茶米王(DAVIDWA): 2014/2/2

2014年2月8日星期六

NTOPNG --- How to install ntopng on CentOS 6.x (part 1)

I want to monitor network status on one host but hope the method is simple and expression is graphic. I got the NTOPNG because it is very public in Internet when I search the related information by Google.
How to install it? By yum will be easy method to finish it!

Add a new repository for ntopngAt first, we have to create a repository for installing NTOP package by adding a file name ntop.repo under the /etc/yum.repos.d/ directory

and also add a EPEL repository by using wget command for download rpm file next to install it. (# 1)

To verify the ntop & epel repository is enabled by running the yum repolist command.

Install ntopng packageTo clean all the cached files from any enabled repository by using the yum clear all command.

To perform the system update by using the yum update command next to reboot the system.
AS-IS

TO-BE

To realize which repository has the ntopng package by using the yum info ntopng command

To use the ntop repository for installing the ntopng and the related packages by using the yum --enablerepo=ntop install pfring n2disk nProbe ntopng ntopng-data command

Configure ntopng setting
To ensure the GeoIP database is present (# 2)

To edit the ntopng.start file as the CIDR address prefix of the local network

and change the ntopng.gid to ntopng.pid in the ntopng.conf file (# 3)
Start ntopng service (# 4)
After finish the above configuration, we need to start the redis service firstly by using the service redis start command

next to start the ntopng service by using the service ntopng start command

Then we can ensure the ntopng is listening on TCP 3000 port by using the netstat –luntap | grep 3000 command.

Add a firewall rule for ntopngTo add a firewall rule on iptables for allowing access to this web interface remotely by using the iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT command

Once ntopng is started successfully, we can use http://<host ip address>:3000 to explore the ntopng web interface. By default, the username/password is admin/admin to log in this.

We can see some top flow in real time now.

Reference:
(# 1) Another method for adding a REPL repo is to use the rpm –Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm command

(# 2)   If the GeoIP database files never exist in the /usr/local/share/ntopng/httpdocs/geoip directory, we can download the GeoLite databases for GeoIP next to do the following steps.
#cd /usr/local/share/ntopng/httpdocs/geoip
#wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
#gunzip GeoIPASNum.dat.gz

#wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz
#gunzip GeoIPASNumv6.dat.gz

#wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
#gunzip GeoLiteCity.dat.gz

#wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz
#gunzip GeoLiteCityv6.dat.gz

(# 3)   If the ntopng configuration data never exist after install it, we need to create the NTOP configuration directory and files as follows.
#mkdir –p /etc/ntopng
#touch /etc/ntopng/ntopng.start
#vi /etc/ntopng/ntopng.start
--local-networks “your subnet here”
--interface 0

#touch /etc/ntopng/ntopng.conf
#vi /etc/ntopng/ntopng.conf
-G=/var/run/ntopng.pid
(# 4)   please confirm whether the redis & ntopng service will be started on boot by using the chkconfig --list command.