Hi!
I'm starting to use ntopng that is receiving flows from a Cisco switch 4507 thru netflow.
I start nprobe and ntop in the same server (Dell R720, 24 cores, 128GB RAM, 1TB HD), and I can enter to the GUI, but as soon as I try to look into one specific host (http://server:4000/lua/host_details.lua?host=192.168.200.104), two child processes of ntopng takes 100% of one core each (so, two out of 24) and it takes forever this simple task.
Now, after 45 minutes since I click on that link, nothing happened and the browser is still "thinking".
So, my questios are:
- Why is taking so much CPU for that simple task
- Why it doesn't use more CPU if there are 16 child processes and is only using two
I'm using ntopng Pro [Small Business Edition] v.2.5.160816, running on Centos 7.1 x64 installed with yum using /etc/yum.repos.d/ntop.repo.
This is how I run nprobe:
# nprobe --collector-port 2055 --zmq "tcp://*:5888" --redis 127.0.0.1:6379 -n none
This is how I run ntopng:
# ntopng -i tcp://127.0.0.1:5888 --redis 127.0.0.1:6379 -w 4000 -m 192.168.0.0/16
This is what I see in stdout where I wun ntopng:
13/Sep/2016 13:02:09 [Lua.cpp:5420] WARNING: Script failure [/usr/share/ntopng/scripts/lua/find_host.lua][attempt to index a userdata value]
Sacha Yunusic | Gerente Técnico | Pentagon Security & Akainix
Av. Kennedy 4700, Piso 10, Of. 1002, Edificio New Century, Vitacura | Código Postal (ZIP Code) 7630454
Central: (56-2) 2246 1050 | Directo: (56-2) 2246 2620 | Cel: (56-9) 9883 4752 | www.penta-sec.com <http://www.penta-sec.com/> & www.akainix.com <http://www.akainix.com/>
I'm starting to use ntopng that is receiving flows from a Cisco switch 4507 thru netflow.
I start nprobe and ntop in the same server (Dell R720, 24 cores, 128GB RAM, 1TB HD), and I can enter to the GUI, but as soon as I try to look into one specific host (http://server:4000/lua/host_details.lua?host=192.168.200.104), two child processes of ntopng takes 100% of one core each (so, two out of 24) and it takes forever this simple task.
Now, after 45 minutes since I click on that link, nothing happened and the browser is still "thinking".
So, my questios are:
- Why is taking so much CPU for that simple task
- Why it doesn't use more CPU if there are 16 child processes and is only using two
I'm using ntopng Pro [Small Business Edition] v.2.5.160816, running on Centos 7.1 x64 installed with yum using /etc/yum.repos.d/ntop.repo.
This is how I run nprobe:
# nprobe --collector-port 2055 --zmq "tcp://*:5888" --redis 127.0.0.1:6379 -n none
This is how I run ntopng:
# ntopng -i tcp://127.0.0.1:5888 --redis 127.0.0.1:6379 -w 4000 -m 192.168.0.0/16
This is what I see in stdout where I wun ntopng:
13/Sep/2016 13:02:09 [Lua.cpp:5420] WARNING: Script failure [/usr/share/ntopng/scripts/lua/find_host.lua][attempt to index a userdata value]
Sacha Yunusic | Gerente Técnico | Pentagon Security & Akainix
Av. Kennedy 4700, Piso 10, Of. 1002, Edificio New Century, Vitacura | Código Postal (ZIP Code) 7630454
Central: (56-2) 2246 1050 | Directo: (56-2) 2246 2620 | Cel: (56-9) 9883 4752 | www.penta-sec.com <http://www.penta-sec.com/> & www.akainix.com <http://www.akainix.com/>
Attached Files:
-
image001.png (7.16 KB)