search

ntop / n2disk

Open source components and extensions for n2disk
503 stars 11 forks source link

difference between the -o (save) and -O (archive) flag? #44

Closed jphussey05 closed 3 years ago

jphussey05 commented 3 years ago

What is the difference between the -o (save) and -O (archive) flag? Is there a forum or better place to see answers like this?

cardigliano commented 3 years ago

@jphussey05 -o is where PCAP files are stored as soon as they are dumped to disk. There are specific use cases where it is required to move PCAP files to a (usually slower) secondary storage asap, that's when -O is also used.

jphussey05 commented 3 years ago

So this is passed in addition to -o and facilitates shuttling the PCAP off local disk to say network attached storage? Is there any prioritization between the two processes? Currently I’m iowatching the -o directory and launching a “cleaning script” with each PCAP but the disk competition seems to be leading to packet drops over time. Was hoping to just move them off disk with that watcher script but it sounds like -O does the precisely same thing.

On Wed, Sep 1, 2021 at 1:22 AM Alfredo Cardigliano @.***> wrote:

@jphussey05 https://github.com/jphussey05 -o is where PCAP files are stored as soon as they are dumped to disk. There are specific use cases where it is required to move PCAP files to a (usually slower) secondary storage asap, that's when -O is also used.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ntop/n2disk/issues/44#issuecomment-910008363, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFLP44UWWWVOSO23QD73BLT7XIE5ANCNFSM5DFB5BXQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

cardigliano commented 3 years ago

If you are using HDD (spinning disks), this may be expected as writing and reading/moving files at the same time does not work well due to seeking, besides the IO throughput itself. It is usually not recommended to archive files during busy hours (better overnight when the load is low). The -O option has less priority over the other tasks, however it is not really smart (it does not take into account busy hours), thus a custom script is usually a better option.

jphussey05 commented 3 years ago

Thanks!