Tuesday, December 27, 2011

Ntop






Contents

1. Installation
1. Compiling ntop from source or SVN
2. Configuration
1. Fixing "Physical Host Location" feature (mapper.pl)
3. Access
4. Links



Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) and Fibre Channel (FC) traffic generated by each host. The traffic is sorted according to host and protocol. Protocols (user configurable) include:

* TCP/UDP/ICMP
* (R)ARP
* IPX
* DLC
* Decnet

AppleTalk
* Netbios
* TCP/UDP
FTP, HTTP, DNS, Telnet, SMTP/POP/IMAP, SNMP, NFS, X11
* Fibre Channel
o o Control Traffic - SW2, GS3, ELS o SCSI

(In human-readable, this means you can very comprehensively monitor your network traffic, connections & bandwidth via a web output)

Installation

UBUNTU

Packages needed for installation are:

ntop

You can just type the following to install it (make sure you enable the Universe repositories): https://help.ubuntu.com/7.10/add-applications/C/extra-repositories.html

sudo apt-get install ntop -y

Compiling ntop from source or SVN

The ntop source can be retrieved from Ubuntu's servers using a command like:

apt-get source ntop

which will unpack the source package into the current working directory with a name like ntop-3.3.10. You can also follow the instructions at ntop.org to retrieve the latest version from SVN (trunk):

svn co https://svn.ntop.org/svn/ntop/trunk/ntop

Most of the packages which will be required to build ntop from source on an Ubuntu 9.10 (Karmic) can be retrieved with the following command:

sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev

You must first run ./autogen.sh in the ntop directory to create the configure script, Makefiles, and such, as described here. The configure script is pretty good about telling you which dependencies are missing, if any. Don't forget you can pass configure options to autogen.sh, as in:

./autogen.sh --prefix=/usr/local/stow/ntop-svn


RPM - RedHat, CentOS, ClearOS, etc

Download latest ntop

Visit ntop project to grab latest version. You can use wget to grab the same, enter:
#cd /opt
#wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz

Untar tar ball, enter:
#tar -zxvf ntop-3.3.6.tar.gz
Configure and Compile ntop under RHEL

You must have RRDTool installed. You also need to install libpcap, enter:
# yum install libpcap-devel libpcap


Type the following commands to compile and install ntop:
#cd ntop
#./autogen.sh

Just type make to compile ntop:
#make

Just type make install to install ntop:
#make install
#make install-data-as




Configuration
UBUNTU
When first installing & configuring the ntop application you need to set an admin password.

sudo ntop --set-admin-password

restart the service with

sudo /etc/init.d/ntop restart

RPM - RedHat, CentOS, ClearOS, etc

Type the following command to run ntop as ntop user, enter:
#useradd -M -s /sbin/nologin -r ntop

Setup directory permissions

Next, you need to setup directory permissions, enter:
#chown ntop:root /usr/local/var/ntop/
#chown ntop:ntop /usr/local/share/ntop/

Setup ntop user admin password

Type the following command to set ntop admin password, enter:
#ntop -A

Sample output:

Mon Jul 28 03:38:34 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:38:34 2008  Initializing gdbm databases
ntop startup - waiting for user response!
Please enter the password for the admin user:
Please enter the password again:
Mon Jul 28 03:38:42 2008  Admin user password has been set

Start ntop

Type the following command to start ntop:
# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Sample output:

Mon Jul 28 03:42:19 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:42:19 2008  Initializing gdbm databases
If you have multiple interface (eth0, eth1 and so on), start ntop as follows:
# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon





The host location results com from http://geotool.servehttp.com instead, a service of MaxMind, who provide the libgeoip1 library also used in ntop.

Access

To access your network statistics via the web visit the web address:

http://localhost:3000
OR
http://server-ip:3000


References:

1.
http://www.ntop.org/download.html
2.
http://www.gnu.org/software/stow/ - helps manage source packages without sullying /usr/bin, /usr/share, and so on
3.
http://didar15.wordpress.com/2011/12/21/install-ntop-on-redhat-linuxcentos
4.
http://csmartonline.com/blog/2011/12/21/installing-ntop-for-clearos/
Posted by at 3:17 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)