NTOP crashes, too many hosts?
-
Any NTOP experts here?
I have 2 similar computers running PFSense 123 Release, at 2 separate locations in my company.
Mostly at this time they are running Snort and NTOP for monitoring. I have IPSec VPNs between them, and my home router for testing. I put the PFSense LAN port on switch in monitor mode for NTOP.
Location 1 is just fine.
Location 2 NTOP crashes after a day or so. Also, Loc2 shows 7000 hosts so as the note below says, it's over counting. (Loc1 has 138 Hosts and appears normal).
Loc2 has about 150 real hosts, so something is going on but I can't put my finger on the issue.
Not sure where to start. Windows AD domain w/DHCP.
If I had a computer with duplicate IPs I'd think the user would complain?Feb 9 22:29:12 ntop[9353]: ERROR mVLAN: Host (identical IP/MAC) found on multiple VLANs [0][1]
Feb 9 22:29:12 ntop[9353]: ERROR mVLAN: Host (identical IP/MAC) found on multiple VLANs [0][1]
Feb 9 22:29:12 ntop[9353]: mVLAN: ntop continues but will consolidate and thus probably overcount this traffic
Feb 9 22:29:12 ntop[9353]: mVLAN: ntop continues but will consolidate and thus probably overcount this traffic
Feb 9 22:30:57 ntop[9910]: EPIPE during sending of page to web client
Feb 9 22:30:57 ntop[9910]: EPIPE during sending of page to web client
Feb 9 22:33:45 ntop[9353]: WARNING: Max num hash entries (8102) reached (see -x)
Feb 9 22:33:45 ntop[9353]: WARNING: Max num hash entries (8102) reached (see -x)
Feb 9 22:33:45 ntop[9353]: ERROR Sanity check failed (2) [Low memory?]
Feb 9 22:33:45 ntop[9353]: ERROR Sanity check failed (2) [Low memory?]
Feb 9 22:34:52 ntop[10285]: EPIPE during sending of page to web client
Feb 9 22:34:52 ntop[10285]: EPIPE during sending of page to web client
Feb 9 22:36:32 ntop[10477]: ECONNRESET during sending of page to web client
Feb 9 22:36:32 ntop[10477]: ECONNRESET during sending of page to web client
Feb 9 22:40:04 kernel: pid 9353 (ntop), uid 0: exited on signal 11 (core dumped)