Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ntop with Pfsense 1.2.3

    Scheduled Pinned Locked Moved pfSense Packages
    24 Posts 10 Posters 16.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      belikeyeshua
      last edited by

      As many of you know, ntop often does not work in pfsense 1.2.3. I've been working on fixing that and I would like your input.

      I typed in which ntop and that showed /usr/local/bin/ntop. I ran that, and I got this:

      # /usr/local/bin/ntop
      Tue Jan 19 16:38:58 2010  NOTE: Interface merge enabled by default
      Tue Jan 19 16:38:58 2010  Initializing gdbm databases
      Tue Jan 19 16:38:58 2010  ntop will be started as user nobody
      Tue Jan 19 16:38:58 2010  ntop v.3.3.8
      Tue Jan 19 16:38:58 2010  Configured on Dec  4 2008 15:19:28, built on Dec  4 2008 15:19:59.
      Tue Jan 19 16:38:58 2010  Copyright 1998-2007 by Luca Deri <deri@ntop.org>
      Tue Jan 19 16:38:58 2010  Get the freshest ntop from http://www.ntop.org/
      Tue Jan 19 16:38:58 2010  NOTE: ntop is running from '/usr/local/bin'
      Tue Jan 19 16:38:58 2010  NOTE: (but see warning on man page for the --instance parameter)
      Tue Jan 19 16:38:58 2010  NOTE: ntop libraries are in '/usr/local/lib'
      Tue Jan 19 16:38:58 2010  Initializing ntop
      Tue Jan 19 16:38:58 2010  No patterns to load: protocol guessing disabled.
      Tue Jan 19 16:38:58 2010  No default device configured. Using fxp0
      Tue Jan 19 16:38:58 2010  Checking fxp0 for additional devices
      Tue Jan 19 16:38:58 2010  Resetting traffic statistics for device fxp0
      Tue Jan 19 16:38:58 2010  Initializing device fxp0 (0)
      Tue Jan 19 16:38:58 2010  DLT: Device 0 [fxp0] is 1, mtu 1514, header 14
      Tue Jan 19 16:38:58 2010  Initializing gdbm databases
      Tue Jan 19 16:38:58 2010  VENDOR: Loading MAC address table.
      Tue Jan 19 16:38:58 2010  VENDOR: Checking for MAC address table file
      Tue Jan 19 16:38:58 2010  VENDOR: Loading newer file '/usr/local/etc/ntop/specialMAC.txt.gz'
      Tue Jan 19 16:38:58 2010  VENDOR: ...found 61 lines
      Tue Jan 19 16:38:58 2010  VENDOR: ...loaded 59 records
      Tue Jan 19 16:38:58 2010  VENDOR: Checking for MAC address table file
      Tue Jan 19 16:38:58 2010  VENDOR: Loading newer file '/usr/local/etc/ntop/oui.txt.gz'
      Tue Jan 19 16:38:59 2010  VENDOR: ...found 48541 lines
      Tue Jan 19 16:38:59 2010  VENDOR: ...loaded 7853 records
      Tue Jan 19 16:38:59 2010  Fingerprint: Loading signature file
      Tue Jan 19 16:38:59 2010  Fingerprint: Checking for Fingerprint file... file
      Tue Jan 19 16:38:59 2010  Fingerprint: Loading file '/usr/local/etc/ntop/etter.finger.os.gz'
      Tue Jan 19 16:38:59 2010  Fingerprint: ...loaded 0 records
      Tue Jan 19 16:38:59 2010  ASN: Checking for Autonomous System Number table file
      Tue Jan 19 16:38:59 2010  ASN: Loading file '/usr/local/etc/ntop/AS-list.txt.gz'
      Tue Jan 19 16:39:00 2010  ASN: ...found 111435 lines
      Tue Jan 19 16:39:00 2010  ASN: ....Used 3780 KB of memory (12 per entry)
      Tue Jan 19 16:39:00 2010  IP2CC: Checking for IP address <-> Country Code mapping file
      Tue Jan 19 16:39:00 2010  IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz'
      Tue Jan 19 16:39:01 2010  IP2CC: ...found 52395 lines
      Tue Jan 19 16:39:01 2010  Database support not compiled into ntop
      Tue Jan 19 16:39:01 2010  Initializing external applications
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683675984]: SFP: Started thread for fingerprinting
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683676256]: SIH: Started thread for idle hosts detection
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683676528]: DNSAR(1): Started thread for DNS address resolution
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683676800]: DNSAR(2): Started thread for DNS address resolution
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683677072]: DNSAR(3): Started thread for DNS address resolution
      Tue Jan 19 16:39:01 2010  Calling plugin start functions (if any)
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683676528]: DNSAR(1): Address resolution thread running
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683677072]: DNSAR(3): Address resolution thread running
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683676800]: DNSAR(2): Address resolution thread running
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683676256]: SIH: Idle host scan thread starting [p10537]
      Tue Jan 19 16:39:01 2010  THREADMGMT[t683675984]: SFP: Fingerprint scan thread starting [p10537]
      Tue Jan 19 16:39:01 2010  SSL is present but https is disabled: use -W <https port=""> for enabling it
      Tue Jan 19 16:39:01 2010  INITWEB: Initializing web server
      
      ntop startup - waiting for user response!
      
      Please enter the password for the admin user: 
      Password too short (5 characters or more). Please try again.
      
      ntop startup - waiting for user response!
      
      Please enter the password for the admin user: 
      Please enter the password again: 
      Tue Jan 19 16:39:25 2010  Admin user password has been set
      Tue Jan 19 16:39:25 2010  INITWEB: Initializing TCP/IP socket connections for web server
      Tue Jan 19 16:39:25 2010  INITWEB: Initialized socket, port 3000, address (any)
      Tue Jan 19 16:39:25 2010  INITWEB: Waiting for HTTP connections on port 3000
      Tue Jan 19 16:39:25 2010  INITWEB: Starting web server
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683677344]: INITWEB: Started thread for web server
      Tue Jan 19 16:39:25 2010  Listening on [fxp0]
      Tue Jan 19 16:39:25 2010  Loading Plugins
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683677344]: WEB: Server connection thread starting [p10537]
      Tue Jan 19 16:39:25 2010  Note: SIGPIPE handler set (ignore)
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683677344]: WEB: Server connection thread running [p10537]
      Tue Jan 19 16:39:25 2010  WEB: ntop's web server is now processing requests
      Tue Jan 19 16:39:25 2010  Searching for plugins in /usr/local/lib/ntop/plugins
      Tue Jan 19 16:39:25 2010  CPACKET: Welcome to cPacket.(C) 2008 by Luca Deri
      Tue Jan 19 16:39:25 2010  ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri
      Tue Jan 19 16:39:25 2010  LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni
      Tue Jan 19 16:39:25 2010  NETFLOW: Welcome to NetFlow.(C) 2002-08 by Luca Deri
      Tue Jan 19 16:39:25 2010  PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock
      Tue Jan 19 16:39:25 2010  Remote: Welcome to Remote. (C) 2006-07 by L.Deri
      Tue Jan 19 16:39:25 2010  RRD: Welcome to Round-Robin Databases. (C) 2002-07 by Luca Deri.
      Tue Jan 19 16:39:25 2010  SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
      Tue Jan 19 16:39:25 2010  Calling plugin start functions (if any)
      Tue Jan 19 16:39:25 2010  RRD: Welcome to the RRD plugin
      Tue Jan 19 16:39:25 2010  RRD: Mask for new directories is 0700
      Tue Jan 19 16:39:25 2010  RRD: Mask for new files is 0066
      Tue Jan 19 16:39:25 2010  RRD_DEBUG: Parameters:
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpInterval 300 seconds
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpShortInterval 10 seconds
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpHours 72 hours by 300 seconds
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpDays 90 days by hour
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpMonths 36 months by day
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpDomains no
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpFlows no
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpSubnets no
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpHosts no
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpInterfaces yes
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpASs no
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpMatrix no
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     dumpDetail medium
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     hostsFilter 
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     rrdPath /var/db/ntop/rrd [normal]
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     rrdPath /var/db/ntop/rrd [dynamic/volatile]
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     umask 0066
      Tue Jan 19 16:39:25 2010  RRD_DEBUG:     DirPerms 0700
      Tue Jan 19 16:39:25 2010  THREADMGMT: RRD: Started thread (t683677616) for data collection
      Tue Jan 19 16:39:25 2010  INIT: Created pid file (/var/run/ntop.pid)
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683675712]: ntop RUNSTATE: INITNONROOT(3)
      Tue Jan 19 16:39:25 2010  Now running as requested user 'nobody' (65534:65534)
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683677616]: RRD: Data collection thread starting [p10537]
      Tue Jan 19 16:39:25 2010  Note: Reporting device initally set to 0 [fxp0] (merged)
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683675712]: ntop RUNSTATE: RUN(4)
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683677888]: NPS(1): Started thread for network packet sniffing [fxp0]
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683677888]: NPS(fxp0): pcapDispatch thread starting [p10537]
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683677888]: NPS(fxp0): pcapDispatch thread running [p10537]
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683676256]: SIH: Idle host scan thread running [p10537]
      Tue Jan 19 16:39:25 2010  THREADMGMT[t683675984]: SFP: Fingerprint scan thread running [p10537]
      Tue Jan 19 16:39:35 2010  **ERROR** RRD: Disabled - unable to create directory (err 13, /var/db/ntop/rrd/flows)
      Tue Jan 19 16:40:19 2010  NOTE: -L | --use-syslog=facility not specified, child processes will log to the default (24).</https></deri@ntop.org>
      

      And… its working now. And very well too. But, I wonder if it will still work when I reboot. I hope I do not have to run /usr/local/bin/ntop every time I restart the router. I'm also wondering why it asks for my password. After I type it in, it works. So, maybe this is a ownership/permission problem because something is not owned by the right user?

      Thanks a lot!
      ~Shawn

      EDIT:

      I wonder also about the part where it says it failed to create the directory. Should I manually create it?

      Anyhow, ntop has been running for 10 mins or so then I got this:

      Tue Jan 19 16:54:46 2010  CLEANUP[t683677888]: ntop caught signal 15 [state=4]
      Tue Jan 19 16:54:46 2010  THREADMGMT[t683677888]: ntop RUNSTATE: SHUTDOWN(7)
      Tue Jan 19 16:54:46 2010  CLEANUP[t683677888] catching thread is NPS1
      Tue Jan 19 16:54:46 2010  CLEANUP: Running threads SFP SIH WEB DNSAR1 DNSAR2 DNSAR3 NPS(fxp0)
      Tue Jan 19 16:54:46 2010  Joining thread DNSAR1
      Tue Jan 19 16:54:46 2010  THREADMGMT[t683676800]: DNSAR(2): Address resolution thread terminated [p10537]
      Tue Jan 19 16:54:55 2010  THREADMGMT[t683677344]: WEB: Server connection thread terminated [p10537]
      Tue Jan 19 16:54:56 2010  THREADMGMT[t683675712]: Main thread shutting down
      Tue Jan 19 16:54:56 2010  THREADMGMT[t683675984]: SFP: Fingerprint scan thread terminated [p10537]
      Tue Jan 19 16:54:56 2010  THREADMGMT[t683676256]: SIH: Idle host scan thread terminated [p10537]
      Tue Jan 19 16:54:56 2010  CLEANUP[t683677888]: ntop caught signal 14 [state=7]
      Tue Jan 19 16:54:56 2010  ntop is now quitting...
      

      I'm assuming that whatever is needed to get ntop to work without manually starting it… will fix this problem

      1 Reply Last reply Reply Quote 0
      • B
        belikeyeshua
        last edited by

        I did some reading about this and it looks like ntop cannot create the directory because it does not have permission to do so. So, you need to do chmod -R 777 /var/db/ntop/rrd

        Now, it will create the directory… however, there are other problems. Check this out:

        # ntop
        Tue Jan 19 18:55:54 2010  NOTE: Interface merge enabled by default
        Tue Jan 19 18:55:54 2010  Initializing gdbm databases
        Tue Jan 19 18:55:54 2010  ntop will be started as user nobody
        Tue Jan 19 18:55:54 2010  ntop v.3.3.8
        Tue Jan 19 18:55:54 2010  Configured on Dec  4 2008 15:19:28, built on Dec  4 2008 15:19:59.
        Tue Jan 19 18:55:54 2010  Copyright 1998-2007 by Luca Deri <deri@ntop.org>Tue Jan 19 18:55:54 2010  Get the freshest ntop from http://www.ntop.org/
        Tue Jan 19 18:55:54 2010  NOTE: ntop is running from 'ntop'
        Tue Jan 19 18:55:54 2010  NOTE: (but see warning on man page for the --instance parameter)
        Tue Jan 19 18:55:54 2010  NOTE: ntop libraries are in '/usr/local/lib'
        Tue Jan 19 18:55:54 2010  Initializing ntop
        Tue Jan 19 18:55:54 2010  No patterns to load: protocol guessing disabled.
        Tue Jan 19 18:55:54 2010  Checking fxp0 for additional devices
        Tue Jan 19 18:55:54 2010  Resetting traffic statistics for device fxp0
        Tue Jan 19 18:55:54 2010  Initializing device fxp0 (0)
        Tue Jan 19 18:55:54 2010  DLT: Device 0 [fxp0] is 1, mtu 1514, header 14
        Tue Jan 19 18:55:54 2010  Checking fxp1 for additional devices
        Tue Jan 19 18:55:54 2010  Resetting traffic statistics for device fxp1
        Tue Jan 19 18:55:54 2010  Initializing device fxp1 (1)
        Tue Jan 19 18:55:54 2010  DLT: Device 1 [fxp1] is 1, mtu 1514, header 14
        Tue Jan 19 18:55:54 2010  Checking fxp2 for additional devices
        Tue Jan 19 18:55:54 2010  Resetting traffic statistics for device fxp2
        Tue Jan 19 18:55:54 2010  Initializing device fxp2 (2)
        Tue Jan 19 18:55:54 2010  DLT: Device 2 [fxp2] is 1, mtu 1514, header 14
        Tue Jan 19 18:55:54 2010  Initializing gdbm databases
        Tue Jan 19 18:55:54 2010  VENDOR: Loading MAC address table.
        Tue Jan 19 18:55:54 2010  VENDOR: Checking for MAC address table file
        Tue Jan 19 18:55:54 2010  VENDOR: File '/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
        Tue Jan 19 18:55:54 2010  VENDOR: ntop continues ok
        Tue Jan 19 18:55:54 2010  VENDOR: Checking for MAC address table file
        Tue Jan 19 18:55:54 2010  VENDOR: File '/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded
        Tue Jan 19 18:55:54 2010  VENDOR: ntop continues ok
        Tue Jan 19 18:55:54 2010  Fingerprint: Loading signature file
        Tue Jan 19 18:55:54 2010  Fingerprint: Checking for Fingerprint file... file
        Tue Jan 19 18:55:54 2010  Fingerprint: Loading file '/usr/local/etc/ntop/etter.finger.os.gz'
        Tue Jan 19 18:55:54 2010  Fingerprint: ...loaded 0 records
        Tue Jan 19 18:55:54 2010  ASN: Checking for Autonomous System Number table file
        Tue Jan 19 18:55:54 2010  ASN: Loading file '/usr/local/etc/ntop/AS-list.txt.gz'
        Tue Jan 19 18:55:55 2010  ASN: ...found 111435 lines
        Tue Jan 19 18:55:55 2010  ASN: ....Used 3780 KB of memory (12 per entry)
        Tue Jan 19 18:55:55 2010  IP2CC: Checking for IP address <-> Country Code mapping file
        Tue Jan 19 18:55:55 2010  IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz'
        Tue Jan 19 18:55:56 2010  IP2CC: ...found 52395 lines
        Tue Jan 19 18:55:56 2010  Database support not compiled into ntop
        Tue Jan 19 18:55:56 2010  Initializing external applications
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683675984]: SFP: Started thread for fingerprinting
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683676256]: SIH: Started thread for idle hosts detection
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683676528]: DNSAR(1): Started thread for DNS address resolution
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683676800]: DNSAR(2): Started thread for DNS address resolution
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677072]: DNSAR(3): Started thread for DNS address resolution
        Tue Jan 19 18:55:56 2010  Calling plugin start functions (if any)
        Tue Jan 19 18:55:56 2010  SSL is present but https is disabled: use -W <https port="">for enabling it
        Tue Jan 19 18:55:56 2010  INITWEB: Initializing web server
        Tue Jan 19 18:55:56 2010  INITWEB: Initializing TCP/IP socket connections for web server
        Tue Jan 19 18:55:56 2010  INITWEB: Initialized socket, port 3000, address (any)
        Tue Jan 19 18:55:56 2010  INITWEB: Waiting for HTTP connections on port 3000
        Tue Jan 19 18:55:56 2010  INITWEB: Starting web server
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677344]: INITWEB: Started thread for web server
        Tue Jan 19 18:55:56 2010  Listening on [fxp0,fxp1,fxp2]
        Tue Jan 19 18:55:56 2010  Loading Plugins
        Tue Jan 19 18:55:56 2010  Searching for plugins in /usr/local/lib/ntop/plugins
        Tue Jan 19 18:55:56 2010  CPACKET: Welcome to cPacket.(C) 2008 by Luca Deri
        Tue Jan 19 18:55:56 2010  ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri
        Tue Jan 19 18:55:56 2010  LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni
        Tue Jan 19 18:55:56 2010  NETFLOW: Welcome to NetFlow.(C) 2002-08 by Luca Deri
        Tue Jan 19 18:55:56 2010  PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock
        Tue Jan 19 18:55:56 2010  Remote: Welcome to Remote. (C) 2006-07 by L.Deri
        Tue Jan 19 18:55:56 2010  RRD: Welcome to Round-Robin Databases. (C) 2002-07 by Luca Deri.
        Tue Jan 19 18:55:56 2010  SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
        Tue Jan 19 18:55:56 2010  Calling plugin start functions (if any)
        Tue Jan 19 18:55:56 2010  RRD: Welcome to the RRD plugin
        Tue Jan 19 18:55:56 2010  RRD: Mask for new directories is 0700
        Tue Jan 19 18:55:56 2010  RRD: Mask for new files is 0066
        Tue Jan 19 18:55:56 2010  RRD_DEBUG: Parameters:
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpInterval 300 seconds
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpShortInterval 10 seconds
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpHours 72 hours by 300 seconds
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpDays 90 days by hour
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpMonths 36 months by day
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpDomains no
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpFlows no
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpSubnets no
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpHosts no
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpInterfaces yes
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpASs no
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpMatrix no
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     dumpDetail medium
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     hostsFilter 
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     rrdPath /var/db/ntop/rrd [normal]
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     rrdPath /var/db/ntop/rrd [dynamic/volatile]
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     umask 0066
        Tue Jan 19 18:55:56 2010  RRD_DEBUG:     DirPerms 0700
        Tue Jan 19 18:55:56 2010  THREADMGMT: RRD: Started thread (t683677616) for data collection
        Tue Jan 19 18:55:56 2010  INIT: Created pid file (/var/run/ntop.pid)
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683675712]: ntop RUNSTATE: INITNONROOT(3)
        Tue Jan 19 18:55:56 2010  Now running as requested user 'nobody' (65534:65534)
        Tue Jan 19 18:55:56 2010  Note: Reporting device initally set to 0 [fxp0] (merged)
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683675712]: ntop RUNSTATE: RUN(4)
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677888]: NPS(1): Started thread for network packet sniffing [fxp0]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683678160]: NPS(2): Started thread for network packet sniffing [fxp1]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683678432]: NPS(3): Started thread for network packet sniffing [fxp2]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683676528]: DNSAR(1): Address resolution thread running
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677072]: DNSAR(3): Address resolution thread running
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677616]: RRD: Data collection thread starting [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683678160]: NPS(fxp1): pcapDispatch thread starting [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683678160]: NPS(fxp1): pcapDispatch thread running [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683675984]: SFP: Fingerprint scan thread starting [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683675984]: SFP: Fingerprint scan thread running [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683676800]: DNSAR(2): Address resolution thread running
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677888]: NPS(fxp0): pcapDispatch thread starting [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677888]: NPS(fxp0): pcapDispatch thread running [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683676256]: SIH: Idle host scan thread starting [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683676256]: SIH: Idle host scan thread running [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683678432]: NPS(fxp2): pcapDispatch thread starting [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683678432]: NPS(fxp2): pcapDispatch thread running [p35233]
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677344]: WEB: Server connection thread starting [p35233]
        Tue Jan 19 18:55:56 2010  Note: SIGPIPE handler set (ignore)
        Tue Jan 19 18:55:56 2010  THREADMGMT[t683677344]: WEB: Server connection thread running [p35233]
        Tue Jan 19 18:55:56 2010  WEB: ntop's web server is now processing requests
        Tue Jan 19 18:56:06 2010  THREADMGMT[t683678704]: RRD: Started thread for throughput data collection
        Tue Jan 19 18:56:06 2010  THREADMGMT[t683677616]: RRD: Data collection thread running [p35233]
        Tue Jan 19 18:56:06 2010  THREADMGMT[t683678704]: RRD: Throughput data collection: Thread starting [p35233]
        Tue Jan 19 18:56:06 2010  THREADMGMT[t683678704]: RRD: Throughput data collection: Thread running [p35233]
        Tue Jan 19 19:00:38 2010  CLEANUP[t683678704]: ntop caught signal 15 [state=4]
        Tue Jan 19 19:00:38 2010  THREADMGMT[t683678704]: ntop RUNSTATE: SHUTDOWN(7)
        Tue Jan 19 19:00:38 2010  CLEANUP[t683678704] catching thread is unknown
        Tue Jan 19 19:00:38 2010  CLEANUP: Running threads SFP SIH WEB DNSAR1 DNSAR2 DNSAR3 NPS(fxp0) NPS(fxp1) NPS(fxp2)
        Tue Jan 19 19:00:38 2010  Joining thread DNSAR1
        Tue Jan 19 19:00:38 2010  THREADMGMT[t683676528]: DNSAR(1): Address resolution thread terminated [p35233]
        Tue Jan 19 19:00:38 2010  Joining thread DNSAR2
        Tue Jan 19 19:00:38 2010  THREADMGMT[t683676800]: DNSAR(2): Address resolution thread terminated [p35233]
        Tue Jan 19 19:00:38 2010  Joining thread DNSAR3
        Tue Jan 19 19:00:38 2010  THREADMGMT[t683677072]: DNSAR(3): Address resolution thread terminated [p35233]
        Tue Jan 19 19:00:38 2010  STATS: 6,738 packets received by filter on fxp0
        Tue Jan 19 19:00:38 2010  STATS: 222 packets dropped (according to libpcap)
        Tue Jan 19 19:00:38 2010  STATS: 0 packets dropped (by ntop)
        Tue Jan 19 19:00:38 2010  Joining thread  NPS(fxp0)
        Tue Jan 19 19:00:38 2010  THREADMGMT[t683678160]: NPS(fxp1): pcapDispatch thread terminated [p35233]
        Tue Jan 19 19:00:39 2010  THREADMGMT[t683678432]: NPS(fxp2): pcapDispatch thread terminated [p35233]
        Tue Jan 19 19:00:39 2010  THREADMGMT[t683677888]: NPS(fxp0): pcapDispatch thread terminated [p35233]
        Tue Jan 19 19:00:39 2010  CLEANUP: Locking purge mutex (may block for a little while)
        Tue Jan 19 19:00:39 2010  CLEANUP: Locked purge mutex, continuing shutdown
        Tue Jan 19 19:00:39 2010  CLEANUP: Continues (still running SFP SIH WEB)
        Tue Jan 19 19:00:39 2010  FREE_HOST: Start, 1 device(s)
        Tue Jan 19 19:00:39 2010  FREE_HOST: End, freed 0
        Tue Jan 19 19:00:39 2010  FREE_HOST: Start, 1 device(s)
        Tue Jan 19 19:00:39 2010  FREE_HOST: End, freed 0
        Tue Jan 19 19:00:39 2010  FREE_HOST: Start, 1 device(s)
        Tue Jan 19 19:00:39 2010  FREE_HOST: End, freed 0
        Tue Jan 19 19:00:39 2010  PLUGIN_TERM: Unloading plugins (if any)
        Tue Jan 19 19:00:39 2010  RRD: Shutting down, locking mutex (may block for a little while)
        Tue Jan 19 19:00:39 2010  RRD: Locked mutex, continuing shutdown
        Tue Jan 19 19:00:39 2010  THREADMGMT[t683678704]: RRD: killThread(rrdThread) succeeded
        Tue Jan 19 19:00:39 2010  THREADMGMT[t683678704]: RRD: killThread(rrdTrafficThread) succeeded
        Tue Jan 19 19:00:39 2010  THREADMGMT[t683678704]: RRD: Plugin shutdown continuing
        Tue Jan 19 19:00:39 2010  RRD: Thanks for using the rrdPlugin
        Tue Jan 19 19:00:39 2010  RRD: Done
        Tue Jan 19 19:00:39 2010  CLEANUP: Freeing device fxp0
        Tue Jan 19 19:00:39 2010  CLEANUP: Freeing device fxp1
        Tue Jan 19 19:00:39 2010  CLEANUP: Freeing device fxp2
        Tue Jan 19 19:00:39 2010  **WARNING** TERM: Unable to remove pid file (/var/run/ntop.pid)
        Tue Jan 19 19:00:39 2010  CLEANUP: Clean up complete
        Tue Jan 19 19:00:39 2010  THREADMGMT[t683678704]: ntop RUNSTATE: TERM(8)
        Tue Jan 19 19:00:39 2010  CLEANUP[t683678704]: Still running threads SFP SIH WEB
        Tue Jan 19 19:00:39 2010  ===================================
        Tue Jan 19 19:00:39 2010          ntop is shutdown...        
        Tue Jan 19 19:00:39 2010  ===================================</https></deri@ntop.org> 
        

        EDIT: Sometimes when I run ntop, I get this:

        # ntop
        Tue Jan 19 19:17:15 2010  NOTE: Interface merge enabled by default
        Tue Jan 19 19:17:15 2010  Initializing gdbm databases
        Tue Jan 19 19:17:15 2010  ntop will be started as user nobody
        Tue Jan 19 19:17:15 2010  ntop v.3.3.8
        Tue Jan 19 19:17:15 2010  Configured on Dec  4 2008 15:19:28, built on Dec  4 2008 15:19:59.
        Tue Jan 19 19:17:15 2010  Copyright 1998-2007 by Luca Deri <deri@ntop.org>Tue Jan 19 19:17:15 2010  Get the freshest ntop from http://www.ntop.org/
        Tue Jan 19 19:17:15 2010  NOTE: ntop is running from 'ntop'
        Tue Jan 19 19:17:15 2010  NOTE: (but see warning on man page for the --instance parameter)
        Tue Jan 19 19:17:15 2010  NOTE: ntop libraries are in '/usr/local/lib'
        Tue Jan 19 19:17:15 2010  Initializing ntop
        Tue Jan 19 19:17:15 2010  No patterns to load: protocol guessing disabled.
        Tue Jan 19 19:17:15 2010  Checking fxp0 for additional devices
        Tue Jan 19 19:17:15 2010  Resetting traffic statistics for device fxp0
        Tue Jan 19 19:17:15 2010  Initializing device fxp0 (0)
        Tue Jan 19 19:17:15 2010  DLT: Device 0 [fxp0] is 1, mtu 1514, header 14
        Tue Jan 19 19:17:15 2010  Checking fxp1 for additional devices
        Tue Jan 19 19:17:15 2010  Resetting traffic statistics for device fxp1
        Tue Jan 19 19:17:15 2010  Initializing device fxp1 (1)
        Tue Jan 19 19:17:15 2010  DLT: Device 1 [fxp1] is 1, mtu 1514, header 14
        Tue Jan 19 19:17:15 2010  Checking fxp2 for additional devices
        Tue Jan 19 19:17:15 2010  Resetting traffic statistics for device fxp2
        Tue Jan 19 19:17:15 2010  Initializing device fxp2 (2)
        Tue Jan 19 19:17:15 2010  DLT: Device 2 [fxp2] is 1, mtu 1514, header 14
        Tue Jan 19 19:17:15 2010  Initializing gdbm databases
        Tue Jan 19 19:17:15 2010  VENDOR: Loading MAC address table.
        Tue Jan 19 19:17:15 2010  VENDOR: Checking for MAC address table file
        Tue Jan 19 19:17:15 2010  VENDOR: File '/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
        Tue Jan 19 19:17:15 2010  VENDOR: ntop continues ok
        Tue Jan 19 19:17:15 2010  VENDOR: Checking for MAC address table file
        Tue Jan 19 19:17:15 2010  VENDOR: File '/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded
        Tue Jan 19 19:17:15 2010  VENDOR: ntop continues ok
        Tue Jan 19 19:17:15 2010  Fingerprint: Loading signature file
        Tue Jan 19 19:17:15 2010  Fingerprint: Checking for Fingerprint file... file
        Tue Jan 19 19:17:15 2010  Fingerprint: Loading file '/usr/local/etc/ntop/etter.finger.os.gz'
        Tue Jan 19 19:17:15 2010  Fingerprint: ...loaded 0 records
        Tue Jan 19 19:17:15 2010  ASN: Checking for Autonomous System Number table file
        Tue Jan 19 19:17:15 2010  ASN: Loading file '/usr/local/etc/ntop/AS-list.txt.gz'
        Tue Jan 19 19:17:17 2010  ASN: ...found 111435 lines
        Tue Jan 19 19:17:17 2010  ASN: ....Used 3780 KB of memory (12 per entry)
        Tue Jan 19 19:17:17 2010  IP2CC: Checking for IP address <-> Country Code mapping file
        Tue Jan 19 19:17:17 2010  IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz'
        Tue Jan 19 19:17:17 2010  IP2CC: ...found 52395 lines
        Tue Jan 19 19:17:17 2010  Database support not compiled into ntop
        Tue Jan 19 19:17:17 2010  Initializing external applications
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683675984]: SFP: Started thread for fingerprinting
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683676256]: SIH: Started thread for idle hosts detection
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683676528]: DNSAR(1): Started thread for DNS address resolution
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683676800]: DNSAR(2): Started thread for DNS address resolution
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677072]: DNSAR(3): Started thread for DNS address resolution
        Tue Jan 19 19:17:17 2010  Calling plugin start functions (if any)
        Tue Jan 19 19:17:17 2010  SSL is present but https is disabled: use -W <https port="">for enabling it
        Tue Jan 19 19:17:17 2010  INITWEB: Initializing web server
        Tue Jan 19 19:17:17 2010  INITWEB: Initializing TCP/IP socket connections for web server
        Tue Jan 19 19:17:17 2010  INITWEB: Initialized socket, port 3000, address (any)
        Tue Jan 19 19:17:17 2010  INITWEB: Waiting for HTTP connections on port 3000
        Tue Jan 19 19:17:17 2010  INITWEB: Starting web server
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677344]: INITWEB: Started thread for web server
        Tue Jan 19 19:17:17 2010  Listening on [fxp0,fxp1,fxp2]
        Tue Jan 19 19:17:17 2010  Loading Plugins
        Tue Jan 19 19:17:17 2010  Searching for plugins in /usr/local/lib/ntop/plugins
        Tue Jan 19 19:17:17 2010  CPACKET: Welcome to cPacket.(C) 2008 by Luca Deri
        Tue Jan 19 19:17:17 2010  ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri
        Tue Jan 19 19:17:17 2010  LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni
        Tue Jan 19 19:17:17 2010  NETFLOW: Welcome to NetFlow.(C) 2002-08 by Luca Deri
        Tue Jan 19 19:17:17 2010  PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock
        Tue Jan 19 19:17:17 2010  Remote: Welcome to Remote. (C) 2006-07 by L.Deri
        Tue Jan 19 19:17:17 2010  RRD: Welcome to Round-Robin Databases. (C) 2002-07 by Luca Deri.
        Tue Jan 19 19:17:17 2010  SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
        Tue Jan 19 19:17:17 2010  Calling plugin start functions (if any)
        Tue Jan 19 19:17:17 2010  RRD: Welcome to the RRD plugin
        Tue Jan 19 19:17:17 2010  RRD: Mask for new directories is 0700
        Tue Jan 19 19:17:17 2010  RRD: Mask for new files is 0066
        Tue Jan 19 19:17:17 2010  RRD_DEBUG: Parameters:
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpInterval 300 seconds
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpShortInterval 10 seconds
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpHours 72 hours by 300 seconds
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpDays 90 days by hour
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpMonths 36 months by day
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpDomains no
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpFlows no
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpSubnets no
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpHosts no
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpInterfaces yes
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpASs no
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpMatrix no
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     dumpDetail medium
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     hostsFilter 
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     rrdPath /var/db/ntop/rrd [normal]
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     rrdPath /var/db/ntop/rrd [dynamic/volatile]
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     umask 0066
        Tue Jan 19 19:17:17 2010  RRD_DEBUG:     DirPerms 0700
        Tue Jan 19 19:17:17 2010  THREADMGMT: RRD: Started thread (t683677616) for data collection
        Tue Jan 19 19:17:17 2010  INIT: Created pid file (/var/run/ntop.pid)
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683675712]: ntop RUNSTATE: INITNONROOT(3)
        Tue Jan 19 19:17:17 2010  Now running as requested user 'nobody' (65534:65534)
        Tue Jan 19 19:17:17 2010  Note: Reporting device initally set to 0 [fxp0] (merged)
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683675712]: ntop RUNSTATE: RUN(4)
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677888]: NPS(1): Started thread for network packet sniffing [fxp0]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683678160]: NPS(2): Started thread for network packet sniffing [fxp1]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683678432]: NPS(3): Started thread for network packet sniffing [fxp2]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677344]: WEB: Server connection thread starting [p38354]
        Tue Jan 19 19:17:17 2010  Note: SIGPIPE handler set (ignore)
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677344]: WEB: Server connection thread running [p38354]
        Tue Jan 19 19:17:17 2010  WEB: ntop's web server is now processing requests
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683678432]: NPS(fxp2): pcapDispatch thread starting [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683678432]: NPS(fxp2): pcapDispatch thread running [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677888]: NPS(fxp0): pcapDispatch thread starting [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677888]: NPS(fxp0): pcapDispatch thread running [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683676800]: DNSAR(2): Address resolution thread running
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683675984]: SFP: Fingerprint scan thread starting [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683675984]: SFP: Fingerprint scan thread running [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683678160]: NPS(fxp1): pcapDispatch thread starting [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683678160]: NPS(fxp1): pcapDispatch thread running [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683676256]: SIH: Idle host scan thread starting [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683676256]: SIH: Idle host scan thread running [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683676528]: DNSAR(1): Address resolution thread running
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677616]: RRD: Data collection thread starting [p38354]
        Tue Jan 19 19:17:17 2010  THREADMGMT[t683677072]: DNSAR(3): Address resolution thread running
        Tue Jan 19 19:17:27 2010  THREADMGMT[t683678704]: RRD: Started thread for throughput data collection
        Tue Jan 19 19:17:27 2010  THREADMGMT[t683677616]: RRD: Data collection thread running [p38354]
        Tue Jan 19 19:17:27 2010  THREADMGMT[t683678704]: RRD: Throughput data collection: Thread starting [p38354]
        Tue Jan 19 19:17:27 2010  THREADMGMT[t683678704]: RRD: Throughput data collection: Thread running [p38354]
        Segmentation fault</https></deri@ntop.org> 
        

        I wonder what the segmentation fault means. At any rate, I'm starting to think that maybe this is a problem for the ntop forums.

        EDIT:

        When it does crash, this is what I get in the system logs:

        Jan 19 19:40:41	kernel: pid 44607 (ntop), uid 65534: exited on signal 11
        Jan 19 19:40:41	kernel: fxp2: promiscuous mode disabled
        Jan 19 19:42:02	ntop[45485]: THREADMGMT[t683675712]: ntop RUNSTATE: PREINIT(1)
        Jan 19 19:42:02	ntop[45485]: THREADMGMT[t683675712]: ntop RUNSTATE: INIT(2)
        Jan 19 19:42:19	ntop[45586]: THREADMGMT[t683675712]: ntop RUNSTATE: PREINIT(1)
        Jan 19 19:42:19	ntop[45586]: THREADMGMT[t683675712]: ntop RUNSTATE: INIT(2)
        

        The ntop runstate is when I manually start it again.

        Anyhow, I've started ntop as root and so far its not crashed. We will see… it might just be permission and ownership problems.

        1 Reply Last reply Reply Quote 0
        • R
          rkelleyrtp
          last edited by

          My suggestion, install the "monit" package and have it monitor your ntop process.  Monit will automatically restart ntop if/when it dies again.  Plus, you get automatic notification when an event occurs.  Just do a search for "monit" in the package forum.

          Let me know if you need any help.

          1 Reply Last reply Reply Quote 0
          • B
            belikeyeshua
            last edited by

            @rkelleyrtp:

            My suggestion, install the "monit" package and have it monitor your ntop process.  Monit will automatically restart ntop if/when it dies again.  Plus, you get automatic notification when an event occurs.  Just do a search for "monit" in the package forum.

            Let me know if you need any help.

            Does ntop still give accurate information even though it has to be restarted every 4-10 minutes?

            1 Reply Last reply Reply Quote 0
            • R
              rkelleyrtp
              last edited by

              Sorry, don't know enough about ntop to comment.  Maybe someone else does?

              1 Reply Last reply Reply Quote 0
              • B
                belikeyeshua
                last edited by

                Well, it looks to me like I've fixed it. Its been running for almost 20 minutes now with no problems. Usually it quits after 3 minutes. Sometimes even 30 secs.

                It appears that it was a simple permission and ownership problem.

                I just had to do

                #chmod -R 755 /var/db/ntop
                #chown -R nobody:nobody /var/db/ntop
                

                So now its working. I'm going to leave it be for a while and see if it continues to work. I do have one question though. I'm able to start it manually but it does not start when I hit the start service button in the gui. And I'm assuming that it will not start automatically at bootup. I've not tried that yet.

                So, is there any way I can get it to start automatically? Also, does this "monit" package give pfsense a command like say, "ntop" so that it will start ntop? Because if not, then as things are right now… it won't work.

                1 Reply Last reply Reply Quote 0
                • R
                  rkelleyrtp
                  last edited by

                  To automatically start the app on boot, edit the /usr/local/etc/rc.d/ntop.sh script and make sure the ENABLE option is set to "Y".  Then, either reboot or run the  script "/usr/local/etc/rc.d/ntop.sh start".

                  Once you get monit installed and running, add a section for ntop (look at the config file for examples).  Here is what I use for "bandwidthd":

                  –-------------------------------------------------------------------
                      check process bandwidthd with pidfile /var/run/bandwidthd.pid
                      start program = "/usr/local/etc/rc.d/bandwidthd.sh start" with timeout 60 seconds
                      stop program = "/usr/local/etc/rc.d/bandwidthd.sh stop"
                      if 3 restarts within 5 cycles then timeout
                      group bandwidthd

                  Also, make sure you have the monit.sh script in /usr/local/etc and it has been ENABLED as well.  This will make sure monit gets started when your box reboots.

                  1 Reply Last reply Reply Quote 0
                  • I
                    ipfftw
                    last edited by

                    @belikeyeshua:

                    It appears that it was a simple permission and ownership problem.

                    I just had to do

                    #chmod -R 755 /var/db/ntop
                    #chown -R nobody:nobody /var/db/ntop
                    

                    This worked for me as well. I have just fixed our ntop which was not working for a month or so after upgrading to 1.2.3. It also starts and stops from the gui now so i would assume that its completely fixed.

                    Thanks!

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      I committed a fix for the permissions to the ntop package just now, but I didn't do a version bump yet. If it turns out to work for everyone, I may do that just to signal to people there has been a change.

                      There were commands in there before that should have fixed the permissions, but the command wasn't specified with the full path so it may have been failing. I'd be curious if anyone who is experiencing the crashes would try to reinstall the ntop now (or rather about 5 minutes from the time of this post to be sure the commit is live on the package server).

                      I have one server I will be trying this one, where ntop would die quite often.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • R
                        rkelleyrtp
                        last edited by

                        Thanks Jim.  I may give ntop a try tonight and report back…

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          So far so good on mine. I upgraded just after I put the fix in and it's still running an hour and a half later (give or take), whereas before it would run at most about 10 minutes.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • P
                            Panix
                            last edited by

                            I'm running pfSense 1.2.3-RELEASE with 2 WAN/1 LAN setup and the latest ntop package from the package section and I'm still having problems with the ntop package.

                            FreeBSD pfsense.smartfox.us 7.2-RELEASE-p5 FreeBSD 7.2-RELEASE-p5 #0: Sun Dec  6
                            22:57:48 EST 2009     sullrich@FreeBSD_7.2_pfSense_1.2.3_snaps.pfsense.org:/usr
                            /obj.pfSense/usr/pfSensesrc/src/sys/pfSense.7  i386

                            before, when it just core dump and that was it.  Now, when it core dumps after I did the chmod/chown commands from a previous post, I get my system log spammed with these messages:

                            Feb 2 11:55:53 kernel: rl2: promiscuous mode enabled
                            Feb 2 11:55:53 kernel: rl2: promiscuous mode disabled
                            Feb 2 11:55:57 kernel: rl2: promiscuous mode enabled
                            Feb 2 11:55:58 kernel: rl2: promiscuous mode disabled
                            Feb 2 11:56:02 kernel: rl2: promiscuous mode enabled
                            Feb 2 11:56:02 kernel: rl2: promiscuous mode disabled
                            Feb 2 11:56:06 kernel: rl2: promiscuous mode enabled
                            Feb 2 11:56:07 kernel: rl2: promiscuous mode disabled
                            Feb 2 11:56:11 kernel: rl2: promiscuous mode enabled
                            Feb 2 11:56:11 kernel: rl2: promiscuous mode disabled
                            Feb 2 11:56:15 kernel: rl2: promiscuous mode enabled
                            Feb 2 11:56:15 kernel: rl2: promiscuous mode disabled
                            Feb 2 11:56:20 kernel: rl2: promiscuous mode enabled
                            Feb 2 11:56:20 kernel: rl2: promiscuous mode disabled
                            etc etc etc

                            It just seems to die after 4-5 min after it gets to the end of starting up when it just says collecting data.  rl2 is my LAN interface.

                            I also have darkstat and bandwidthd installed.  Would either of these be interferring with ntop?  I have an old box running out on a customer's site running both (although i think they're running a 1.2 snapshot) no problem.  If there's more data that I need to provide, let me know, please.

                            Thanks

                            EDIT I kinda hurried with the original post because we were going to eat lunch.  Once I got back, I decided to try and run ntop from the command prompt.  I ran ntop and everything seemed to be going fine.  I waited about 10 min, had no problems and so I stopped the process.  I saw it wasn't able to remove the pid file so I changed the ownership and permissions on the file and decided to try running it from the web GUI.  Everything was running fine for a while and then:

                            Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Started thread for throughput data collection
                            Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Started thread for throughput data collection
                            Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683677616]: RRD: Data collection thread running [p51520]
                            Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683677616]: RRD: Data collection thread running [p51520]
                            Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Throughput data collection: Thread starting [p51520]
                            Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Throughput data collection: Thread starting [p51520]
                            Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Throughput data collection: Thread running [p51520]
                            Feb 2 13:58:48 ntop[51520]: THREADMGMT[t683678160]: RRD: Throughput data collection: Thread running [p51520]
                            Feb 2 13:58:55 check_reload_status: reloading filter
                            Feb 2 14:17:58 kernel: pid 51520 (ntop), uid 0: exited on signal 11 (core dumped)
                            Feb 2 14:21:12 dnsmasq[35614]: reading /var/dhcpd/var/db/dhcpd.leases

                            That dnsmasq entry always seems to happen right after ntop core dumps.  Nothing had changed.  I was just F5ing the system log to see if it was still running.  The only thing I guess I did differently was I didn't try accessing ntop while it was running to see if it'd atleast gather data for a while.

                            I'm gonna run it via the command prompt again and let it run for a while to see if I can find something more out.  I was just interested if someone ran into this before and knew how to fix it.

                            EDIT II  Alright, here's running ntop from the command prompt.  I copy and pasted out of the web gui for timestamps but the terminal has the same thing minus the time:

                            Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683677616]: RRD: Data collection thread running [p56774]
                            Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683677616]: RRD: Data collection thread running [p56774]
                            Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683678432]: RRD: Throughput data collection: Thread starting [p56774]
                            Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683678432]: RRD: Throughput data collection: Thread starting [p56774]
                            Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683678432]: RRD: Throughput data collection: Thread running [p56774]
                            Feb 2 14:39:58 ntop[56774]: THREADMGMT[t683678432]: RRD: Throughput data collection: Thread running [p56774]
                            Feb 2 14:40:21 ntop[56873]: THREADMGMT[t683675712]: ntop RUNSTATE: PREINIT(1)
                            Feb 2 14:40:21 ntop[56873]: THREADMGMT[t683675712]: ntop RUNSTATE: INIT(2)
                            Feb 2 14:46:52 kernel: pid 56873 (ntop), uid 0: exited on signal 11 (core dumped)
                            Feb 2 14:47:28 dnsmasq[35614]: reading /var/dhcpd/var/db/dhcpd.leases

                            I started the process with the same command-line option found in /usr/local/etc/rc.d/ntop.sh minus the -d so I could see what was going on.  I didn't try accessing the web gui or anything while it was running so it was just gathering data.  Is anyone else running bandwidthd and having the same issue?  Am I gonna be left with having cron or monit restart the program every 5-10 minutes?  What am I doing wrong?  ???

                            1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              Did you uninstall/reinstall the package after the date on my last post?

                              Also, those promisc. mode messages are typically seen with the rate package, not ntop. Do you have that installed?

                              The dnsmasq process happens periodically, and that one happened several minutes after your ntop crash, it's not related.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • P
                                Panix
                                last edited by

                                sorry, I didn't see your reply before I made my last edit.

                                Yes, I have rate installed.  Should I try uninstalling it?  and I installed ntop today for the first time (Feb 2, 2010).

                                Also, was old accounts wiped or something?  I had an account I thought that was under this username from like 2007 or so and I had to recreate this account a while back to post.

                                1 Reply Last reply Reply Quote 0
                                • jimpJ
                                  jimp Rebel Alliance Developer Netgate
                                  last edited by

                                  The presence of the rate package shouldn't help or hurt ntop.

                                  FYI- ntop is still running on my router at work since my post saying it was OK, and it used to only last 10 minutes and behave exactly like yours (core dump and all).

                                  Old accounts shouldn't be wiped, but I can look one up by username or e-mail if you want me to check on one. Send me a PM if you want me to check.

                                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    Panix
                                    last edited by

                                    Yeah, I tried removing the rate package and it didn't make a bit of difference.  I actually deleted the ntop package after I made that post and reinstalled and got the same results.  I had to leave work early for a doctor's appointment and had a fellow technician check it out for me.  :-[

                                    Anyways, I'm gonna try a few other things throughout the day and see if I can figure out what's going on.  I've been pretty loyal to pfSense since I found the project and since I got hired back to this company after one of the owners departed, I've wanted to move from Endian back to pfSense.  The only reason we used Endian was for the web interface it has for OpenVPN.  Is the client tls/auth package pretty much the same thing?

                                    As a side note, from what I've read, I can't wait to have the openvpn client export package working for 2.0.  I woulda really liked to have used pfSense 2.0-BETA instead of 1.2.3-RELEASE but we ran into the issue where putting the IP in staticly made it where the box wouldn't keep the default route (atleast that's what the other tech said he ran into and said after checking google that he found it was a known issue).

                                    If I figure out what my problem is, I'll be sure to report back to the forum as it's been invaluable for me in the past.  :)

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      Panix
                                      last edited by

                                      I removed all the network monitoring packages, rebooted the router and reinstalled ntop and now it works.  Go figure.

                                      Sorry  :-[

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        comskill
                                        last edited by

                                        I found a problem,the logs:

                                        ERROR: sanity check failed < low memory >

                                        what can I do  I just knew how to use it

                                        please teach me I am a chinese

                                        1 Reply Last reply Reply Quote 0
                                        • T
                                          themat
                                          last edited by

                                          @belikeyeshua:

                                          Well, it looks to me like I've fixed it. Its been running for almost 20 minutes now with no problems. Usually it quits after 3 minutes. Sometimes even 30 secs.

                                          It appears that it was a simple permission and ownership problem.

                                          I just had to do

                                          #chmod -R 755 /var/db/ntop
                                          #chown -R nobody:nobody /var/db/ntop
                                          

                                          Thanks, this worked for me as well.
                                          ntop was not working for some weeks, and now i can also starts and stops from the gui

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            Alan87i
                                            last edited by

                                            Seems to be working for me too But I had to uninstall darkstat to keep Ntop from crashing.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.