My Headlines

Saturday, March 12, 2011

Install Ntop monitoring in Ubuntu

Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) and Fibre Channel (FC) traffic generated by each host. The traffic is sorted according to host and protocol. Protocols (user configurable) include:
  • TCP/UDP/ICMP
  • (R)ARP
  • IPX
  • DLC
  • Decnet
  • Netbios
  • TCP/UDP
    • o FTP o HTTP o DNS o Telnet o SMTP/POP/IMAP o SNMP o NFS o X11
  • Fibre Channel
    • o Control Traffic - SW2, GS3, ELS o SCSI
(In human-readable, this means you can very comprehensively monitor your network traffic, connections & bandwidth via a web output)

Installation

 


Packages needed for installation are:
ntop

You can just type the following to install it (make sure you enable the Universe repositories): https://help.ubuntu.com/7.10/add-applications/C/extra-repositories.html
sudo apt-get install ntop -y

Compiling ntop from source or SVN


The ntop source can be retrieved from Ubuntu's servers using a command like:
apt-get source ntop

which will unpack the source package into the current working directory with a name like ntop-3.3.10. You can also follow the instructions at ntop.org to retrieve the latest version from SVN (trunk):
svn co https://svn.ntop.org/svn/ntop/trunk/ntop

Most of the packages which will be required to build ntop from source on an Ubuntu 9.10 (Karmic) can be retrieved with the following command:
sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev

You must first run ./autogen.sh in the ntop directory to create the configure script, Makefiles, and such, as described here. The configure script is pretty good about telling you which dependencies are missing, if any. Don't forget you can pass configure options to autogen.sh, as in:
./autogen.sh --prefix=/usr/local/stow/ntop-svn

References:
  1. http://www.gnu.org/software/stow/ - helps manage source packages without sullying /usr/bin, /usr/share, and so on

Configuration


When first installing & configuring the ntop application you need to set an admin password.
sudo ntop --set-admin-password

restart the service with
sudo /etc/init.d/ntop restart

Fixing "Physical Host Location" feature (mapper.pl)


The link to http://www.ntop.org/cgi-bin/mapper.pl for physical host locations (the compass icon in traffic listings) is broken (Error 404) as of this writing (2010-07-01). This affects ntop package version 3.3-11ubuntu1 for Karmic (9.10).
Check this space for a workaround using a local http server and links to relevant Launchpad bug reports.

Status of host location mapping in SVN (reported as of SVN revision 4304)


The issue with the dead mapper.pl link is resolved in the latest SVN, as of this writing (2010-07-02). The host location results com from http://geotool.servehttp.com instead, a service of MaxMind, who provide the libgeoip1 library also used in ntop.

Access


To access your network statistics via the web visit the web address:

Links


Sigfaults


The packaged version of ntop is plagued with sigfaults. You will be using ntop and it just cuts out in the middle of your session. There is luckily a way around this, that is easier than the SVN method.
Thanks to Sylvain Garcia who has packaged the newest version of ntop in a PPA to install just do the following from a terminal:
sudo apt-add repository ppa:sylvain-garcia
If you have already installed ntop:
sudo aptitude update && sudo aptitude safe-upgrade
If you haven't yet installed ntop:
sudo aptitude update && sudo aptitude install ntop
Next there is one setting missing in the Ubuntu build of ntop. It's easy enough to change. (note nano is the default editor for Ubuntu. You may use of course any editor you prefer.)
sudo nano /etc/init.d/ntop
CTRL+_ 96 (that's an underscore, the command in nano to go to a specific line)
In the line that reads:
  • start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \ -d -L -u $USER -P $HOMEDIR \
add -b so that it now reads:
  • start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \
    -d -b -L -u $USER -P $HOMEDIR \
CTRL+O CTRL+X (save and quit in nano)
sudo service ntop restart
now browse to localhost:3000 and have fun with ntop
Reference: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/588049

No comments: