ntop is a network probe that shows network usage in a way similar to what top does for processes, dnstop for dns, ptop for postgresql, iotop, atop …
In interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a web server, creating a HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, a HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.
ntop is available for both Unix and Win32-based platforms. It has been developed by Luca Deri, an Italian research scientist and network manager at University of Pisa.
On Redhat or Centos:
For installing ntop on Red Hat or Centos, please follow these instructions:
Packages needed :
- libpcap: system interface for user-level packet capture
- libpcap-devel: development library for libpcap
- rrdtool: Time-series data storage and display system (programs)
- rrdtool-devel: Time-series data storage and display system (development)
- perl-rrdtool: Time-series data storage and display system (perl interface)
- graphviz: Graph Visualization Software
First install libpcap, and libpcap-devel using yum
$ sudo yum install libpcap-devel libpcap
The rrdtool, ntop and graphviz packages you can get them like this:
$ wget ftp://rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/rrdtool-devel-1.2.30-1.el5.rf.i386.rpm
$ wget ftp://rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/rrdtool-1.2.30-1.el5.rf.i386.rpm
$ wget ftp://rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/perl-rrdtool-1.2.30-1.el5.rf.i386.rpm
$ wget http://dag.wieers.com/rpm/packages/ntop/ntop-3.3-1.el5.rf.i386.rpm
$ wget http://www.graphviz.org/graphviz-rhel.repo
$ sudo cp graphviz-rhel.repo /etc/yum.repos.d/
$ sudo yum update
$ sudo yum install graphviz
Installing perl-rrdtool, rrdtool, rrdtool-devel and ntop with rpm package manager :
$ sudo rpm -ivh perl-rrdtool-1.2.30-1.el5.rf.i386.rpm rrdtool-1.2.30-1.el5.rf.i386.rpm rrdtool-devel-1.2.30-1.el5.rf.i386.rpm ntop-3.3-1.el5.rf.i386.rpm
Type the following command to set ntop admin password, enter:
$ ntop -A
Sat Jul 4 14:31:49 2009 NOTE: Interface merge enabled by default
Sat Jul 4 14:31:49 2009 Initializing gdbm databases
ntop startup – waiting for user response!
Please enter the password for the admin user:
Please enter the password again:
Sat Jul 4 14:32:24 2009 Admin user password has been set
The following command start ntop:
$ sudo /usr/bin/ntop -d -L -u ntop -P /var/ntop –skip-version-check –use-syslog=daemon -d
If you have many interfaces you can specify them like this :
$ /usr/bin/ntop -i “eth0,eth1? -d -L -u ntop -P /var/ntop –skip-version-check –use-syslog=daemon -d
Well we need to run ntop as services, please refer to /etc/ntop.conf:
$ sudo vim /etc/ntop.conf
–user ntop
–db-file-path /var/ntop
–interface eth0,eth1
–use-syslog
–http-server 3000
–https-server 3001
–local-subnets 192.168.1.0/20
–domain mydomain.org
–daemon
At last start your ntop service:
$ sudo service ntop start
By default ntop listen on 3000 port. You can view ntop stats by visiting following url:
http://server:3000/ or https://server:3001/
as defined in the ntop.conf.
On Debian:
The ntop package is present in the Debian repository, so you can get simply by:
$ aptitude install ntop
Personalize your ntop config file. After, you can start the service :
$ sudo invoke-rc.d ntop start
No comments:
Post a Comment