Cannot stop ntopng

[nksiddhant]

Hi, I have amazon aws with 8 gb disk space, few hours ago my server HDD was full and my database and other stuff wasn't working properly. I manged to free up the 1.5 gb of space by deleting some unwanted stuf. My problem now is, ntopng gui site is not loading it's not giving any error just tries to connect to 3000 but nothing happens.

I tried
cmd: `/etc/init.d/ntopng restart'

Output: ' Stopping ntopng ' [ OK ] ' Starting ntopng ' '* ntopng already running. Quitting'

cmd: 'sudo /etc/init.d/ntopng stop'

Output: '* Stopping ntopng ' but actually it doesnt stop

when I do cmd: 'sudo /etc/init.d/ntopng status (after stop cmd)'

Still output is 'ntopng running as 3365'

What I dint try I dint try to kill the process yet, just want your guidance before killing the process. I dint try to restart the server as there are active users using resources. (I don't want to do this )

is there any other safe way to rectifie this?

Thanks for your support.

[emanuele-f]

Hi, if ntopng does not respond to the TERM signal then the only option is to kill it with KILL signal and restart the service afterwards. Before killing ntopng, you can stop the redis server and mysql database to try to avoid files corruption. Also check with iotop tool for ntopng disk activity since it could be writing RRD files which could get corrupted too.

What ntopng version are you using? Maybe one of the ntopng threads got stuck because of the disk full error. If you are experienced with a debugger like gdb, you could try to attach to the process and see which threads are stuck.

[nksiddhant]

I dont know exact version but I think its latest one I downloaded and installed it 2 weeks back.

It will be difficult for me to stop mysql as there are active clients, is it recommended strongly to turn it off?

[nksiddhant]

Ok I killed the process, nothing was lost all works fine thanks all previous readings are there. Thanks allot.

[nksiddhant]

dam again there was problem PID CPU App 19252 57.1 10.6 ntopng /usr/bin/ntopng /etc/ntopng/ntopng.conf

It is using 60 % of CPU what should I do, I killed the process right now

[emanuele-f]

Please run ntopng -V to get the exact version number. Also post here your /etc/ntopng/ntopng.conf

[nksiddhant]

Hi Its version is v.2.5.170202, I restarted it, Its working now. When cpu usage was 60% i was using professional mode (10 minutes), I dont know exactly where I went, which was resulted in so high cpu consumption. Now in normal mode I tested it is working fine. Ill keep youll updated about same

ntopng.conf

# /etc/ntopng/ntopng.conf
#
#        The  configuration  file is similar to the command line, with the exception that an equal
#        sign '=' must be used between key and value. Example:  -i=p1p2  or  --interface=p1p2  For
#        options with no value (e.g. -v) the equal is also necessary. Example: "-v=" must be used.
#
#
#       -G|--pid-path
#        Specifies the path where the PID (process ID) is saved.
#
-G=/var/tmp/ntopng.pid
#
#       -e|--daemon
#        This  parameter  causes ntop to become a daemon, i.e. a task which runs in the background
#        without connection to a specific terminal. To use ntop other than as a casual  monitoring
#        tool, you probably will want to use this option.
#
-e=
#
#       -i|--interface
#        Specifies  the  network  interface or collector endpoint to be used by ntopng for network
#        monitoring. On Unix you can specify both the interface name  (e.g.  lo)  or  the  numeric
#        interface id as shown by ntopng -h. On Windows you must use the interface number instead.
#        Note that you can specify -i multiple times in order to instruct ntopng to create  multi‐
#        ple interfaces.
#
-i=1
#
#       -w|--http-port
#        Sets the HTTP port of the embedded web server.
#
-w=3000
#
#       -m|--local-networks
#        ntopng determines the ip addresses and netmasks for each active interface. Any traffic on
#        those  networks  is considered local. This parameter allows the user to define additional
#        networks and subnetworks whose traffic is also considered local in  ntopng  reports.  All
#        other hosts are considered remote. If not specified the default is set to 192.168.1.0/24.
#
#        Commas  separate  multiple  network  values.  Both netmask and CIDR notation may be used,
#        even mixed together, for instance "131.114.21.0/24,10.0.0.0/255.0.0.0".
#
-m=172.31.31.0/24
#
#       -n|--dns-mode
#        Sets the DNS address resolution mode: 0 - Decode DNS responses  and  resolve  only  local
#        (-m)  numeric  IPs  1  -  Decode DNS responses and resolve all numeric IPs 2 - Decode DNS
#        responses and don't resolve numeric IPs 3 - Don't decode DNS responses and don't  resolve
#
-n=1
#
#       -S|--sticky-hosts
#        ntopng  periodically purges idle hosts. With this option you can modify this behaviour by
#        telling ntopng not to purge the hosts specified by -S. This parameter requires  an  argu‐
#        ment  that  can  be  "all"  (Keep  all hosts in memory), "local" (Keep only local hosts),
#        "remote" (Keep only remote hosts), "none" (Flush hosts when idle).
#
-S=
#
#       -d|--data-dir
#        Specifies the data directory (it must be writable). Default directory is ./data
#
-d=/var/tmp/ntopng
#
#       -q|--disable-autologout
#        Disable web interface logout for inactivity.
#
-q=

# /etc/ntopng/ntopng.conf
#
#        The  configuration  file is similar to the command line, with the exception that an equal
#        sign '=' must be used between key and value. Example:  -i=p1p2  or  --interface=p1p2  For
#        options with no value (e.g. -v) the equal is also necessary. Example: "-v=" must be used.
#
#
#       -G|--pid-path
#        Specifies the path where the PID (process ID) is saved.

[emanuele-f]

When running in pro mode, you can try the following:

• Verify if the problem is related to the mysql connection (-F flag)
• Disable alerts (-H flag)

We can try to look for a problem if you provide an strace with strace -tt -f -o strace.out -p [pid].

[emanuele-f]

I'm closing the issue since the original problem is solved. Please open a new issue if you still experience the pro mode high cpu load. Thank you.