Alert shown was suspicious: it was about hash table idle entries for an host. This is not possible, hash table entries are only a per-interface concept. I have pushed a fix. Wait for new builds to be generated and update.
In general, hash table idle entries alerts occur when there are too many hosts/flows in the system, so they cannot be handled timely by ntopng. In this case you can try (a combination of):
- Increase -x and -X
- Balance the traffic across multiple interfaces to better leverage multi-core architectures
- Use more powerful CPUs
By the way, there are suspicious load peaks at 17, 00 and 8. Please, investigate it at these points in time there were too many hosts/flows (e.g, scans).
Simone > On 9 Jul 2020, at 04:47, Kaiser Cheng <email@example.com> wrote:
> Dear sir,
> Sometimes I saw the alter log, but how can I do? Find a faster CPU?
> <KScreenShot 2020-07-09 at 10.44.43 AM.png><KScreenShot 2020-07-09 at 10.43.29 AM.png>
> Ntop mailing list
Ntop mailing list