Skip to main content

Raymii.org Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

ntop-ng 1.1 installation on Ubuntu 12.04

Published: 29-11-2013 | Author: Remy van Elst | Text only version of this article


Table of Contents


Screenshots

This is a guide on installing the latest ntop-ng (1.1) on Ubuntu 12.04.

ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well. ntopng users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. 

This tutorial will walk you through the compilation and installation of ntopngfrom source. The package in the Ubuntu 12.04 repositories it quite old.

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

ntop

ntop

ntop

ntop

ntop

What can ntopng do?

More information on ntop-ng can be found on their website:http://www.ntop.org/

Contents

This is what we are going to do:

Here's what you need:

This tutorial was tested on a DigitalOcean VPS. If you use this link yousponsor this website. (referral link)

Note about checkinstall and packages

We are using checkinstall here to create a debian package of the source wecompile. I do this because it gives more flexibility in managing the softwareafterwards. Upgrading or uninstalling the packages is easier than removing allthe things make install placed. Furthermore, it makes it more clear for otheradministrators which software is installed.

If you for example want to upgrade ntop-ng when it was installed via thistutorial with checkinstall, repeat the tutorial with only the version numberchanged.

Installing required packages

These are the packages we need to build and use for ntopng

 apt-get install libpcap-dev libglib2.0-dev libgeoip-dev redis-server wget libxml2-dev build-essential checkinstall

Download the files

We need to download both the data files and the source code. You can download it from sourceforge:

mkdir -p /usr/local/srccd /usr/local/srcwget "http://downloads.sourceforge.net/project/ntop/ntopng/ntopng-data-1.1_6932.tgz" -O ntopng-data-1.1.tar.gzwget "http://downloads.sourceforge.net/project/ntop/ntopng/ntopng-1.1_6932.tgz" -O ntopng-1.1.tar.gz

Place ntopng-data

The data files contain files for the web interface like the GeoIP database. Theyare already good, the only thing we need to do is place them:

cd /usr/local/srctar -xf ntopng-data-1.1.tar.gzcd ntopng-data-1.1_6932cp -r ./usr/* /usr 

Compile ntopng

The compilation of ntopng itself is a bit more work, this is because the ntopng1.1 package includes prebuilt .o blobs for third party tools, probably byaccident, which will cause you trouble when building ntopng yourself. We need toclean those up.

First we extract:

cd /usr/local/srctar -xf ntopng-1.1.tar.gzcd ntopng-1.1_6932

Then we configure:

./configure

Clean up:

make cleancd third-party/json-c make cleancd .. cd third-party/LuaJIT-2.0.2make cleancd .. cd third-party/rrdtool-1.4.7make cleancd ..cd third-party/zeromq-3.2.3make cleancd ..cd third-party/credis-0.2.3make cleancd ..

Start the actual compilation:

make

And install the thing:

checkinstall

The default answers for checkinstall are okay.

Creating the ntopng config file

First we create the required folder:

mkdir -p /etc/ntopng

There are two files needed. First is /etc/ntopng/ntopng.start:

--local-networks "172.20.16.0/24"--interface 1

To see all available interfaces and options, use the ntopng -h option:

Available interfaces (-i <interface index>):   1. eth0   2. vmbr0   3. venet0   [...]   14. any   15. lo

Then there is the /etc/ntopng/ntopng.conf file:

-G=/var/run/ntopng.pid

Again, with the ntopng - option you can see all the possible options for usein this config file.

Before starting the test, make sure redis is started:

/etc/init.d/redis-server restart

Test ntopng

If the compilation gave no errors and the config files are places we can startntopng and see how it works:

ntopng /etc/ntopng/ntopng.conf

Use your web browser to navigate to http://your-ntop-box-ip:3000. There youcan login with the username/password combo admin/admin.

If this works, and there is data visible as in the screenshots, continue on toset up the upstart script.

Upstart script

This is a simple upstart script which can be used to start, stop and restartntopng. Place it in /etc/init/ntopng.conf:

# ntopng network flow analyzer# by https://raymii.orgdescription     "ntopng network flow analyzer"start on virtual-filesystemsstop on runlevel [06]respawnrespawn limit 5 30limit nofile 65550 65550setuid rootsetgid rootconsole logscript        exec /usr/local/bin/ntopng /etc/ntopng/ntopng.confend script
Tags: apache, lua, monitoring, network, ntop, ntop-ng, tutorials, ubuntu