setup ntop on Centos 7
Ntop [ntopng] is a very powerful network traffic monitoring system. The interface of ntopng has some awesome features like viewing of network traffic, including top hosts data, top flow talkers, application protocols in use, top flow senders data in live mode. Also using ntopng’s web interface each and every node’s active flow can be viewed live.
1. Install EPEL/NTOP repo
Add EPEL repository using wget to download rpm file and then install it. If you have not installed wget then install it by using #yum install wget
# cd ~ # wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm # rpm -ivh epel-release-7-7.noarch.rpm
Once EPEL repository is installed, install NTOP repository.
#cd /etc/yum.repos.d/
# wget http://packages.ntop.org/centos/ntop.repo -O ntop.repo
2. Install Redis
Redis and Hiredis are the required packages for the Ntopng installation, so install it before installing ntopng
# yum install redis hiredis
3. Install NTOPNG
Install ntopng along with other packages.
#yum clean all
# yum update
# yum install pfring n2disk nprobe ntopng ntopng-data cento nbox
4. Enable Redis/NTOPNG during startup
# systemctl enable redis # systemctl enable ntopng # systemctl restart redis # systemctl start ntopng
5. Configure Firewall
Configure firewall to allow traffic to ntopng. If you have not installed firewall in your CentOS 7, then install it using following commands.
#yum install firewalld #systemctl start firewalld #systemctl enable firewalld
Now open the following port to public using firewall-cmd
#firewall-cmd --zone=public --add-port=3000/tcp --permanent #firewall-cmd --zone=public --add-port=6379/tcp --permanent #firewall-cmd --reload
6. Create configuration files for ntopng
By default, redis and ntopng installed in /usr/local/ folder. We need to create configuration files for ntopng.
# cd /usr/local/etc # mkdir ntopng # cd ntopng
# nano ntopng.start
Put these lines :
–local-network “172.31.0.0”
–interface 0
# nano ntopng.pid
Put this line :
-G=/var/run/ntopng.pid
7. Restart ntopng/redis
# systemctl restart redis # systemctl restart ntopng
Check the log file using this command, tail -50 /var/log/ntopng/ntopng.log
8. Testing ntopng
Now you can test your ntopng application by typing http://demohost.com:3000 . You will get ntopng login page.
For the first time, you can use user ‘admin’ and password ‘admin’. You will be redirected to the dashboard.
7.Configuring ntopng collector to receive flow from another device such as Cisco Router.
Edit ntopng.conf as shown and add the following line at the end of the file and save the file [ You may choose other port number , in this tutorial we use port 5559 ]
nano /etc/ntopng/ntopng.conf -i=tcp://your-sender-ip-address:5559
Next we need to start the collector with the following command
nprobe –zmq “tcp://your-sender-ip-address:5559” =i none -n none –collector-port 2055
8.Cisco Router IP Flow Configuration Example
Global Configuration
config#ip flow-cache timeout active 1
config#ip flow-export source GigabitEthernet0/1
config#ip flow-export version 9
config#ip flow-export destination your-ntopng ip-address 2055
On the interface you want enable flow capturing so as to send it to ntopng. [ This example illustrate using GigabitEthernet0/1]
config# interface GigabitEthernet0/1 config-if# ip flow ingress config-if# ip flow egress
Congratulation! Your ntopng server should be now receiving flow data from your wan device for traffics analysis.