On 2017/10/12 13:23, kasak wrote: > > > 12 окт. 2017 г., в 11:29, Stuart Henderson <s...@spacehopper.org> > > написал(а): > > > > On 2017/10/12 09:13, kasak wrote: > >> I have tried different option but it seems that ntopng will not work > >> more than 3-5 minutes. It simply crashes without any output. > > > > How does the backtrace look? > > > > It worked last time I used it, but that was a while ago. > > > >> And it seems that I am facing this bug: > >> https://github.com/ntop/ntopng/issues/710 > >> <https://github.com/ntop/ntopng/issues/710> > >> I also have tons of suspicious activity. Adding -H option disable alerts > >> but ntopng continues to crash. > >> It is crashing both in 6.1 and 6.2. I have simple configuration with em0 > >> connected to internet and em1 connected to lan. Stop of course started on > >> em1. > >> Can anybody confirm? > > > > Seems they moved to github so portroach didn't find the update for me. > > I'll take a look at updating the port sometime, if anyone wants to beat me > > to it, be very careful with the bpf_timeval mess in patches. > > > > Hello Stuart! I am afraid I can’t look at backtrace, I am running ntopng from > packages and don’t really know how to do it. > I have tried to start it right now and it crashed after 20-30 seconds. Here > is log file: > > 12/Oct/2017 13:17:36 [Ntop.cpp:1121] Setting local networks to > 192.168.2.0/23,192.168.200.0/24 > 12/Oct/2017 13:17:36 [Redis.cpp:92] Successfully connected to redis > 127.0.0.1:6379@0 > 12/Oct/2017 13:17:36 [Ntop.cpp:1095] Parent process is exiting (this is > normal) > 12/Oct/2017 13:17:36 [PcapInterface.cpp:85] Reading packets from interface > em1... > 12/Oct/2017 13:17:36 [Ntop.cpp:1267] Registered interface em1 [id: 0] > 12/Oct/2017 13:17:36 [Ntop.cpp:1279] Registered interface view em1 [id: 0] > 12/Oct/2017 13:17:36 [main.cpp:255] PID stored in file > /var/run/ntopng/ntopng.pid > 12/Oct/2017 13:17:36 [Utils.cpp:353] User changed to _ntopng > 12/Oct/2017 13:17:36 [HTTPserver.cpp:464] HTTPS Disabled: missing SSL > certificate /etc/ssl/ntopng-cert.pem > 12/Oct/2017 13:17:36 [HTTPserver.cpp:466] Please read > https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable > SSL. > 12/Oct/2017 13:17:36 [HTTPserver.cpp:509] Web server dirs > [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] > 12/Oct/2017 13:17:36 [HTTPserver.cpp:512] HTTP server listening on port 3000 > 12/Oct/2017 13:17:36 [main.cpp:295] Working directory: /home/ntop > 12/Oct/2017 13:17:36 [main.cpp:297] Scripts/HTML pages directory: > /usr/local/share/ntopng > 12/Oct/2017 13:17:36 [Ntop.cpp:271] Welcome to ntopng amd64 v.2.4.171002 - > (C) 1998-2016 ntop.org > 12/Oct/2017 13:17:36 [PeriodicActivities.cpp:53] Started periodic activities > loop... > 12/Oct/2017 13:17:36 [Ntop.cpp:531] Adding 192.168.2.0/23 as IPv4 local > network for em1 > 12/Oct/2017 13:17:36 [NetworkInterface.cpp:1536] Started packet polling on > interface em1 [id: 0]… > > And here is rc.conf.local string: > ntopng_flags=-i em1 -m 192.168.2.0/23,192.168.200.0/24 -d /home/ntop
Run it in the foreground: # gdb `which ntopng` GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd6.2"... (gdb) set args -i em1 -m 192.168.2.0/23,192.168.200.0/24 -d /home/ntop (gdb) r Starting program: /usr/local/bin/ntopng -i em1 -m 192.168.2.0/23,192.168.200.0/24 -d /home/ntop [...] When it crashes, type "bt full" and paste the output here. This *might* give enough clues to track it down - but it's not worth doing a bigger investigation when there's a newer version upstream already. 20-30 seconds makes it sound like it is crashing due to some traffic that it's seeing.
