29-11-2013 | Remy van Elst
This is a guide on installing the latest ntop-ng (1.1) on Ubuntu 12.04.
ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well. ntopng users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface.
This tutorial will walk you through the compilation and installation of ntopng from source. The package in the Ubuntu 12.04 repositories it quite old.
This is what we are going to do:
Here's what you need:
We are using checkinstall here to create a debian package of the source we compile. I do this because it gives more flexibility in managing the software afterwards. Upgrading or uninstalling the packages is easier than removing all the things make install placed. Furthermore, it makes it more clear for other administrators which software is installed.
If you for example want to upgrade ntop-ng when it was installed via this tutorial with checkinstall, repeat the tutorial with only the version number changed.
These are the packages we need to build and use for ntopng
apt-get install libpcap-dev libglib2.0-dev libgeoip-dev redis-server wget libxml2-dev build-essential checkinstall
We need to download both the data files and the source code. You can download it from sourceforge:
mkdir -p /usr/local/src cd /usr/local/src wget "http://downloads.sourceforge.net/project/ntop/ntopng/ntopng-data-1.1_6932.tgz" -O ntopng-data-1.1.tar.gz wget "http://downloads.sourceforge.net/project/ntop/ntopng/ntopng-1.1_6932.tgz" -O ntopng-1.1.tar.gz
The data files contain files for the web interface like the GeoIP database. They are already good, the only thing we need to do is place them:
cd /usr/local/src tar -xf ntopng-data-1.1.tar.gz cd ntopng-data-1.1_6932 cp -r ./usr/* /usr
The compilation of ntopng itself is a bit more work, this is because the ntopng 1.1 package includes prebuilt .o blobs for third party tools, probably by accident, which will cause you trouble when building ntopng yourself. We need to clean those up.
First we extract:
cd /usr/local/src tar -xf ntopng-1.1.tar.gz cd ntopng-1.1_6932
Then we configure:
make clean cd third-party/json-c make clean cd .. cd third-party/LuaJIT-2.0.2 make clean cd .. cd third-party/rrdtool-1.4.7 make clean cd .. cd third-party/zeromq-3.2.3 make clean cd .. cd third-party/credis-0.2.3 make clean cd ..
Start the actual compilation:
And install the thing:
The default answers for checkinstall are okay.
First we create the required folder:
mkdir -p /etc/ntopng
There are two files needed. First is
--local-networks "172.20.16.0/24" --interface 1
To see all available interfaces and options, use the
ntopng -h option:
Available interfaces (-i <interface index>): 1. eth0 2. vmbr0 3. venet0 [...] 14. any 15. lo
Then there is the
Again, with the
ntopng - option you can see all the possible options for use in this config file.
Before starting the test, make sure redis is started:
If the compilation gave no errors and the config files are places we can start
ntopng and see how it works:
Use your web browser to navigate to
http://your-ntop-box-ip:3000. There you can login with the username/password combo
If this works, and there is data visible as in the screenshots, continue on to set up the upstart script.
This is a simple upstart script which can be used to start, stop and restart ntopng. Place it in
# ntopng network flow analyzer # by https://raymii.org description "ntopng network flow analyzer" start on virtual-filesystems stop on runlevel  respawn respawn limit 5 30 limit nofile 65550 65550 setuid root setgid root console log script exec /usr/local/bin/ntopng /etc/ntopng/ntopng.conf end script