Category Archives: Monitoring

How to setup ntop on Centos 7

Linux Servers, Monitoring, System Administration

setup ntop on Centos 7

Ntop [ntopng] is a very powerful network traffic monitoring system. The interface of ntopng has some awesome features like viewing of network traffic, including top hosts data, top flow talkers, application protocols in use, top flow senders data in live mode. Also using ntopng’s web interface each and every node’s active flow can be viewed live.

1. Install EPEL/NTOP repo

Add EPEL repository using wget to download rpm file and then install it. If you have not installed wget then install it by using #yum install wget

# cd ~
# wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm
# rpm -ivh epel-release-7-7.noarch.rpm

Install EPEL for CentOS 7

Once EPEL repository is installed, install NTOP repository.

# cd /etc/yum.repos.d/ 
# wget http://packages.ntop.org/centos/ntop.repo -O ntop.repo

wget ntop repo

2. Install Redis

Redis and Hiredis are the required packages for the Ntopng installation, so install it before installing ntopng

# yum install redis hiredis

Install redis

3. Install NTOPNG

Install ntopng along with other packages.

# yum clean all
# yum update
# yum install pfring n2disk nprobe ntopng ntopng-data cento nbox

Install ntop

4. Enable Redis/NTOPNG during startup

# systemctl enable redis
# systemctl enable ntopng
# systemctl restart redis
# systemctl start ntopng

Enable redis, ntopng during startup

5. Configure Firewall

Configure firewall to allow traffic to ntopng. If you have not installed firewall in your CentOS 7, then install it using following commands.

#yum install firewalld
#systemctl start firewalld
#systemctl enable firewalld

Now open the following port to public using firewall-cmd

#firewall-cmd --zone=public --add-port=3000/tcp --permanent
#firewall-cmd --zone=public --add-port=6379/tcp --permanent
#firewall-cmd --reload

 Configure firewall

6. Create configuration files for ntopng

By default, redis and ntopng installed in /usr/local/ folder.  We need to create configuration files for ntopng.

# cd /usr/local/etc
# mkdir ntopng
# cd ntopng

Create ntopng configuration dir/files

# nano ntopng.start

Put these lines :

–local-network “172.31.0.0”
–interface 0

ntopng conf file

# nano ntopng.pid

Put this line :

-G=/var/run/ntopng.pid

ntopng pid location

7. Restart ntopng/redis

# systemctl restart redis
# systemctl restart ntopng

Restart ntopng and redis

Check the log file using this command, tail -50 /var/log/ntopng/ntopng.log

ntopng log file

8. Testing ntopng

Now you can test your ntopng application by typing http://demohost.com:3000 . You will get ntopng login page.

NTOP login page

For the first time, you can use user ‘admin’ and password ‘admin’. You will be redirected to the dashboard.

ntop dashboard

7.Configuring ntopng collector to receive flow from another device such as Cisco Router.

Edit ntopng.conf as shown and add the following line at the end of the file and save the file [ You may choose other port number , in this tutorial we use port 5559 ]

nano /etc/ntopng/ntopng.conf
-i=tcp://your-sender-ip-address:5559

Next we need to start the collector with the following command

nprobe –zmq “tcp://your-sender-ip-address:5559” =i none -n none –collector-port 2055

8.Cisco Router IP Flow Configuration Example

Global Configuration

config#ip flow-cache timeout active 1
config#ip flow-export source GigabitEthernet0/1
config#ip flow-export version 9
config#ip flow-export destination your-ntopng ip-address 2055

On the interface you want enable flow capturing so as to send it to ntopng. [ This example illustrate using GigabitEthernet0/1]

config# interface GigabitEthernet0/1
config-if# ip flow ingress
config-if# ip flow egress

Congratulation! Your ntopng server should be now receiving flow data from your wan device for traffics analysis.