Difference between revisions of "Ntop"

From ArchWiki
Jump to: navigation, search
m (Updates)
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
[[Category:Networking]]
 
[[Category:Networking]]
 
[[it:Ntop]]
 
[[it:Ntop]]
==Introduction==
+
[http://www.ntop.org/products/ntop/ Ntop] is a network traffic probe based on [http://www.tcpdump.org/ libcap], that offers RMON-like network traffic statistics accessible via a web browser.
Ntop is a network traffic probe based on [http://www.tcpdump.org/ libcap], that offers RMON-like network traffic statistics accessible via a web browser.  See [http://www.ntop.org/products/ntop/ ntop.org] for an overview.
+
  
==Installation & Configuration==
+
== Installation and configuration ==
*Ntop is available in the Extra repository:
+
 
# pacman -S ntop
+
[[pacman|Install]] {{Pkg|ntop}} from the [[official repositories]].
*During the first run of ntop, you must set the admin password:
+
The first run of ntop, you must set the admin password:
 
  # ntop
 
  # ntop
*Next, you need to edit your /etc/conf.d/ntop to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:
+
Next, you need to edit the configuration file ({{ic|/etc/conf.d/ntop}}) to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:
 
{{hc|/etc/conf.d/ntop|<nowiki>
 
{{hc|/etc/conf.d/ntop|<nowiki>
 
# Parameters to be passed to ntop.
 
# Parameters to be passed to ntop.
NTOP_ARGS="-K -W 2323 -i eth0,wlan0 -M -s -4 -6 -s -u ntop -c -r 30 -w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"
+
NTOP_ARGS="-K -W 2323 -i enp1s0,wlp2s0 -M -s -4 -6 -s -u ntop -c -r 30 -w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"
  
 
# Location of the log file.
 
# Location of the log file.
 
NTOP_LOG="/var/log/ntop/ntop.log"
 
NTOP_LOG="/var/log/ntop/ntop.log"
 
</nowiki>}}
 
</nowiki>}}
*Next, start the ntop service:
+
Start the ntop service:
  # /etc/rc.d/ntop start
+
  # systemctl start ntop
*Also, if preferred, add ntop to DAEMONS list in [http://wiki.archlinux.org/index.php/Rc.conf /etc/rc.conf] to start process automatically at boot.
+
If you want to start ntop at boot enable the relative [[Systemd]] service:
*The configuration file is located at /etc/conf.d/ntop
+
# systemctl enable ntop
  
==Tips & Tricks==
+
== Tips and tricks ==
===ntop's web interface===
+
 
To access ntop's web interface, enter http://127.0.0.1:3000/ into your web browser. To make changes to the server, you will need to enter your username (default = ''admin'') and password.
+
=== Web interface ===
 +
 
 +
To access ntop's web interface, enter [http://127.0.0.1:3000/ http://127.0.0.1:3000/] into your web browser. To make changes to the server, you will need to enter your username (default = ''admin'') and password.
  
 
If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (http'''s''') '''only'''.
 
If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (http'''s''') '''only'''.
  
  # ntop -w 4223 [...]
+
  # ntop -w 4223
  
[...] stands for other parameters given. Now direct our browser to: https://127.0.0.1:4223/
+
Additional paramethers are allowed. Now direct our browser to [https://127.0.0.1:4223/ https://127.0.0.1:4223/].
  
 
You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it '''ntop-cert.pem'''
 
You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it '''ntop-cert.pem'''
Line 39: Line 40:
 
   \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem
 
   \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem
  
===ntop's group & user===
+
=== Group and user ===
  
 
In order that the ''-u'' parameter is able to work properly and to secure your ntop setup a bit more, you should create an own group and user for it.
 
In order that the ''-u'' parameter is able to work properly and to secure your ntop setup a bit more, you should create an own group and user for it.
Line 46: Line 47:
 
  # passwd -l ntop
 
  # passwd -l ntop
  
{{Note|The passwd command here is optional, but recommended, as it will render the system more secure regarding your sshd.}}
+
{{Note|The {{ic|passwd}} command here is optional, but recommended, as it will render the system more secure regarding your sshd.}}
 +
 
 +
== Troubleshooting ==
 +
 
 +
=== **ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd) ===
 +
 
 +
Directory {{ic|/var/lib/ntop/rrd/}} may not exist. Create it and make sure it belongs to user nobody.
  
==Troubleshooting==
+
=== Please enable make sure that the ntop html/ directory is properly installed ===
===**ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd)===
+
Directory may not exist.  Create it and make sure it belongs to user nobody
+
  
===Please enable make sure that the ntop html/ directory is properly installed===
 
 
If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:
 
If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:
  
  NTOP_ARGS="-i eth0 -w 127.0.0.1:3000"
+
  NTOP_ARGS="-i enp1s0 -w 127.0.0.1:3000"
  
 
This is the IP you will use to access the web interface.
 
This is the IP you will use to access the web interface.

Revision as of 13:23, 30 May 2013

Ntop is a network traffic probe based on libcap, that offers RMON-like network traffic statistics accessible via a web browser.

Installation and configuration

Install ntop from the official repositories. The first run of ntop, you must set the admin password:

# ntop

Next, you need to edit the configuration file (/etc/conf.d/ntop) to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:

/etc/conf.d/ntop
# Parameters to be passed to ntop.
NTOP_ARGS="-K -W 2323 -i enp1s0,wlp2s0 -M -s -4 -6 -s -u ntop -c -r 30 -w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"

# Location of the log file.
NTOP_LOG="/var/log/ntop/ntop.log"

Start the ntop service:

# systemctl start ntop

If you want to start ntop at boot enable the relative Systemd service:

# systemctl enable ntop

Tips and tricks

Web interface

To access ntop's web interface, enter http://127.0.0.1:3000/ into your web browser. To make changes to the server, you will need to enter your username (default = admin) and password.

If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (https) only.

# ntop -w 4223

Additional paramethers are allowed. Now direct our browser to https://127.0.0.1:4223/.

You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it ntop-cert.pem

# cd /etc/ntop/
# openssl req -x509 -nodes -days 365 
  \-subj '/C=US/L=Portland/CN=swim' 
  \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem

Group and user

In order that the -u parameter is able to work properly and to secure your ntop setup a bit more, you should create an own group and user for it.

# useradd -M -s /sbin/nologin ntop
# passwd -l ntop
Note: The passwd command here is optional, but recommended, as it will render the system more secure regarding your sshd.

Troubleshooting

**ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd)

Directory /var/lib/ntop/rrd/ may not exist. Create it and make sure it belongs to user nobody.

Please enable make sure that the ntop html/ directory is properly installed

If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:

NTOP_ARGS="-i enp1s0 -w 127.0.0.1:3000"

This is the IP you will use to access the web interface.