You are not logged in.
- Topics: Active | Unanswered
#1 2012-03-09 15:10:58
- Lenry
- Member
- From: Szeged, Hungary
- Registered: 2010-03-27
- Posts: 64
- Website
[SOLVED] NTOP floods logs
NTOP floods /var/log/user.log and /var/log/errors.log with lines like these
Mar 8 11:05:52 localhost ntop[761]: **WARNING** packet truncated (10178->8232)
Mar 8 11:05:52 localhost ntop[761]: **WARNING** packet truncated (13194->8232)
Mar 8 11:05:52 localhost ntop[761]: **WARNING** packet truncated (10310->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:53 localhost ntop[761]: **WARNING** packet truncated (8314->8232)
Mar 8 11:05:54 localhost ntop[761]: **WARNING** packet truncated (27794->8232)
Mar 8 11:05:54 localhost ntop[761]: **WARNING** packet truncated (23414->8232)
and so on... these log files grow over 400MB.
how can I disable this logging? or what cause this warning?
Last edited by Lenry (2012-03-12 11:39:12)
Offline
#2 2012-03-09 17:03:40
- Gcool
- Member
- Registered: 2011-08-16
- Posts: 1,456
Re: [SOLVED] NTOP floods logs
Packets getting truncated shouldn't be a big deal and can safely be ignored. In order to prevent those messages from flooding your logfiles; you could for example edit your /etc/syslog-ng/syslog-ng.conf (assuming you're using syslog-ng) to not log any messages containing the "packet truncated" string.
So your f_user and f_err filters would become something among the lines of:
filter f_user { facility(user) and not match("packet truncated" value("MESSAGE")); };
filter f_err { level(err) and not match("packet truncated" value("MESSAGE")); };Burninate!
Offline
#3 2012-03-12 09:12:01
- Lenry
- Member
- From: Szeged, Hungary
- Registered: 2010-03-27
- Posts: 64
- Website
Re: [SOLVED] NTOP floods logs
Packets getting truncated shouldn't be a big deal and can safely be ignored. In order to prevent those messages from flooding your logfiles; you could for example edit your /etc/syslog-ng/syslog-ng.conf (assuming you're using syslog-ng) to not log any messages containing the "packet truncated" string.
So your f_user and f_err filters would become something among the lines of:
filter f_user { facility(user) and not match("packet truncated" value("MESSAGE")); }; filter f_err { level(err) and not match("packet truncated" value("MESSAGE")); };
thank you, it solved it!
how can I mark the topic as "Solved"?
Last edited by Lenry (2012-03-12 10:24:33)
Offline
#4 2012-03-12 10:28:53
- Gcool
- Member
- Registered: 2011-08-16
- Posts: 1,456
Re: [SOLVED] NTOP floods logs
Just edit your opening post and add [SOLVED] to the topic subject.
Burninate!
Offline