Difference between revisions of "Ntop"

From ArchWiki
Jump to: navigation, search
m (Updates)
(Installation and configuration: proper way to edit units)
 
(18 intermediate revisions by 11 users not shown)
Line 1: Line 1:
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
[[es:Ntop]]
 
[[it:Ntop]]
 
[[it:Ntop]]
 +
[[ja:Ntop]]
 
[http://www.ntop.org/products/ntop/ Ntop] is a network traffic probe based on [http://www.tcpdump.org/ libcap], that offers RMON-like network traffic statistics accessible via a web browser.
 
[http://www.ntop.org/products/ntop/ Ntop] is a network traffic probe based on [http://www.tcpdump.org/ libcap], that offers RMON-like network traffic statistics accessible via a web browser.
  
 
== Installation and configuration ==
 
== Installation and configuration ==
  
[[pacman|Install]] {{Pkg|ntop}} from the [[official repositories]].
+
[[Install]] the {{Pkg|ntop}} package.
 
The first run of ntop, you must set the admin password:
 
The first run of ntop, you must set the admin password:
 
  # ntop
 
  # ntop
 +
 +
{{Accuracy|The previous default {{ic|/etc/conf.d/ntop}} does not exist anymore. A configuration file may be passed via the {{ic|@''file''}} option, but that must be picked up (e.g. via [[Systemd#Drop-in_snippets]]) from the systemd service file, which - as a second point - does not work due to {{Bug|41849}}.|Talk:Ntop#Configuration}}
 +
 
Next, you need to edit the configuration file ({{ic|/etc/conf.d/ntop}}) to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:
 
Next, you need to edit the configuration file ({{ic|/etc/conf.d/ntop}}) to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:
 
{{hc|/etc/conf.d/ntop|<nowiki>
 
{{hc|/etc/conf.d/ntop|<nowiki>
 
# Parameters to be passed to ntop.
 
# Parameters to be passed to ntop.
NTOP_ARGS="-K -W 2323 -i enp1s0,wlp2s0 -M -s -4 -6 -s -u ntop -c -r 30 -w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"
+
NTOP_ARGS="-K -W 2323 -i enp1s0,wlp2s0 -M -s -4 -6 -s -u ntop -c -r 30 --w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"
  
 
# Location of the log file.
 
# Location of the log file.
 
NTOP_LOG="/var/log/ntop/ntop.log"
 
NTOP_LOG="/var/log/ntop/ntop.log"
 
</nowiki>}}
 
</nowiki>}}
Start the ntop service:
+
 
# systemctl start ntop
+
Before [[starting]] and possibly enabling the {{ic|ntop}} service, you may have to [[edit]] its ''ntop'' command options:
If you want to start ntop at boot enable the relative [[Systemd]] service:
+
 
# systemctl enable ntop
+
{{hc|/etc/systemd/system/ntop.d/options.conf|2=
 +
[Service]
 +
ExecStart=
 +
ExecStart=/usr/bin/ntop ''options''
 +
}}
  
 
== Tips and tricks ==
 
== Tips and tricks ==
Line 29: Line 38:
 
If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (http'''s''') '''only'''.
 
If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (http'''s''') '''only'''.
  
  # ntop -w 4223
+
  # ntop -W 4223
 +
 
 +
On firefox, the self-signed certificat should be a problem. Page will not be shown like that.
  
 
Additional paramethers are allowed. Now direct our browser to [https://127.0.0.1:4223/ https://127.0.0.1:4223/].
 
Additional paramethers are allowed. Now direct our browser to [https://127.0.0.1:4223/ https://127.0.0.1:4223/].
Line 35: Line 46:
 
You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it '''ntop-cert.pem'''
 
You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it '''ntop-cert.pem'''
  
  # cd /etc/ntop/
+
  # cd /usr/share/ntop
 
  # openssl req -x509 -nodes -days 365  
 
  # openssl req -x509 -nodes -days 365  
 
   \-subj '/C=US/L=Portland/CN=swim'  
 
   \-subj '/C=US/L=Portland/CN=swim'  
 
   \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem
 
   \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem
 +
 +
Instead of make a self-signed certificat who will make your page unable to print on firefox, you should look at [[letsencrypt]] service. This service will make a free well recognized certificat for your domain. Then you will have to copy privkey.pem and fullchain.pem inside ntop-cert.pem:
 +
 +
# cat /etc/letsencrypt/live/<your domain>/privkey.pem /etc/letsencrypt/live/>your domain>/fullchain.pem > /usr/share/ntop/ntop-cert.pem
 +
 +
you can also copy your private key in the same place.
  
 
=== Group and user ===
 
=== Group and user ===
  
In order that the ''-u'' parameter is able to work properly and to secure your ntop setup a bit more, you should create an own group and user for it.
+
In order for the ''-u'' parameter to work properly and to make your ntop setup a bit more secure, you should create your own group and user for it.
  
  # useradd -M -s /sbin/nologin ntop
+
  # useradd -M -s /usr/bin/false ntop
 
  # passwd -l ntop
 
  # passwd -l ntop
  
Line 57: Line 74:
 
=== Please enable make sure that the ntop html/ directory is properly installed ===
 
=== Please enable make sure that the ntop html/ directory is properly installed ===
  
If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:
+
If you receive this warning while trying to access the web interface, edit {{ic|/etc/conf.d/ntop}} to include your IP and restart the daemon. For example:
  
 
  NTOP_ARGS="-i enp1s0 -w 127.0.0.1:3000"
 
  NTOP_ARGS="-i enp1s0 -w 127.0.0.1:3000"
  
 
This is the IP you will use to access the web interface.
 
This is the IP you will use to access the web interface.

Latest revision as of 07:07, 27 May 2017

Ntop is a network traffic probe based on libcap, that offers RMON-like network traffic statistics accessible via a web browser.

Installation and configuration

Install the ntop package. The first run of ntop, you must set the admin password:

# ntop

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: The previous default /etc/conf.d/ntop does not exist anymore. A configuration file may be passed via the @file option, but that must be picked up (e.g. via Systemd#Drop-in_snippets) from the systemd service file, which - as a second point - does not work due to FS#41849. (Discuss in Talk:Ntop#Configuration)

Next, you need to edit the configuration file (/etc/conf.d/ntop) to adapt on your needs. Below is an example configuration, with the focus on the host to get as much as information from the hosts connections:

/etc/conf.d/ntop
# Parameters to be passed to ntop.
NTOP_ARGS="-K -W 2323 -i enp1s0,wlp2s0 -M -s -4 -6 -s -u ntop -c -r 30 --w3c -t 3 -a /var/log/ntop/http.log -O /var/log/ntop/ -q --skip-version-check 0"

# Location of the log file.
NTOP_LOG="/var/log/ntop/ntop.log"

Before starting and possibly enabling the ntop service, you may have to edit its ntop command options:

/etc/systemd/system/ntop.d/options.conf
[Service]
ExecStart=
ExecStart=/usr/bin/ntop options

Tips and tricks

Web interface

To access ntop's web interface, enter http://127.0.0.1:3000/ into your web browser. To make changes to the server, you will need to enter your username (default = admin) and password.

If ntop is not just used locally on your machine, but network wide by multiple users, you'd be better off by allowing SSL connections (https) only.

# ntop -W 4223

On firefox, the self-signed certificat should be a problem. Page will not be shown like that.

Additional paramethers are allowed. Now direct our browser to https://127.0.0.1:4223/.

You can also provide ntop with your own SSL certificate. Simply put it in ntop's config directory and name it ntop-cert.pem

# cd /usr/share/ntop
# openssl req -x509 -nodes -days 365 
  \-subj '/C=US/L=Portland/CN=swim' 
  \-newkey rsa:1024 -keyout ntop-cert.pem -out ntop-cert.pem

Instead of make a self-signed certificat who will make your page unable to print on firefox, you should look at letsencrypt service. This service will make a free well recognized certificat for your domain. Then you will have to copy privkey.pem and fullchain.pem inside ntop-cert.pem:

# cat /etc/letsencrypt/live/<your domain>/privkey.pem /etc/letsencrypt/live/>your domain>/fullchain.pem > /usr/share/ntop/ntop-cert.pem

you can also copy your private key in the same place.

Group and user

In order for the -u parameter to work properly and to make your ntop setup a bit more secure, you should create your own group and user for it.

# useradd -M -s /usr/bin/false ntop
# passwd -l ntop
Note: The passwd command here is optional, but recommended, as it will render the system more secure regarding your sshd.

Troubleshooting

**ERROR** RRD: Disabled - unable to create base directory (err 13, /var/lib/ntop/rrd)

Directory /var/lib/ntop/rrd/ may not exist. Create it and make sure it belongs to user nobody.

Please enable make sure that the ntop html/ directory is properly installed

If you receive this warning while trying to access the web interface, edit /etc/conf.d/ntop to include your IP and restart the daemon. For example:

NTOP_ARGS="-i enp1s0 -w 127.0.0.1:3000"

This is the IP you will use to access the web interface.