Ggatten at waddell
Jun 13, 2011, 12:35 PM
Post #1 of 1
I wrote the below and THOUGHT I sent it, but had not. Good thing I guess, as it's NOT ntops fault! One of my "colleagues" upgraded the IOS on one router and for whatever reason didn't copy the configs correctly - so it was exporting v1 flows! Obviously NOT good! As noted, the routers insist on exporting info for "all" interfaces even though I only want ONE - so I'm working on some sort of netflow interface ID white/black list / filter thing. Ie:; if interface != [list], ignore - else process. This would've prevented the near DOS on myself and will make viewing netflow interface level stats much easier. Anyway..., changed it to v5 and all is well now.
Re: netflow or rrd on 4.1.0 FREAKING out - SOLVED
Here's the content I thought I sent - just for FYI:
Update - NOT just 4.1.0, 4.0.3 doing something similar / the same. Just started an instance of 4.0.3 and I have 10,000+ "interfaces" in one netflow directory; where each netflow directory represents an ntop netflow "interface" / listener.
Unfortunately my Ci$co routers are exporting flow records for interfaces I don't care about, but each router has perhaps five interfaces. Thus, I should have no more than 5 * numberOfExporters, or in my case about... 150 total interfaces / directories for this specific netflow listener - not 10,000 plus!
I'm still investigating, but I can assure you this was not the behavior in 3.x.x versions I was running prior to this. FWIW; there seems to be only ONE of my EIGHT netflow interfaces exhibiting this behavior. This makes no sense... If it was nTop I would suspect "all" interfaces would have similar symptoms...
From: Gary Gatten
Sent: Monday, June 13, 2011 11:22 AM
To: 'ntop [at] unipi'
Subject: netflow or rrd on 4.1.0 FREAKING out
Anyone using this combination notice anything "funny" - only NOT funny?
For some reason rrd wants to create random / NUMEROUS interfaces in the /rrd/interfaces/netflow/ directory.
2011-06-12T01:02:56.909626-05:00 myhost ntop: **WARNING** RRD: rrd_up
280_64541/ifOutOctets.rrd) error: opening '/usr/local/var/ntop-410/FieldInet/rrd
/interfaces/Region-29/NetFlow/1_169678280_64541/ifOutOctets.rrd': No such file or directory
I have almost 130,000 directories!!!
[root [at] myhos NetFlow]# ls -l | more
Now, even worse - I have -t 5 set and my log is almost 7GB after only a few days due to rrd messages such as above. It's insane!
Anyone else notice this yet - or am I just special? If just me I'll see if I did something "wrong" before I file a bug report.
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."