Raymii.org
Quis custodiet ipsos custodes?Home | About | All pages | Cluster Status | RSS Feed
ntop-ng 1.1 installation on Ubuntu 12.04
Published: 29-11-2013 | Author: Remy van Elst | Text only version of this article
❗ This post is over eleven years old. It may no longer be up to date. Opinions may have changed.
Table of Contents
Screenshots
This is a guide on installing the latest ntop-ng (1.1) on Ubuntu 12.04.
ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well. ntopng users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface.
This tutorial will walk you through the compilation and installation of ntopng from source. The package in the Ubuntu 12.04 repositories it quite old.
Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:
I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!
Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.
You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $200 credit for 60 days. Spend $25 after your credit expires and I'll get $25!
What can ntopng do?
- Sort network traffic according to many protocols
- Show network traffic and IPv4/v6 active hosts
- Store on disk persistent traffic statistics in RRD format
- Geolocate hosts
- Discover application protocols by leveraging on nDPI, ntops DPI framework.
- Characterise HTTP traffic by leveraging on characterisation services provided by block.si.
- Show IP traffic distribution among the various protocols
- Analyse IP traffic and sort it according to the source/destination
- Display IP Traffic Subnet matrix (who is talking to who?)
- Report IP protocol usage sorted by protocol type
- Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks) when used together with nProbe.
- Produce HTML5/AJAX network traffic statistics
More information on ntop-ng can be found on their website: http://www.ntop.org/
Contents
This is what we are going to do:
- Install required packages
- Download files
- Place ntopng-data
- Compile ntopng
- Create config file
- Test ntopng
- Place upstart script
Here's what you need:
- Ubuntu 12.04 installation
- Debian 7 also works
Note about checkinstall and packages
We are using checkinstall here to create a debian package of the source we compile. I do this because it gives more flexibility in managing the software afterwards. Upgrading or uninstalling the packages is easier than removing all the things make install placed. Furthermore, it makes it more clear for other administrators which software is installed.
If you for example want to upgrade ntop-ng when it was installed via this tutorial with checkinstall, repeat the tutorial with only the version number changed.
Installing required packages
These are the packages we need to build and use for ntopng
apt-get install libpcap-dev libglib2.0-dev libgeoip-dev redis-server wget libxml2-dev build-essential checkinstall
Download the files
We need to download both the data files and the source code. You can download it from sourceforge:
mkdir -p /usr/local/src
cd /usr/local/src
wget "http://downloads.sourceforge.net/project/ntop/ntopng/ntopng-data-1.1_6932.tgz" -O ntopng-data-1.1.tar.gz
wget "http://downloads.sourceforge.net/project/ntop/ntopng/ntopng-1.1_6932.tgz" -O ntopng-1.1.tar.gz
Place ntopng-data
The data files contain files for the web interface like the GeoIP database. They are already good, the only thing we need to do is place them:
cd /usr/local/src
tar -xf ntopng-data-1.1.tar.gz
cd ntopng-data-1.1_6932
cp -r ./usr/* /usr
Compile ntopng
The compilation of ntopng itself is a bit more work, this is because the ntopng 1.1 package includes prebuilt .o blobs for third party tools, probably by accident, which will cause you trouble when building ntopng yourself. We need to clean those up.
First we extract:
cd /usr/local/src
tar -xf ntopng-1.1.tar.gz
cd ntopng-1.1_6932
Then we configure:
./configure
Clean up:
make clean
cd third-party/json-c
make clean
cd ..
cd third-party/LuaJIT-2.0.2
make clean
cd ..
cd third-party/rrdtool-1.4.7
make clean
cd ..
cd third-party/zeromq-3.2.3
make clean
cd ..
cd third-party/credis-0.2.3
make clean
cd ..
Start the actual compilation:
make
And install the thing:
checkinstall
The default answers for checkinstall are okay.
Creating the ntopng config file
First we create the required folder:
mkdir -p /etc/ntopng
There are two files needed. First is /etc/ntopng/ntopng.start
:
--local-networks "172.20.16.0/24"
--interface 1
To see all available interfaces and options, use the ntopng -h
option:
Available interfaces (-i <interface index>):
1. eth0
2. vmbr0
3. venet0
[...]
14. any
15. lo
Then there is the /etc/ntopng/ntopng.conf
file:
-G=/var/run/ntopng.pid
Again, with the ntopng -
option you can see all the possible options for use
in this config file.
Before starting the test, make sure redis is started:
/etc/init.d/redis-server restart
Test ntopng
If the compilation gave no errors and the config files are places we can start
ntopng
and see how it works:
ntopng /etc/ntopng/ntopng.conf
Use your web browser to navigate to http://your-ntop-box-ip:3000
. There you
can login with the username/password combo admin/admin
.
If this works, and there is data visible as in the screenshots, continue on to set up the upstart script.
Upstart script
This is a simple upstart script which can be used to start, stop and restart
ntopng. Place it in /etc/init/ntopng.conf
:
# ntopng network flow analyzer
# by https://raymii.org
description "ntopng network flow analyzer"
start on virtual-filesystems
stop on runlevel [06]
respawn
respawn limit 5 30
limit nofile 65550 65550
setuid root
setgid root
console log
script
exec /usr/local/bin/ntopng /etc/ntopng/ntopng.conf
end script
Tags: apache
, lua
, monitoring
, network
, ntop
, ntop-ng
, tutorials
, ubuntu