Pular para o conteúdo principal

Install Ntopng Network Traffic Monitoring Tool on CentOS 7

Table of Contents

Introduction

Ntopng is an opensource network traffic monitoring system that provides a web interface for real-time network monitoring. It very useful tool that helps you learn more about your network traffic.
Ntopng provides several tools for monitoring various protocols, traffic variants and bandwidth across multiple time frames. You can install ntopng on any monitoring server connected to your network and use a web browser to access real-time traffic reports available on the server.
In this tutorial, I will explain how to set up a web-based network traffic monitoring system on CentOS 7 using ntopng.

Ntopng Features

  • Protocol-level real-time analysis of local network traffic.
  • Geolocation of IP addresses.
  • Network traffic matrix
  • Historical traffic analysis
  • Support for sFlow, NetFlow and IPFIX through nProbe.
  • IPv6 support.

Requirements

  • A server running CentOS v. 7

Installing Ntopng

Ntopng is not available in the default CentOS 7 repository. To begin, you will need to add the EPEL repository to your system by running the following command:
sudo yum install epel-release
Next, you will need to create an ntop repository for the stable builds. To do this, create a file named ntop.repo inside the /etc/yum.repos.d/ directory.
 sudo nano /etc/yum.repos.d/ntop.repo
Add the following content to the ntop.repo file:
[ntop]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri
[ntop-noarch]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/noarch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri
Save and exit the file.
Now, update the repositories and all installed packages with the following command:
 sudo yum -y update
Finally, install ntopng by running the following command:
sudo yum --enablerepo=epel install redis ntopng

Start the Ntopng and Redis Service

Once ntopng has been installed, you need to install the hiredis-devel package and start the redis server before starting ntopng.
sudo yum --enablerepo=epel install hiredis-devel
Now, start the redis service and enable the service to start at boot time:
sudo systemctl start redis.service
sudo systemctl enable redis.service
Let’s start ntopng and add the service to start at boot time:
sudo systemctl start ntopng.service
sudo systemctl enable ntopng.service

Configure Ntopng

Ntop will create a default configuration file at /etc/ntopng/ntopng.conf. However if you check the status, you’ll see that ntop gives you a "No Pro licence is found" error, and announces that it will return to community mode after 10 minutes.
To check the ntopng status, run:
sudo systemctl status ntopng
You should see the following output
Ntopng warning status
You can remove this warning message by editing the ntopng configuration file:
sudo nano /etc/ntopng/ntopng.conf
Add/change the line shown below:
-G=/var/tmp/ntopng.pid\
--community
Save and exit the file, restart ntopng and check status again:
sudo systemctl restart ntopng
sudo systemctl status ntopng

Allow Ntopng Through the Firewall

Ntopng listens by default at the 3000 TCP port so you’ll need to add firewall rule to access ntopng from remote machine. You can do this by running following command:
sudo firewall-cmd --permanent --add-port=3000/tcp
Now, reload the firewalld service:
sudo firewall-cmd --reload

Test Ntopng

After setting everything up, you can access the ntopng web interface in a web browser by going to the URL http://your.server.ip:3000. Use the login information:
User: admin Password: admin
Enjoy...

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Upgrading Iomega ix2-200 to Cloud Edition

You just got your ix2-200 from eBay and there are no disks inside the NAS. Or you have a brand new ix2-200 -yet you could not afford Cloud Edition. No problem. With just a USB stick and a SATA adapter or desktop PC, you will easily upgrade your ix2-200 to ix2-200 Cloud Edition. Not only your ix2-200 will have a brand new interface and Cloud options, but also will become Mac OS X Lion compatible! What do we need? Decrypted! ix2-200 Cloud Edition Firmware 3.1.12.47838 S endSpace or RapidShare * USB Flash Drive with at least 2 GB capacity and LED indicator** SATA to USB adapter or desktop PC Toothpick or paperclip Preparing Hard Drives Preparing hard drives is the first step because you have to wipe all the data inside the hard drives and make them just like brand new. We used 2 x Seagate 2 TB 5900 RPM Drives. Backup any files if you have and then remove both disks from ix2-200 and attach them to SATA to USB adapter or your desktop PC's SATA port. Using
Postar um comentário
Leia mais

Cuckoo com Vmware Esxi

Cuckoo is an open-source malware analysis platform using sandboxing technology. The tool allows people like us to analyze malicious binaries in an isolated environment. Since Cuckoo is commonly used with Oracle VirtualBox as its virtualization platform, a majority of online documentation is focused on configuration using VirtualBox. PlantainStan and I decided to test running Cuckoo on ESXi and document our success. This guide will help with the basic configuration of ensuring Cuckoo properly interacts with ESXi. We will continue to update this post as we make continue to make an even more baller Cuckoo environment! Note: In order to successfully interact with vSphere's API, you will need the VMWare ESX Standard license. API functionality is required for Cuckoo to work with ESX. Configure ESX Since this guide is not a "how to" on installing ESXi, we will assume that you have successfully installed the hypervisor on your system. There
Postar um comentário
Leia mais

CentOS7 with Snort Barnyard2 Snorby PulledPork SElinux

This post is about how to install Snort "stack" on CentOS7 with potentially all the latest libs an stuff. Here I will install and configure everything to run Snort as IDS. I will write another post shortly how to run it as IPS - INLINE. System details: [ root@nfsec-ids-01 ~ ] # cat /etc/redhat-release CentOS Linux release 7.3.1611 ( Core ) [ root@nfsec-ids-01 ~ ] # uname -a Linux nfsec-ids-01.nfsec.co.uk 3.10.0-514.2.2.el7.x86_64 #1 SMP Tue Dec 6 23:06:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Snort 2.9.9.0 Installation of snort is very basic: yum install https://www.snort.org/downloads/snort/daq-2.0.6-1.centos7.x86_64.rpm yum install https://www.snort.org/downloads/snort/snort-2.9.9.0-1.centos7.x86_64.rpm Register at Snort and download registered rule set: mkdir /usr/local/src/snortrules cd /usr/local/src/snortrules wget https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz?oinkcode = < oinkcode > tar -zxvf snort
Postar um comentário
Leia mais