Install Ntopng Network Traffic Monitoring Tool on CentOS 7

by hitjethva on Feb 02, 2016

Beginner

Table of Contents

Introduction

Ntopng Features

Requirements

Installing Ntopng

Start the Ntopng and Redis Service

Configure Ntopng

Allow Ntopng Through the Firewall

Test Ntopng

Introduction

Ntopng is an opensource network traffic monitoring system that provides a web

interface for real-time network monitoring. It very useful tool that helps you
learn more about your network traffic.

Ntopng provides several tools for monitoring various protocols, traffic variants
and bandwidth across multiple time frames. You can install ntopng on any
monitoring server connected to your network and use a web browser to access
real-time traffic reports available on the server.

In this tutorial, I will explain how to set up a web-based network traffic

monitoring system on CentOS 7 using ntopng.

Ntopng Features

Protocol-level real-time analysis of local network traffic.

Geolocation of IP addresses.

Network traffic matrix

Historical traffic analysis

 Support for sFlow, NetFlow and IPFIX through nProbe.

IPv6 support.

Requirements

A server running CentOS v. 7

Installing Ntopng

Ntopng is not available in the default CentOS 7 repository. To begin, you will
need to add the EPEL repository to your system by running the following
command:

sudo yum install epel-release

Next, you will need to create an ntop repository for the stable builds. To do this,
create a file named ntop.repo inside the /etc/yum.repos.d/ directory.

sudo nano /etc/yum.repos.d/ntop.repo

Add the following content to the ntop.repo file:

[ntop]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri
[ntop-noarch]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/noarch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri

Save and exit the file.

Now, update the repositories and all installed packages with the following
command:

sudo yum -y update

Finally, install ntopng by running the following command:

sudo yum --enablerepo=epel install redis ntopng

Start the Ntopng and Redis Service

Once ntopng has been installed, you need to install the hiredis-devel package
and start the redis server before starting ntopng.

sudo yum --enablerepo=epel install hiredis-devel

Now, start the redis service and enable the service to start at boot time:

sudo systemctl start redis.service

sudo systemctl enable redis.service

Lets start ntopng and add the service to start at boot time:

sudo systemctl start ntopng.service

sudo systemctl enable ntopng.service

Configure Ntopng

Ntop will create a default configuration file at /etc/ntopng/ntopng.conf. However

if you check the status, youll see that ntop gives you a "No Pro licence is
found" error, and announces that it will return to community mode after 10
minutes.

To check the ntopng status, run:

sudo systemctl status ntopng

You should see the following output

You can remove this warning message by editing the ntopng configuration file:

sudo vi /etc/ntopng/ntopng.conf

Add/change the line shown below:

-G=/var/tmp/ntopng.pid\
--community

sudo nano /etc/ntopng/ntopng.conf

After running the above command copy all these lines into ntopng
configuration file.
# /etc/ntopng/ntopng.conf
#
# The configuration file is similar to the command line, with the exception that
an equal
# sign = must be used between key and value. Example: -i=p1p2 or
interface=p1p2 For
# options with no value (e.g. -v) the equal is also necessary. Example: -v=
must be used.
#
#
# -G|pid-path
# Specifies the path where the PID (process ID) is saved.
#
-G=/var/tmp/ntopng.pid
#
# -e|daemon
# This parameter causes ntop to become a daemon, i.e. a task which runs in
the background
# without connection to a specific terminal. To use ntop other than as a casual
monitoring
# tool, you probably will want to use this option.
#
-e=
#
# -i|interface
# Specifies the network interface or collector endpoint to be used by ntopng
for network
# monitoring. On Unix you can specify both the interface name (e.g. lo) or the
numeric
# interface id as shown by ntopng -h. On Windows you must use the interface
number instead.
# Note that you can specify -i multiple times in order to instruct ntopng to
create multi-
# ple interfaces.
#
-i=1
#
# -w|http-port
# Sets the HTTP port of the embedded web server.
#
-w=3000
#
# -m|local-networks
# ntopng determines the ip addresses and netmasks for each active interface.
Any traffic on
# those networks is considered local. This parameter allows the user to define
additional
# networks and subnetworks whose traffic is also considered local in ntopng
reports. All
# other hosts are considered remote. If not specified the default is set to
192.168.1.0/24.
#
# Commas separate multiple network values. Both netmask and CIDR notation
may be used,
# even mixed together, for instance 131.114.21.0/24,10.0.0.0/255.0.0.0.
#
-m=192.168.1.0/24
#
# -n|dns-mode
# Sets the DNS address resolution mode: 0 Decode DNS responses and
resolve only local
# (-m) numeric IPs 1 Decode DNS responses and resolve all numeric IPs 2
Decode DNS
# responses and dont resolve numeric IPs 3 Dont decode DNS responses
and dont resolve
#
-n=1
#
# -S|sticky-hosts
# ntopng periodically purges idle hosts. With this option you can modify this
behaviour by
# telling ntopng not to purge the hosts specified by -S. This parameter requires
an argu-
# ment that can be all (Keep all hosts in memory), local (Keep only local
hosts),
# remote (Keep only remote hosts), none (Flush hosts when idle).
#
-S=
#
# -d|data-dir
# Specifies the data directory (it must be writable). Default directory is ./data
#
-d=/var/tmp/ntopng
#
# -q|disable-autologout
# Disable web interface logout for inactivity.
#
-q=

STEP5: You can also download ntopng from their website and install it
manually by using the following command if you dont want to add its repo.
$ tar xzf ntopng-1.0.tar.gz -C ~
$ cd ~/ntopng-1.0/
$ ./configure
$ make geoip
$ make

STEP 6: We also need to create ntopng.start file by using the command:

sudo nano /etc/ntopng/ntopng.start
Once you created ntopng.start file then add the following lines
local-networks 192.168.0.0/24
## give your local IP Ranges here.
interface 1

STEP 7: To see all available interfaces and options, use the ntopng -h option:
sudo ntopng-h

Save and exit the file with (:wq) , restart ntopng and check status again:

sudo systemctl restart ntopng

sudo systemctl status ntopng

Allow Ntopng Through the Firewall

Ntopng listens by default at the 3000 TCP port so youll need to add firewall
rule to access ntopng from remote machine. You can do this by running
following command:

sudo firewall-cmd --permanent --add-port=3000/tcp

Now, reload the firewalld service:

sudo firewall-cmd --reload