Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 10657
  • Last Modified:

Installing and configuring NTOPNG on CentOS

I am a relative Linux novice. I am pretty comfortable with scripting and understand the basics of compiling. With that said, I am having significant difficulties installing NTOPNG. I need a solution for network monitoring and NetFlow packet capture that doesn't cost and arm and a leg. I have been able to converse with Luca Deri who developed the application but I haven't been able to get a good walkthrough on setting it up.

I am looking for someone who has experience getting ntopng running. We mainly use Cisco ASAs in our systems and need to capture flow data from these. I would like to use ntopng and nprobe to do this. I can install ntop by simply using the yum install ntop command but I want the features of the new version. I have been trying to follow various walkthroguhs of installing it but I keep running into snags. Hopefully someone has experience with this.

I have been using
http://www.nmon.net/centos/
and
http://blog.jamesspencer.me/2013/08/install-ntop-ng-101-on-centos-64.html

but haven't gotten it running. If anyone has experience with this, I can post some more details.

Thanks!
0
farroar
Asked:
farroar
1 Solution
 
Duncan RoeSoftware DeveloperCommented:
When you say you haven't got it to run, what actual error message do you get?
0
 
farroarAuthor Commented:
I was having compilation errors, but I found a guide that got it running. I am able to access the web GUI and it seems to be pulling data but I'm not certian that it is accurate.

It is running on a virtual machine hosted on an ESXi server. I imagine that it is only seeing packets that pass by it's interface but it does see other hosts on the network. The data rates it is reporting seem very low for the network it is in.

I am pointing the local network's ASA to the server using port 9996. The thing is, I don't see anywhere to configure this port so I'm not sure that the server is looking for data on that port. This makes me believe I need to use nProbe. Getting this up and running is proving to be difficult now as well. I am following this guide:

http://luca.ntop.org/nProbeInstallationGuide.pdf

On page 15 it specifies some configuration parameters but I cannot find any of the files it mentions. First of all, the documentation is out of date. The file that I download from their website is not a .tar file, it is a .deb file. I extracted this package and I'm still not able to find the files they are talking about. I did use the yum install nProbe command and it seems to have installed it, but I can't find any configuration files. I've looked in the /etc/ folder where ntopng is located, but can't find anything. I just need to get to a point where I can see some real data and then I'll know how to go from there.

Thanks for any input!
0
 
moskwiczCommented:
If you added ntop repo as described in James Spancers's blog there is no need to compile it from source to get the newest features since the ntop packages are build daily.

You'll need to create config files if the /etc/ntopng folder is empty.
Create ntopng.start file and ntopng.conf. The start file can be empty and then all options will be read from ntopng.conf file.

For example my config looks like this :

-G=/var/tmp/ntopng.gid
-i eth1
--data-dir /var/ntop
--dns-mode 1
--local-networks <list of networks to be considered as local by ntop statistics>
--disable-login

You will also need to add RW permisions for user nobody to folder /var/ntop since ntop is running under that user context.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now