Ntop/Ntopng too slow and not giving full data

[operations999]

We are running NTOP/ntopg on Dual E5 32G ram and SSD drive but it is so slow when we pull device info.
And we are getting following error when we click on Devices > SNMP > Device1

HTTP/1.1 500 Internal server error Content-Type: text/html Connection: close Script "/usr/share/ntopng/scripts/lua/pro/enterprise/snmp_device_info.lua" returned an error:

/usr/share/ntopng/pro/scripts/lua/modules/snmp_utils.lua:1619: attempt to perform arithmetic on global 'device_uptime' (a nil value)

Is there new release available for this?

[emanuele-f]

Hello, what ntopng version are you using (see ntopng --version)? How many local hosts and flows are you monitoring? What kind of task is flow for you?

[simonemainardi]

please, also make sure to run the latest ntopng version 3.5 as we've done big improvements to make snmp faster

[simonemainardi]

any news?

[operations999]

Hello,
Sorry for late reply.
ntopng --version
v.3.3.180413 [Enterprise/Professional build]
We are just using only 1 switch to pull data but we need to add 30 switches and routers but we are not adding due to performance.
Shall we just run yum update it will update to latest version or we have to download and run install again?
Please advise
Thanks

[operations999]

[root@localhost init.d]# ./nprobe start
Starting nProbe none
[root@localhost init.d]# ./ntopng start
Starting ntopng: ./ntopng: line 170: 10177 Segmentation fault (core dumped) $NTOPNG_BINARY /etc/ntopng/ntopng.conf >> /var/log/ntopng/ntopng.log
Unable to start ntopng
when we see log /var/log/ntopng/ntopng.log it dont show anything.

[operations999]

we upgraded it and still it cant start

ntopng --version
v.3.5.180602 [Enterprise/Professional build]

Pro rev: r1681
Built on: CentOS release 6.9 (Final)

[operations999]

after update and reboot the web interface died we tried to restart the ntopng and nrpobe but it does not start.

[emanuele-f]

Hello, please post here a stack trace of the crash by following these instructions:

• install gdb (e.g. sudo yum install gdb)
• run gdb --args ntopng /etc/ntopng/ntopng.conf
• hit r to run the program
• when it crashes, run bt to get a backtrace and post it here

[operations999]

Reading symbols from /usr/local/bin/ntopng...done.
(gdb) r
Starting program: /usr/local/bin/ntopng /etc/ntopng/ntopng.conf
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x000000337ab29134 in __strcmp_sse42 () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install GeoIP-1.6.5-1.el6.x86_64 cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64 glib2-2.28.8-9.el6.x86_64 glibc-2.12-1.209.el6_9.2.x86_64 hiredis-0.10.1-3.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-65.el6.x86_64 libattr-2.4.44-7.el6.x86_64 libcap-2.16-5.5.el6.x86_64 libcom_err-1.41.12-23.el6.x86_64 libcurl-7.19.7-53.el6_9.x86_64 libgcc-4.4.7-18.el6_9.2.x86_64 libidn-1.18-2.el6.x86_64 libnetfilter_queue-1.0.1-3.el6.x86_64 libnfnetlink-1.0.0-1.el6.x86_64 libselinux-2.0.94-7.el6.x86_64 libssh2-1.4.2-2.el6_7.1.x86_64 libstdc++-4.4.7-18.el6_9.2.x86_64 mysql-libs-5.1.73-8.el6_8.x86_64 nspr-4.13.1-1.el6.x86_64 nss-3.28.4-4.el6_9.x86_64 nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64 nss-util-3.28.4-1.el6_9.x86_64 openldap-2.4.40-16.el6.x86_64 openssl-1.0.1e-57.el6.x86_64 sqlite-3.6.20-1.el6_7.2.x86_64 zeromq-4.0.5-1.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x000000337ab29134 in __strcmp_sse42 () from /lib64/libc.so.6
#1 0x00000000004f88ca in Prefs::setOption (this=0xb34ec0, optkey=83, optarg=0x0) at src/Prefs.cpp:794
#2 0x00000000004fac25 in Prefs::loadFromFile (this=0xb34ec0, path=0x7fffffffed2f "/etc/ntopng/ntopng.conf") at src/Prefs.cpp:1381
#3 0x00000000005182eb in main (argc=2, argv=0x7fffffffeab8) at src/main.cpp:139

[emanuele-f]

Can you post your /etc/ntopng/ntopng.conf file?

[operations999]

[root@localhost init.d]# cat /etc/ntopng/ntopng.conf
#         The  configuration  file is similar to the command line, with the exception that an equal
#        sign '=' must be used between key and value. Example:  -i=p1p2  or  --interface=p1p2  For
#        options with no value (e.g. -v) the equal is also necessary. Example: "-v=" must be used.
#
#
#       -G|--pid-path
#        Specifies the path where the PID (process ID) is saved. This option is ignored when
#        ntopng is controlled with systemd (e.g., service ntopng start).
#
-G=/var/run/ntopng.pid
#
#       -e|--daemon
#        This  parameter  causes ntop to become a daemon, i.e. a task which runs in the background
#        without connection to a specific terminal. To use ntop other than as a casual  monitoring
#        tool, you probably will want to use this option. This option is ignored when ntopng is
#        controlled with systemd (e.g., service ntopng start)
#
-e=
#
#       -i|--interface
#        Specifies  the  network  interface or collector endpoint to be used by ntopng for network
#        monitoring. On Unix you can specify both the interface name  (e.g.  lo)  or  the  numeric
#        interface id as shown by ntopng -h. On Windows you must use the interface number instead.
#        Note that you can specify -i multiple times in order to instruct ntopng to create  multi-
#        ple interfaces.
#
#-i=eth0
# -i=eth2
#
#-w|--http-port
#        Sets the HTTP port of the embedded web server.
#
-w=3000
#
#       -m|--local-networks
#        ntopng determines the ip addresses and netmasks for each active interface. Any traffic on
#        those  networks  is considered local. This parameter allows the user to define additional
#        networks and subnetworks whose traffic is also considered local in  ntopng  reports.  All
#        other hosts are considered remote. If not specified the default is set to 192.168.1.0/24.
#
#        Commas  separate  multiple  network  values.  Both netmask and CIDR notation may be used,
#        even mixed together, for instance "131.114.21.0/24,10.0.0.0/255.0.0.0".
#
#-
# -m=10.10.124.0/24
#
#       -n|--dns-mode
#        Sets the DNS address resolution mode: 0 - Decode DNS responses  and  resolve  only  local
#        (-m)  numeric  IPs  1  -  Decode DNS responses and resolve all numeric IPs 2 - Decode DNS
#        responses and don't resolve numeric IPs 3 - Don't decode DNS responses and don't  resolve
#
-n=1
#
#       -S|--sticky-hosts
#        ntopng  periodically purges idle hosts. With this option you can modify this behaviour by
#        telling ntopng not to purge the hosts specified by -S. This parameter requires  an  argu-
#        ment  that  can  be  "all"  (Keep  all hosts in memory), "local" (Keep only local hosts),
#        "remote" (Keep only remote hosts), "none" (Flush hosts when idle).
#
-S=
#
#       -d|--data-dir
#        Specifies the data directory (it must be writable by the user that is executing ntopng).
#
-d=/var/tmp/ntopng
#
#       -q|--disable-autologout
#        Disable web interface logout for inactivity.
#
-q=
-i="tcp://127.0.0.1:5556"
--local-networks="x.x.x.0/29,192.168.10.0/24,192.168.20.0/24"

[emanuele-f]

Please specify a value after -S=, e.g. -S=local

[operations999]

Now the ntopng/nrpobe services started but no data is processing. Flow graphs are blank.

[emanuele-f]

Please also specify the nprobe configuration used and post a screenshot of the tcp://127.0.0.1:5556 interface page into ntopng

[operations999]

https://prnt.sc/jr19wt

 cat nprobe.conf
#         The  configuration  file is similar to the command line, with the exception that an equal
#        sign '=' must be used between key and value. Example:  -i=p1p2  or  --interface=p1p2  For
#        options with no value (e.g. -v) the equal is also necessary. Example: "-v=" must be used.
#
#
#       -g|--pid-file
#        Specifies the path where the PID (process ID) is saved. This option is ignored when
#        nProbe is controlled with systemd (e.g., service nProbe start).
#
# -G=/var/run/nprobe.pid
#
#       -G|--daemon-mode
#        This parameter causes nProbe to become a daemon, i.e. a task which runs in background
#        without connection to a specific terminal. To use nProbe other than as a casual monitoring
#        tool, you probably will want to use this option. This option is ignored when nProbe is
#        controlled with systemd (e.g., service nProbe start)
#
# -G=
#
#       -i|--interface
#        Specifies the physical network interface that nProbe will use to perform the
#        monitoring. On Unix you can specify the interface name  (e.g. -i lo) whereas on Windows
#        you must use the interface number instead (see -h to see the list of numeric ids).
#        To disable monitoring from physical interfaces (e.g., when nProbe is used in
#        collector-only mode) specify -i=none
#
# -i=none
# -i=eth1
-i=lo
#
#       -n|--collector
#        Specifies the NetFlow collector that will be used by nProbe to send the monitored
#        flows. This option can be specified multiple times to deliver monitored flows to
#        multiple collectors in round-robin mode. To disable flow export to NetFlow collectors
#        specify -n=none
#
# -n=10.0.0.1:2055
-n=none
#
#       -3|--collector-port
#       Specifies the port that is being used by a NetFlow exporter to send NetFlow to nProbe.
#       Multiple NetFlow exporters can symultaneously send data to nProbe using the same port.
#       In case no NetFlow exporter is sending data it is safe to skip this option.
#
# -3=6363

[emanuele-f]

You are capturing from loopback interface lo, this is probably not what you want.

Please check out: https://www.ntop.org/nprobe/network-monitoring-101-a-beginners-guide-to-understanding-ntop-tools/

[operations999]

nprobe config we change to eth0?

[emanuele-f]

Yes, this is an option if you want to capture local interface traffic

[operations999]

We want to capture all traffic of switches in datacenters. Do you mean that we enable eth0 so snmp/sflow is captured? But wondering why it broke after upgrade? Earlier issue was slow and now nothing works :)

[emanuele-f]

If you want to capture sflow traffic then you have to use the --collector-port option as explained in the guide linked above.

[emanuele-f]

Closing for inactivity.

[swathikothapu]

how all ntopng flow fields gets restricted while passing through Logstash