LuvUnix

How to setup ntop on Centos 7

Advertisements

setup ntop on Centos 7

Ntop [ntopng] is a very powerful network traffic monitoring system. The interface of ntopng has some awesome features like viewing of network traffic, including top hosts data, top flow talkers, application protocols in use, top flow senders data in live mode. Also using ntopng’s web interface each and every node’s active flow can be viewed live.

1. Install EPEL/NTOP repo

Add EPEL repository using wget to download rpm file and then install it. If you have not installed wget then install it by using #yum install wget

# cd ~
# wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm
# rpm -ivh epel-release-7-7.noarch.rpm

Once EPEL repository is installed, install NTOP repository.

# cd /etc/yum.repos.d/ 
# wget http://packages.ntop.org/centos/ntop.repo -O ntop.repo

2. Install Redis

Redis and Hiredis are the required packages for the Ntopng installation, so install it before installing ntopng

# yum install redis hiredis

3. Install NTOPNG

Install ntopng along with other packages.

# yum clean all
# yum update
# yum install pfring n2disk nprobe ntopng ntopng-data cento nbox

4. Enable Redis/NTOPNG during startup

# systemctl enable redis
# systemctl enable ntopng
# systemctl restart redis
# systemctl start ntopng

5. Configure Firewall

Configure firewall to allow traffic to ntopng. If you have not installed firewall in your CentOS 7, then install it using following commands.

#yum install firewalld
#systemctl start firewalld
#systemctl enable firewalld

Now open the following port to public using firewall-cmd

#firewall-cmd --zone=public --add-port=3000/tcp --permanent
#firewall-cmd --zone=public --add-port=6379/tcp --permanent
#firewall-cmd --reload

 

6. Create configuration files for ntopng

By default, redis and ntopng installed in /usr/local/ folder.  We need to create configuration files for ntopng.

# cd /usr/local/etc
# mkdir ntopng
# cd ntopng

# nano ntopng.start

Put these lines :

–local-network “172.31.0.0”
–interface 0

# nano ntopng.pid

Put this line :

-G=/var/run/ntopng.pid

7. Restart ntopng/redis

# systemctl restart redis
# systemctl restart ntopng

Check the log file using this command, tail -50 /var/log/ntopng/ntopng.log

8. Testing ntopng

Now you can test your ntopng application by typing http://demohost.com:3000 . You will get ntopng login page.

For the first time, you can use user ‘admin’ and password ‘admin’. You will be redirected to the dashboard.

7.Configuring ntopng collector to receive flow from another device such as Cisco Router.

Edit ntopng.conf as shown and add the following line at the end of the file and save the file [ You may choose other port number , in this tutorial we use port 5559 ]

nano /etc/ntopng/ntopng.conf
-i=tcp://your-sender-ip-address:5559

Next we need to start the collector with the following command

nprobe –zmq “tcp://your-sender-ip-address:5559” =i none -n none –collector-port 2055

8.Cisco Router IP Flow Configuration Example

Global Configuration

config#ip flow-cache timeout active 1
config#ip flow-export source GigabitEthernet0/1
config#ip flow-export version 9
config#ip flow-export destination your-ntopng ip-address 2055

On the interface you want enable flow capturing so as to send it to ntopng. [ This example illustrate using GigabitEthernet0/1]

config# interface GigabitEthernet0/1
config-if# ip flow ingress
config-if# ip flow egress

Congratulation! Your ntopng server should be now receiving flow data from your wan device for traffics analysis.

Advertisements

Advertisements