«

»

Aug 21

Ntopng (ntop) – web-based network traffic monitoring system – Linux – Debian.

Ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well.

 

1. Install some needed dependencies.

sudo apt-get install autoconf automake autogen libsqlite3-dev libhiredis-dev libtool rrdtool libpcap-dev libglib2.0 libglib2.0-dev libgeoip-dev redis-server wget libxml2-dev build-essential libcurl-dev libmysqlclient-dev checkinstall

2. Download and install ntopng.

sudo mkdir -p install
cd install

sudo wget --trust-server-names http://sourceforge.net/projects/ntop/files/ntopng/ntopng-1.2.1.tgz/download

 

3. Compiling ntopng from Source Code (with geoip database).

sudo tar -xf ntopng-1.2.1.tgz
cd ntopng-1.2.1
sudo ./autogen.sh
sudo ./configure
sudo make geoip
sudo make

After this command  the installation and creating new package ntopng_1.2.1-1_amd64.deb will begin.

sudo checkinstall

 

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran
...

Answer: y

...
Should I create a default set of package docs?  [y]: y
...
Preparing package documentation...OK
...

Please write a description for the package eg: ntopng and confirm it using 2x ENTER.

Please write a description for the package.
End your description with an empty line or EOF.
>> ntopng
>>
...

0 - Maintainer: [ user@debian.com ]
1 - Summary: [ ntopng ]
2 - Name: [ ntopng ]
3 - Version: [ 1.2.1 ]
4 - Release: [ 1 ]
5 - License: [ GPL ]
6 - Group: [ checkinstall ]
7 - Architecture: [ amd64 ]
8 - Source location: [ ntopng-1.2.1 ]
9 - Alternate source location: [ ]
10 - Requires: [ ]
11 - Provides: [ ntopng ]
12 - Conflicts: [ ]
13 - Replaces: [ ]
Enter a number to change any of them or press ENTER to continue:

Continue by pressing ENTER.

....

Copying files to the temporary directory...OK
Stripping ELF binaries and libraries...OK
Compressing man pages...OK
Building file list...OK
Building Debian package...OK
Installing Debian package...OK
Erasing temporary files...OK
Deleting temp dir...OK

**********************************************************************

 Done. The new package has been installed and saved to

 ../install/ntopng-1.2.1/ntopng_1.2.1-1_amd64.deb

 You can remove it from your system anytime using:

      dpkg -r ntopng

**********************************************************************

The new package should be located in install folder e.g:

../install/ntopng-1.2.1/ntopng_1.2.1-1_amd64.deb

 

To remove ntopng use command below:

sudo dpkg -r ntopng

 

4. Configure init script ntopng.

 

Create ntopng configfile in /etc/default folder and create new folder for logs:

sudo mkdir /var/log/ntopng
sudo touch /var/log/ntopng/startup.log

sudo wget http://terminal28.com/wp-content/uploads/2014/08/ntopng-init-script-deb.tar.gz
sudo tar xvzf ntopng-init-script-deb.tar.gz -C /
sudo chmod +x /etc/default/ntopng 
sudo chmod +x /etc/init.d/ntopng

 

Configure  ntopng /etc/default/ntopng:

sudo nano /etc/default/ntopng

 

ENABLED=1

Configure network interfaces e.g:.

INTERFACES="eth0 eth1 wlan0"

Port on which ntopng will listen for the web-UI – default port 3000.

HTTP_PORT=3000

Additional command-line arguments for ntopng, more: ntopng –help.

ADD_ARGS=""


5. First run.

sudo /etc/init.d/redis-server restart
sudo /etc/init.d/ntopng start

 

6. Accesss to Ntopng:

http://127.0.0.1:3000
http://adress_IP:3000
http://domain.com:3000

 

Username/password: admin/admin.

 

7. Configure Apache2 server as a proxy with SSL.

Install Apache2 server using this tutorial:

http://man.sethuper.com/instalacja-i-konfiguracja-apache-php5-ruby-python-webdav

Edit configfile e.g: httpd.conf:

Create 2 virtualhosts:

Configure virtualhost to listen on port 80 and redirect to port 443 (SSL).

sudo nano /etc/appache2/httpd.conf

 

# NTOPNG.DOMAIN.COM - PORT  80
#===========================================================================
<VirtualHost *:80>
ServerName ntopng.domain.com
ServerAlias *.ntopng.domain.com
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
RewriteCond %{SERVER_PORT} !^443$
RedirectMatch ^/$ https://ntopng.domain.com
</VirtualHost>
#===========================================================================

 

Configure virtualhost to listen on port 443 and proxy.

# NTOPNG.DOMENA.PL - PORT 443
#===========================================================================
<VirtualHost *:443>
ServerName ntopng.domain.com
ServerAlias *.ntopng.domain.com
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ProxyPass / http://localhost:3000/
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLCertificateFile /etc/apache2/ssl/ntopng.domain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/ntopng.domain.com.key

</VirtualHost>
#===========================================================================

 

8. Activate proxy modul and restart Apache2 server.

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo /etc/init.d/apache2 restart

 

9. Access to ntop through Apache2 server with SSL:

http://ntopng.domain.com
 

Username/password: admin/admin.

ntopng

17 comments

Skip to comment form

  1. MIchael

    Thank you sooooo much for this! I really needed help installing, as I am still fairly new to making/installing packages, and the ntopng website didn’t quite explain it in detail enough.

  2. ein

    Not working for me, debian 7.70, I’ve compilation errors:
    g++ -g -Wall -I/usr/local/include -I/usr/include/hiredis -I./third-party/mongoose -Ithird-party/json-c -I./nDPI/src/include -I/usr/local/include/luajit-2.0 -I/usr/local/include -Ithird-party/http-client-c/src/ -Ithird-party/EWAHBoolArray/headers -DDATA_DIR='”/usr/local/share”‘ -c CollectorInterface.cpp -o CollectorInterface.o
    CollectorInterface.cpp: In constructor ‘CollectorInterface::CollectorInterface(const char*, const char*)’:
    CollectorInterface.cpp:33:25: error: ‘zmq_ctx_new’ was not declared in this scope
    CollectorInterface.cpp:50:30: error: ‘zmq_ctx_destroy’ was not declared in this scope
    CollectorInterface.cpp:57:30: error: ‘zmq_ctx_destroy’ was not declared in this scope
    CollectorInterface.cpp: In destructor ‘virtual CollectorInterface::~CollectorInterface()’:
    CollectorInterface.cpp:80:26: error: ‘zmq_ctx_destroy’ was not declared in this scope
    CollectorInterface.cpp: In member function ‘void CollectorInterface::collect_flows()’:
    CollectorInterface.cpp:112:59: error: cannot convert ‘zmq_msg_hdr*’ to ‘zmq_msg_t*’ for argument ‘2’ to ‘int zmq_recv(void*, zmq_msg_t*, int)’
    CollectorInterface.cpp:121:66: error: cannot convert ‘char*’ to ‘zmq_msg_t*’ for argument ‘2’ to ‘int zmq_recv(void*, zmq_msg_t*, int)’
    make: *** [CollectorInterface.o] Error 1

    1. sethuper

      Works fine, I have just tested on new instalation (debian 7.7). You had to miss something when you did the tutorial or download ntopng again and compile..

      1. e

        Yeah, u r right. I’ve made clean install and worked as expected. Thank u.

  3. e

    Please add to the article that u use: ntopng-1.2.0_r8116.tgz

    1. e

      I was using anyway.

    2. sethuper

      Only stable version of ntopng (1.2.1) has been used in this tutorial.

  4. Vasya

    sudo /etc/init.d/ntopng start
    * Starting network top daemon ntopng
    *

    Ntopng fails to start.
    In log file /var/log/ntopng/startup.log: “ntopng requires the redis-server service to be running”

    But redis-server running:

    ps -e|grep “redis”
    2364 ? 00:00:00 redis-server

  5. Immortal

    I installed the ntopng using the tutorial above. When I tried accessing as IP:3000, I get the error “unable to connect”.

    Also, when I checked the status of redis* and ntopng as follows:

    sudo /etc/init.d/redis-server restart
    redis-server is running

    sudo /etc/init.d/ntopng start
    I get to see nothing.

    Please advice, if I have done sth wrong.

    1. sethuper

      Make sure these files are existing and are configured: /etc/default/ntopng and /etc/init.d/ntopng and all dependencies are installed. then stop and start both servers:

      sudo /etc/init.d/redis-server stop
      sudo /etc/init.d/redis-server start
      Starting redis-server: redis-server.

      sudo /etc/init.d/ntopng stop
      sudo /etc/init.d/ntopng start
      [ ok ] Starting network top daemon: ntopng.

  6. sara

    hello
    how can i active -f option on ntopng?,i have no idea for that,pleaze help me
    thank you

    1. sethuper

      I will try this option this week, but you can add some options in the default config: ADD_ARGS=””:
      sudo nano /etc/default/ntopng
      ADD_ARGS="-f"

      or ….it might not work..

      sudo nano /etc/init.d/ntopng

      find ADD_ARGS and add -f

      ADD_ARGS="-f"

  7. Joe

    Thanks mate, I’ve used your useful article in mine here http://nemgeek.blogspot.com/2015/08/ntopng-install-on-debian-sqeeze.html

  8. TJ

    Trying to install ntopng on raspbbery pi with jessie distribution of debian i got message oafet command ./configure :”
    Please install libcurl(-dev) (http://curl.haxx.se/)” I know that package probably is included in my distro by “apt-cache search ^libcurl” i got.
    libcurl-ocaml – OCaml curl bindings (Runtime Library)
    libcurl-ocaml-dev – OCaml libcurl bindings (Development package)
    libcurl3 – easy-to-use client-side URL transfer library (OpenSSL flavour)
    libcurl3-dbg – debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
    libcurl3-gnutls – easy-to-use client-side URL transfer library (GnuTLS flavour)
    libcurl3-nss – easy-to-use client-side URL transfer library (NSS flavour)
    libcurl4-doc – documentation for libcurl
    libcurl4-gnutls-dev – development files and documentation for libcurl (GnuTLS flavour)
    libcurl4-nss-dev – development files and documentation for libcurl (NSS flavour)
    libcurl4-openssl-dev – development files and documentation for libcurl (OpenSSL flavour)
    libcurlpp-dev – c++ wrapper for libcurl (development files)
    libcurlpp0 – c++ wrapper for libcurl
    libghc-hxt-curl-dev – LibCurl interface for HXT
    libghc-hxt-curl-doc – LibCurl interface for HXT; documentation
    libghc-hxt-curl-prof – LibCurl interface for HXT; profiling libraries
    lua-curl – libcURL bindings for the Lua language
    lua-curl-dev – libcURL development files for the Lua language
    ruby-ethon – libcurl wrapper using ffi
    his is included in my distribution of linux

    Unfortunaltey I dont know hot to use it and how to make it go. Trying to skip this :):
    sudo make geoip
    make: *** No rule to make target ‘geoip’. Stop.

    nad that all …any help?

    1. sethuper

      Did you install libcurl-dev as well?

  9. TJ

    Yeah thanks . It indeed needed instalation of libcurl-dev and later libmysqlclient-dev
    and it works!!!
    Right now i wanted it to run after restart automatically after reboot and collect traffic data from mikrotik sending traffic flow.
    It tried to use commands:
    nprobe –zmq “tcp://*:5556” -i …..
    but..
    bash: nprobe: command not found
    how to install this?:)

    1. sethuper

      nProbe is a seperated package/app..

      You can use these packages:
      http://packages.ntop.org/

      sudo su
      wget http://packages.ntop.org/apt/ntop.key
      apt-key add ntop.key
      echo "deb http://apt.ntop.org/jessie_pi armhf/" > /etc/apt/sources.list.d/ntop.list
      echo "deb http://apt.ntop.org/jessie_pi all/" >> /etc/apt/sources.list.d/ntop.list
      apt-get update
      apt-get install ntopng nprobe

Leave a Reply

Your email address will not be published. Required fields are marked *