Difference between revisions of "Ntop"

From ArchWiki
Jump to: navigation, search
(Installation & Configuration)
m (Introduction: Fix style. See Help:Style.)
(33 intermediate revisions by 11 users not shown)
Line 1: Line 1:
==Introduction==
+
[[Category:Networking]]
Ntop is a network traffic probe that offers RMON-like network traffic statistics via a web browser.
+
[[it:Ntop]]
 +
[http://www.ntop.org/products/ntop/ Ntop] is a network traffic probe based on [http://www.tcpdump.org/ libcap], that offers RMON-like network traffic statistics accessible via a web browser.
  
 
==Installation & Configuration==
 
==Installation & Configuration==
*Ntop is available in the Extra repository
+
*Ntop is available in the Extra repository:
 
  # pacman -S ntop
 
  # pacman -S ntop
*Before running ntop, you must set the admin password while logged in as root (or via sudo)
+
*During the first run of ntop, you must set the admin password:
  # ntop --set-admin-password=''password''
+
  # ntop
 +
*Next, you need to edit your /etc/conf.d/ntop to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:
 +
{{hc|/etc/conf.d/ntop|<nowiki>
 +
# Parameters to be passed to ntop.
 +
NTOP_ARGS="-K -W 2323 -i eth0,wlan0 -M -s -4 -6 -s -u ntop -c -r 30 -w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"
 +
 
 +
# Location of the log file.
 +
NTOP_LOG="/var/log/ntop/ntop.log"
 +
</nowiki>}}
 
*Next, start the ntop service:
 
*Next, start the ntop service:
 
  # /etc/rc.d/ntop start
 
  # /etc/rc.d/ntop start
*If preferred, add ntop to DAEMONS list in /etc/rc.conf to start process automatically at boot
+
*Also, if preferred, add ntop to DAEMONS list in [https://wiki.archlinux.org/index.php/Rc.conf /etc/rc.conf] to start process automatically at boot.
 +
*The configuration file is located at /etc/conf.d/ntop
 +
 
 +
==Tips & Tricks==
 +
===ntop's web interface===
 +
To access ntop's web interface, enter http://127.0.0.1:3000/ into your web browser. To make changes to the server, you will need to enter your username (default = ''admin'') and password.
 +
 
 +
If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (http'''s''') '''only'''.
 +
 
 +
# ntop -w 4223 [...]
 +
 
 +
[...] stands for other parameters given. Now direct our browser to: https://127.0.0.1:4223/
 +
 
 +
You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it '''ntop-cert.pem'''
 +
 
 +
# cd /etc/ntop/
 +
# openssl req -x509 -nodes -days 365
 +
  \-subj '/C=US/L=Portland/CN=swim'
 +
  \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem
 +
 
 +
===ntop's group & user===
 +
 
 +
In order that the ''-u'' parameter is able to work properly and to secure your ntop setup a bit more, you should create an own group and user for it.
 +
 
 +
# useradd -M -s /sbin/nologin ntop
 +
# passwd -l ntop
 +
 
 +
{{Note|The passwd command here is optional, but recommended, as it will render the system more secure regarding your sshd.}}
 +
 
 +
==Troubleshooting==
 +
===**ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd)===
 +
Directory may not exist.  Create it and make sure it belongs to user nobody
 +
 
 +
===Please enable make sure that the ntop html/ directory is properly installed===
 +
If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:
 +
 
 +
NTOP_ARGS="-i eth0 -w 127.0.0.1:3000"
 +
 
 +
This is the IP you will use to access the web interface.

Revision as of 09:02, 10 December 2012

Ntop is a network traffic probe based on libcap, that offers RMON-like network traffic statistics accessible via a web browser.

Installation & Configuration

  • Ntop is available in the Extra repository:
# pacman -S ntop
  • During the first run of ntop, you must set the admin password:
# ntop
  • Next, you need to edit your /etc/conf.d/ntop to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:
/etc/conf.d/ntop
# Parameters to be passed to ntop.
NTOP_ARGS="-K -W 2323 -i eth0,wlan0 -M -s -4 -6 -s -u ntop -c -r 30 -w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"

# Location of the log file.
NTOP_LOG="/var/log/ntop/ntop.log"
  • Next, start the ntop service:
# /etc/rc.d/ntop start
  • Also, if preferred, add ntop to DAEMONS list in /etc/rc.conf to start process automatically at boot.
  • The configuration file is located at /etc/conf.d/ntop

Tips & Tricks

ntop's web interface

To access ntop's web interface, enter http://127.0.0.1:3000/ into your web browser. To make changes to the server, you will need to enter your username (default = admin) and password.

If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (https) only.

# ntop -w 4223 [...]

[...] stands for other parameters given. Now direct our browser to: https://127.0.0.1:4223/

You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it ntop-cert.pem

# cd /etc/ntop/
# openssl req -x509 -nodes -days 365 
  \-subj '/C=US/L=Portland/CN=swim' 
  \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem

ntop's group & user

In order that the -u parameter is able to work properly and to secure your ntop setup a bit more, you should create an own group and user for it.

# useradd -M -s /sbin/nologin ntop
# passwd -l ntop
Note: The passwd command here is optional, but recommended, as it will render the system more secure regarding your sshd.

Troubleshooting

**ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd)

Directory may not exist. Create it and make sure it belongs to user nobody

Please enable make sure that the ntop html/ directory is properly installed

If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:

NTOP_ARGS="-i eth0 -w 127.0.0.1:3000"

This is the IP you will use to access the web interface.