You are not logged in.
NTOP floods /var/log/user.log and /var/log/errors.log with lines like these
Mar 8 11:05:52 localhost ntop[761]: **WARNING** packet truncated (10178->8232)
Mar 8 11:05:52 localhost ntop[761]: **WARNING** packet truncated (13194->8232)
Mar 8 11:05:52 localhost ntop[761]: **WARNING** packet truncated (10310->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:54 localhost ntop[761]: **WARNING** packet truncated (27794->8232)
Mar 8 11:05:54 localhost ntop[761]: **WARNING** packet truncated (23414->8232)
and so on... these log files grow over 400MB.
how can I disable this logging? or what cause this warning?
Last edited by Lenry (2012-03-12 11:39:12)
Offline
Packets getting truncated shouldn't be a big deal and can safely be ignored. In order to prevent those messages from flooding your logfiles; you could for example edit your /etc/syslog-ng/syslog-ng.conf (assuming you're using syslog-ng) to not log any messages containing the "packet truncated" string.
So your f_user and f_err filters would become something among the lines of:
filter f_user { facility(user) and not match("packet truncated" value("MESSAGE")); };
filter f_err { level(err) and not match("packet truncated" value("MESSAGE")); };
Burninate!
Offline
Packets getting truncated shouldn't be a big deal and can safely be ignored. In order to prevent those messages from flooding your logfiles; you could for example edit your /etc/syslog-ng/syslog-ng.conf (assuming you're using syslog-ng) to not log any messages containing the "packet truncated" string.
So your f_user and f_err filters would become something among the lines of:
filter f_user { facility(user) and not match("packet truncated" value("MESSAGE")); }; filter f_err { level(err) and not match("packet truncated" value("MESSAGE")); };
thank you, it solved it!
how can I mark the topic as "Solved"?
Last edited by Lenry (2012-03-12 10:24:33)
Offline
Just edit your opening post and add [SOLVED] to the topic subject.
Burninate!
Offline