure which, but it stops running after a period. I'd like to resolve this problem but I'm not sure where to start looking, could I get some help?
Many Thanks.
-
@Lockie Not that I think it matters, but I believe the current version of the pfSense ntopng package is 0.8.13_11.
What version of ntopng itself do you have installed?
Check with the command:pkg info | grep ntopAlso, how do you have ntopng configured?
-
Hey @dennypage there doesn't appear to be an upgrade available within package manager:
The command you noted returned the package version I am on:
Configured in what sense? I didn't change many settings from default post install. I believe I:
Turned on Network Discovery every 15 mins.
Emit Alters I turned off.
Local Hosts Timeseries > Layer-7 Applications I set to BothAnything look odd/off there?
-
@Lockie said in ntopng stopping/exiting/crashing:
Configured in what sense? I didn't change many settings from default post install. I believe I:
Turned on Network Discovery every 15 mins.
Emit Alters I turned off.
Local Hosts Timeseries > Layer-7 Applications I set to BothI meant the Diagnostics / ntopng Setting page. Curious to know the interface list, the dns mode, and local networks setting. Nothing there is going to directly induce a core, but there are things that will create unnecessary work for ntopng such as having WAN selected in the interface list.
Now, looking to the exit/crash issue, have you checked the system log for messages?
grep ntopng /var/log/system.logAnd a couple of comments on the changes you listed:
If Network Discovery means the Active Network Discovery capability of ntopng (Settings / Preferences / Network Discovery / Active Network Discovery), I would highly recommend that this be turned back off. This is a really questionable feature of ntopng, intended for general monitoring when ntopng is not in a position to see packets from hosts. It's not something that should be enabled on a firewall. [I recently spent several hours helping someone who was trying to figure out why their firewall was periodically attempting ssh connections to hosts inside the firewall. Turned out that it was ntopng's active discovery.]
Creating both time series per application and per category creates a lot of additional IO, and the ntopng folk recommend against it. Are you sure you need both? Or either of them?
-
@Lockie Another interesting thing I note is that your version of ntopng shows as 5.6.d20230920, whereas the version I see in the plus repo is ntopng-5.6.d20230531_1.
What is the architecture of your system? Intel or ARM?
-
@dennypage Intel:
-
@Lockie Did you check the system log?
I have a ntopng 6.0 package available that you can test if you like, but it would be good to see if there is any indication of why ntopng stops before changing the executable.
-
@dennypage so I ...
Turned off Network Discovery.
Set Local Hosts Timeseries > Layer-7 Applications to NoneAnd since doing that I've not had a crash.
-
@Lockie said in ntopng stopping/exiting/crashing:
Turned off Network Discovery.
This could very well have been the issue. The Active Network Discovery code is not the most commonly used code in ntopng.
