Difference between revisions of "Ntop"

From ArchWiki
Jump to: navigation, search
(Troubleshooting)
(Installation and configuration: proper way to edit units)
 
(26 intermediate revisions by 14 users not shown)
Line 1: Line 1:
[[Category:Networking (English)]]
+
[[Category:Networking]]
{{i18n|Ntop}}
+
[[es:Ntop]]
==Introduction==
+
[[it:Ntop]]
Ntop is a network traffic probe based on [http://www.tcpdump.org/ libcap], that offers RMON-like network traffic statistics accessible via a web browser.  See [http://www.ntop.org/products/ntop/ ntop.org] for an overview.
+
[[ja:Ntop]]
 +
[http://www.ntop.org/products/ntop/ Ntop] is a network traffic probe based on [http://www.tcpdump.org/ libcap], that offers RMON-like network traffic statistics accessible via a web browser.
  
==Installation & Configuration==
+
== Installation and configuration ==
*Ntop is available in the Extra repository:
+
 
# pacman -S ntop
+
[[Install]] the {{Pkg|ntop}} package.
*During the first run of ntop, you must set the admin password:
+
The first run of ntop, you must set the admin password:
 
  # ntop
 
  # ntop
*Next, look at /etc/conf.d/ntop for configure the network interface, what you want to use.
 
*Next, start the ntop service:
 
# /etc/rc.d/ntop start
 
*Also, if preferred, add ntop to DAEMONS list in [http://wiki.archlinux.org/index.php/Rc.conf /etc/rc.conf] to start process automatically at boot.
 
*The configuration file is located at /etc/conf.d/ntop
 
  
==Tips & Tricks==
+
{{Accuracy|The previous default {{ic|/etc/conf.d/ntop}} does not exist anymore. A configuration file may be passed via the {{ic|@''file''}} option, but that must be picked up (e.g. via [[Systemd#Drop-in_snippets]]) from the systemd service file, which - as a second point - does not work due to {{Bug|41849}}.|Talk:Ntop#Configuration}}
===Access ntop web interface===
+
 
*To access ntop's web interface, enter http://127.0.0.1:3000/ into your web browser. To make changes to the server, you will need to enter your username (default = ''admin'') and password.
+
Next, you need to edit the configuration file ({{ic|/etc/conf.d/ntop}}) to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:
==Troubleshooting==
+
{{hc|/etc/conf.d/ntop|<nowiki>
===**ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd)===
+
# Parameters to be passed to ntop.
Directory may not exist. Create it and make sure it belongs to user nobody
+
NTOP_ARGS="-K -W 2323 -i enp1s0,wlp2s0 -M -s -4 -6 -s -u ntop -c -r 30 --w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"
 +
 
 +
# Location of the log file.
 +
NTOP_LOG="/var/log/ntop/ntop.log"
 +
</nowiki>}}
 +
 
 +
Before [[starting]] and possibly enabling the {{ic|ntop}} service, you may have to [[edit]] its ''ntop'' command options:
 +
 
 +
{{hc|/etc/systemd/system/ntop.d/options.conf|2=
 +
[Service]
 +
ExecStart=
 +
ExecStart=/usr/bin/ntop ''options''
 +
}}
 +
 
 +
== Tips and tricks ==
 +
 
 +
=== Web interface ===
 +
 
 +
To access ntop's web interface, enter [http://127.0.0.1:3000/ http://127.0.0.1:3000/] into your web browser. To make changes to the server, you will need to enter your username (default = ''admin'') and password.
 +
 
 +
If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (http'''s''') '''only'''.
 +
 
 +
# ntop -W 4223
 +
 
 +
On firefox, the self-signed certificat should be a problem. Page will not be shown like that.
 +
 
 +
Additional paramethers are allowed. Now direct our browser to [https://127.0.0.1:4223/ https://127.0.0.1:4223/].
 +
 
 +
You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it '''ntop-cert.pem'''
 +
 
 +
# cd /usr/share/ntop
 +
# openssl req -x509 -nodes -days 365
 +
  \-subj '/C=US/L=Portland/CN=swim'
 +
  \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem
 +
 
 +
Instead of make a self-signed certificat who will make your page unable to print on firefox, you should look at [[letsencrypt]] service. This service will make a free well recognized certificat for your domain. Then you will have to copy privkey.pem and fullchain.pem inside ntop-cert.pem:
 +
 
 +
# cat /etc/letsencrypt/live/<your domain>/privkey.pem /etc/letsencrypt/live/>your domain>/fullchain.pem > /usr/share/ntop/ntop-cert.pem
 +
 
 +
you can also copy your private key in the same place.
 +
 
 +
=== Group and user ===
 +
 
 +
In order for the ''-u'' parameter to work properly and to make your ntop setup a bit more secure, you should create your own group and user for it.
 +
 
 +
# useradd -M -s /usr/bin/false ntop
 +
# passwd -l ntop
 +
 
 +
{{Note|The {{ic|passwd}} command here is optional, but recommended, as it will render the system more secure regarding your sshd.}}
 +
 
 +
== Troubleshooting ==
 +
 
 +
=== **ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd) ===
 +
 
 +
Directory {{ic|/var/lib/ntop/rrd/}} may not exist. Create it and make sure it belongs to user nobody.
 +
 
 +
=== Please enable make sure that the ntop html/ directory is properly installed ===
  
===Please enable make sure that the ntop html/ directory is properly installed===
+
If you receive this warning while trying to access the web interface, edit {{ic|/etc/conf.d/ntop}} to include your IP and restart the daemon. For example:
If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:
 
  
  NTOP_ARGS="-i eth0 -w 127.0.0.1:3000"
+
  NTOP_ARGS="-i enp1s0 -w 127.0.0.1:3000"
  
 
This is the IP you will use to access the web interface.
 
This is the IP you will use to access the web interface.

Latest revision as of 07:07, 27 May 2017

Ntop is a network traffic probe based on libcap, that offers RMON-like network traffic statistics accessible via a web browser.

Installation and configuration

Install the ntop package. The first run of ntop, you must set the admin password:

# ntop

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: The previous default /etc/conf.d/ntop does not exist anymore. A configuration file may be passed via the @file option, but that must be picked up (e.g. via Systemd#Drop-in_snippets) from the systemd service file, which - as a second point - does not work due to FS#41849. (Discuss in Talk:Ntop#Configuration)

Next, you need to edit the configuration file (/etc/conf.d/ntop) to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:

/etc/conf.d/ntop
# Parameters to be passed to ntop.
NTOP_ARGS="-K -W 2323 -i enp1s0,wlp2s0 -M -s -4 -6 -s -u ntop -c -r 30 --w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"

# Location of the log file.
NTOP_LOG="/var/log/ntop/ntop.log"

Before starting and possibly enabling the ntop service, you may have to edit its ntop command options:

/etc/systemd/system/ntop.d/options.conf
[Service]
ExecStart=
ExecStart=/usr/bin/ntop options

Tips and tricks

Web interface

To access ntop's web interface, enter http://127.0.0.1:3000/ into your web browser. To make changes to the server, you will need to enter your username (default = admin) and password.

If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (https) only.

# ntop -W 4223

On firefox, the self-signed certificat should be a problem. Page will not be shown like that.

Additional paramethers are allowed. Now direct our browser to https://127.0.0.1:4223/.

You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it ntop-cert.pem

# cd /usr/share/ntop
# openssl req -x509 -nodes -days 365 
  \-subj '/C=US/L=Portland/CN=swim' 
  \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem

Instead of make a self-signed certificat who will make your page unable to print on firefox, you should look at letsencrypt service. This service will make a free well recognized certificat for your domain. Then you will have to copy privkey.pem and fullchain.pem inside ntop-cert.pem:

# cat /etc/letsencrypt/live/<your domain>/privkey.pem /etc/letsencrypt/live/>your domain>/fullchain.pem > /usr/share/ntop/ntop-cert.pem

you can also copy your private key in the same place.

Group and user

In order for the -u parameter to work properly and to make your ntop setup a bit more secure, you should create your own group and user for it.

# useradd -M -s /usr/bin/false ntop
# passwd -l ntop
Note: The passwd command here is optional, but recommended, as it will render the system more secure regarding your sshd.

Troubleshooting

**ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd)

Directory /var/lib/ntop/rrd/ may not exist. Create it and make sure it belongs to user nobody.

Please enable make sure that the ntop html/ directory is properly installed

If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:

NTOP_ARGS="-i enp1s0 -w 127.0.0.1:3000"

This is the IP you will use to access the web interface.