Solved

Installing and configuring NTOPNG on CentOS

Posted on 2013-11-25
3
10,404 Views
Last Modified: 2013-12-19
I am a relative Linux novice. I am pretty comfortable with scripting and understand the basics of compiling. With that said, I am having significant difficulties installing NTOPNG. I need a solution for network monitoring and NetFlow packet capture that doesn't cost and arm and a leg. I have been able to converse with Luca Deri who developed the application but I haven't been able to get a good walkthrough on setting it up.

I am looking for someone who has experience getting ntopng running. We mainly use Cisco ASAs in our systems and need to capture flow data from these. I would like to use ntopng and nprobe to do this. I can install ntop by simply using the yum install ntop command but I want the features of the new version. I have been trying to follow various walkthroguhs of installing it but I keep running into snags. Hopefully someone has experience with this.

I have been using
http://www.nmon.net/centos/
and
http://blog.jamesspencer.me/2013/08/install-ntop-ng-101-on-centos-64.html

but haven't gotten it running. If anyone has experience with this, I can post some more details.

Thanks!
0
Comment
Question by:farroar
3 Comments
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39679136
When you say you haven't got it to run, what actual error message do you get?
0
 

Author Comment

by:farroar
ID: 39679739
I was having compilation errors, but I found a guide that got it running. I am able to access the web GUI and it seems to be pulling data but I'm not certian that it is accurate.

It is running on a virtual machine hosted on an ESXi server. I imagine that it is only seeing packets that pass by it's interface but it does see other hosts on the network. The data rates it is reporting seem very low for the network it is in.

I am pointing the local network's ASA to the server using port 9996. The thing is, I don't see anywhere to configure this port so I'm not sure that the server is looking for data on that port. This makes me believe I need to use nProbe. Getting this up and running is proving to be difficult now as well. I am following this guide:

http://luca.ntop.org/nProbeInstallationGuide.pdf

On page 15 it specifies some configuration parameters but I cannot find any of the files it mentions. First of all, the documentation is out of date. The file that I download from their website is not a .tar file, it is a .deb file. I extracted this package and I'm still not able to find the files they are talking about. I did use the yum install nProbe command and it seems to have installed it, but I can't find any configuration files. I've looked in the /etc/ folder where ntopng is located, but can't find anything. I just need to get to a point where I can see some real data and then I'll know how to go from there.

Thanks for any input!
0
 
LVL 1

Accepted Solution

by:
moskwicz earned 500 total points
ID: 39706129
If you added ntop repo as described in James Spancers's blog there is no need to compile it from source to get the newest features since the ntop packages are build daily.

You'll need to create config files if the /etc/ntopng folder is empty.
Create ntopng.start file and ntopng.conf. The start file can be empty and then all options will be read from ntopng.conf file.

For example my config looks like this :

-G=/var/tmp/ntopng.gid
-i eth1
--data-dir /var/ntop
--dns-mode 1
--local-networks <list of networks to be considered as local by ntop statistics>
--disable-login

You will also need to add RW permisions for user nobody to folder /var/ntop since ntop is running under that user context.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Shoretel QoS Configuration on Cisco Switches 9 43
Radius ASA Authentication Failed 4 63
Cisco IOS from ipbase to ipservices 10 78
Load Balancing 3 16
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now