Updated 9/11/2015: New instructions on how to start and configure ntopng, after Ntop has changed the behaviour. New CentOS repository added. Hiredis is now needed. Thanks so much to Shashi and Steven for your comments.
—
Ntop NG is an extraordinary tool that helps you to know more about your network traffic. It has a lot of great features and I use it mainly to know quickly what kind of traffic is being generated in my network lab thanks to its web interface with summaries and rrd charts. It supports sFlow so it will be great to use it with openvswitch and get some statistics.
Ntop offers RPM packages for both CentOS/RHEL 6 and CentOS/RHEL 7 so it’s very easy to install.
First of all we’re going to add the EPEL repository:
yum install epel-release wget
We’ll need to install the latest RPM packages: ntopng-data and ntopng.
Let’s create the ntop repository for the nightly builds:
cat <<EOT > /etc/yum.repos.d/ntop.repo [ntop] name=ntop packages baseurl=http://packages.ntop.org/centos/\$releasever/\$basearch/ enabled=1 gpgcheck=1 gpgkey=http://packages.ntop.org/centos/RPM-GPG-KEY-deri [ntop-noarch] name=ntop packages baseurl=http://packages.ntop.org/centos/\$releasever/noarch/ enabled=1 gpgcheck=1 gpgkey=http://packages.ntop.org/centos/RPM-GPG-KEY-deri EOT
Let’s install the packages. We’ll have to accept Luca Deri’s GPG key:
yum install ntopng ntopng-data
Updated (thanks to Davide Lorenzetti for his comment): Let’s install the hiredis-devel package and start the redis server before starting ntopng. You can also enable the service to start at boot time using: systemctl enable redis.service
yum install hiredis-devel systemctl start redis.service
Let’s start ntopng using systemctl.
systemctl start ntopng.service
Ntop will create a default configuration file at /etc/ntopng/ntopng.conf, however if you check the status, you’ll see that NTOP warns you about no Pro licence is found and so it will run in community mode after 10 minutes.
systemctl status ntopng oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:145] WARNING: [LICENSE] ntopng will now run in pro mode for 10 minutes oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:147] WARNING: [LICENSE] before returning to community mode oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:148] WARNING: [LICENSE] You can buy a permanent license at http://shop.ntop.org oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:149] WARNING: [LICENSE] or run ntopng in community mode starting oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:150] WARNING: [LICENSE] ntopng --community oct 16 19:29:39 tornasol.artemit.lab ntopng[3001]: [src/HTTPserver.cpp:486] ERROR: Unable to start HTTP server (IPv4) on ports 3000,3001s Success
As we have no Pro licence (unless you get one of course) we can edit /etc/ntopng/ntopng.conf file to remove the warnings (I’ve added a \ after the pid file):
-G=/var/tmp/ntopng.pid\ --community
We’ll restart ntopng and check the status again:
systemctl restart ntopng systemctl status ntopng ntopng.service - Start/stop ntopng program Loaded: loaded (/etc/systemd/system/ntopng.service; enabled) Active: active (running) since vie 2015-10-16 21:19:52 CEST; 21s ago Process: 1711 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS) Process: 1756 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, status=0/SUCCESS) Main PID: 1762 (ntopng) CGroup: /system.slice/ntopng.service └─1762 /usr/bin/ntopng /etc/ntopng/ntopng.conf oct 16 21:19:52 tornasol.artemit.lab ntopng[1756]: Starting ntopng: [ OK ] oct 16 21:19:52 tornasol.artemit.lab systemd[1]: Started Start/stop ntopng program.
Sweet. You can also enable the service to start at boot time using:
systemctl enable redis.service systemctl enable ntopng.service
Ntopng listens by default at the 3000 TCP port so you’ll need a firewall rule if trying
to get access from a remote machine. If using the dynamic firewall daemon you can use
firewall-cmd to configure the firewall to allow traffic to 3000 port coming from a specific IP address (-s X.X.X.X, e.g my IP is 192.168.5.100). Note that this rule is not permanent.
firewall-cmd --direct --add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp --dport 3000 -s 192.168.5.100 -j ACCEPT
Using a web browser, introduce the IP address of the host running ntop specifying port 3000(e.g http://192.168.1.185:3000). If a login/password shows, enter user admin and password admin and enjoy your ntopng network monitor!
If you want to set any configuration options to /etc/ntopng/ntopng.conf file, I found it a little tricky so read the man page (man ntopng). I’ll update this post offering some examples.
A big thank you to Luca Deri and Ntop’s team!
Cheers!
P.S: If you want to use SSL with the web interface please read my post
I have installed ntop using this procedure but don’t run; i receive the following error:
[root@CentOS-7 /]# systemctl -l status ntopng.service
ntopng.service – LSB: Start/stop ntopng web
Loaded: loaded (/etc/rc.d/init.d/ntopng)
Active: active (exited) since Fri 2015-04-03 21:39:29 CEST; 9s ago
Process: 3027 ExecStart=/etc/rc.d/init.d/ntopng start (code=exited, status=0/SUCCESS)
Apr 03 21:39:29 CentOS-7.0 ntopng[3027]: Starting ntopng: [ OK ]
Apr 03 21:39:29 CentOS-7.0 systemd[1]: Started LSB: Start/stop ntopng web.
Apr 03 21:39:29 CentOS-7.0 ntopng[3033]: [Redis.cpp:77] ERROR: ntopng requires redis serv
er to be up and running
[root@CentOS-7 /]#
LikeLike
First of all, my apologies for being so late answering you. I’ve been checking the steps in the post and you’re absolutely right I’ve updated the post for the steps missing. Once again thank you for your feedback and sorry for not posting the missing step earlier.
LikeLike
no need to install httpd ?
I’ve followed this guide but seems like something is missing.
LikeLike
My apologies for answering you so late. There’s no need to use httpd as NTOPNG already offers one, however one step was missing in the post… I’ve updated the post adding how to start the REDIS server as it’s needed to run ntopng properly. Sorry for the inconvenience. Thanks for your feedback.
LikeLike
Hi
I am using centos 7 and I have followed the steps to installed it but it is not working for me.
First this is sample file is missing so i cannot copy it.
Secondly, I cannot access using web browser.
LikeLike
Hi Shashi,
thanks for your post. Sorry being late, I’ve been busy at work, It seems that Ntop changed the way their RPM work. I’ve updated and checked that the steps are ok. Please let me know if the steps provided work for you and send me any comment.
Cheers!
LikeLike
Hi there, thanks for the info! I need some help getting mine running. Whenever I try to run ntopng it’s giving me a license error. Invalid or missing ntpong License [Empty License File].
Is there something I missed? Thanks 🙂
LikeLike
Hi Steven,
thanks for your post. It seems that Ntop shows this message so you can check that you can get a Pro licence, however you can still use the community edition after 10 minutes. Anyway I’ve updated the post so you can remove those warnings. Please let me know if the steps provided work for you.
Cheers
LikeLike
Hello N40LAB,
After a long fight, I were able to complete the installation on CentOS 7 using your updated repo and instructions. But after completing the installation everything looks good except- “This webpage is not available”. Below is the status message. Can you please help me on this.
# sudo systemctl -l status ntopng.service
ntopng.service – Start/stop ntopng program
Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
Active: activating (start) since Sun 2015-10-18 18:09:03 AFT; 4s ago
Process: 23858 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
Control: 23866 (ntopng)
CGroup: /system.slice/ntopng.service
├─23866 /bin/bash /etc/systemd/scripts/ntopng start
└─23897 sleep 1
Oct 18 18:09:03 localhost.localdomain systemd[1]: Starting Start/stop ntopng program…
Oct 18 18:09:03 localhost.localdomain ntopng[23866]: Starting ntopng: /usr/bin/ntopng: error while loading shared libraries: libhiredis.so.0.12: cannot open shared object file: No such file or directory
LikeLike
Hi,
assuming that Redis server has been started (systemctl start redis) try installing the hiredis-devel package: yum install hiredis-devel. Let me know if that solves your problem, if not I will re-check all the steps provided in a fresh CentOS 7 vm.
Thanks for your feedback
LikeLike
I’ve updated the post. It seems that now hiredis is needed. Sorry about that error, but I’m using the nightly builds so these things can happen. I’ve tried to use the stable rpm but have found some problems so that’s why the post is using nightly builds.
LikeLike
Hello N40LAB,
First of all thank you very much for the support. Here is the installation output of hiredis-level:
$ sudo yum install hiredis-level
[sudo] password for abi:
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* epel: fedora-epel.mirror.lstn.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
No package hiredis-level available.
Error: Nothing to do
Here is the status of redis and ntopng
$ systemctl -l status redis.service
redis.service – Redis persistent key-value database
Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled)
Drop-In: /etc/systemd/system/redis.service.d
└─limit.conf
Active: active (running) since Mon 2015-10-19 09:11:43 AFT; 16min ago
Main PID: 1330 (redis-server)
CGroup: /system.slice/redis.service
└─1330 /usr/bin/redis-server 127.0.0.1:6379
$ systemctl -l status ntopng.service
ntopng.service – Start/stop ntopng program
Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
Active: activating (start) since Mon 2015-10-19 10:12:55 AFT; 613ms ago
Process: 31005 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
Control: 31016 (ntopng)
CGroup: /system.slice/ntopng.service
├─31016 /bin/bash /etc/systemd/scripts/ntopng start
└─31027 sleep 1
By the way this morning I have issed yum install update and some updates were installed for ntopng 2.x.x. about 50Mb.
Thanks in advance..
LikeLike
Hi, there is a typo in the package name, should be hiredis-devel instead of hiredis-level, that will solve the problem. Thanks for the news about updates I’ll check them to test the stable version again. Keep me informed if you succeed installing ntop. Cheers
LikeLike
Hello N40LAB,
Finally the installation part is over. The last one was my typo mistake; apologies for that. The ntopng service is up and running on the server computer, but unable to access the web page on a computer on the same network (either hostname:3000 or IP Address:3000 doesn’t open the NTOP page). Matter of fact I have added the firewall rule-
“firewall-cmd –direct –add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp –dport 3000 -s Server_IP -j ACCEPT”
other than that still trying to configure, have no clue where to start :(. Basic configuration showing some netflow and traffic.
Your help and support is really great and highly appreciated.
LikeLike
Glad you got it! Yes, the firewall rule is needed (don’t forget to use –permanent so it survives a reboot). Though I’ve intentions on publishing a post about using ntop, I’m having problems to find time, I’d suggest you to read the official ntopng user’s manual from Luca Deri (https://github.com/ntop/ntopng/blob/dev/doc/UserGuide.pdf), anyway you’ll quickly learn how to use it properly. If you need any help or want to comment anything please contact me. Cheers!
LikeLike
Hello N40LAB.
I was able to install the ntopng but the concern is that I can not enter my browser. the server ip address is: 192.168.1.100 for the firewall so I did: [root @ localhost serverntop] # firewall-cmd –direct –add-rule ipv4 filter IN_public_allow -m tcp -p tcp 0 – dport 3000 -s 192.168.1.100 -j ACCEPT
success.
[root@localhost serverntop]# systemctl status ntopng
ntopng.service – Start/stop ntopng program
Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
Active: active (running) since jeu. 2015-10-29 01:25:12 GMT; 8s ago
Process: 29723 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
Process: 29769 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, status=0/SUCCESS)
Main PID: 29775 (ntopng)
CGroup: /system.slice/ntopng.service
└─29775 /usr/bin/ntopng /etc/ntopng/ntopng.conf
oct. 29 01:25:12 localhost.localdomain ntopng[29769]: Starting ntopng: [ OK ]
oct. 29 01:25:12 localhost.localdomain systemd[1]: Started Start/stop ntopng program.
what should I do? thank you in advance!!!
LikeLike
Hi there! You’ve a problem in the firewall rule. After the -s flag you should enter the ip of the machine where you are using the browser (source), the ip you’ve entered is the server’s address so it does not work. Alternatively remove -s ip_address if you don’t want to restrict who is accesing ntop. And don’t forget to add –permanent at the end of the command if you want the rule to be applied anytime your server is booted. If you need more help please contact me! Thanks for your feedback.
LikeLike
Sorry the -permanent should be –permanent (two dashes, damn spell corrector 🙂 )
LikeLike
it’s good, I can connect now but making: [root @ localhost serverntop] # firewall-cmd –direct –add-rule ipv4 filter IN_public_allow -m tcp -p tcp 0 3000 –dport -s j ACCEPT 192.168.1.101 with adreese IP of the machine with the browser. the other when I do anything it to errors. many limit if I want connceter me with another machine. the other will be better but I get errors when I do [root @ localhost serverntop] # firewall-cmd –direct –add-rule ipv4 filter IN_public_allow -m tcp -p tcp 0 3000 –dport j ACCEPT – -permanent. what should I do? thank you in advance!!!
Excuse me if you have messages that are repeated, There are connection problems in armament delivered slowly.
LikeLike
thank you for your response makes me feel good. that’s right, I used the IP address of the server. so if I do then I have to include:
[root @ localhost serverntop] # firewall-cmd –direct –add-rule ipv4 filter IN_public_allow -m tcp -p tcp 0 3000 –dport j ACCEPT –permanent
thank you for all your help.
LikeLike
Hi…
I got an error to start ntopng…after install
[root@ICSIN04NTOP01 ~]# systemctl status ntopng
ntopng.service – Start/stop ntopng program
Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
Active: activating (auto-restart) since Mon 2015-11-09 10:24:51 SGT; 891ms ag o
Process: 14373 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status= 0/SUCCESS)
Process: 14370 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, statu s=0/SUCCESS)
LikeLike
Hi there!,
I can’t find the error in your output, is the service starting but not finishing?. Have you looked /var/log/messages to find more information about the possible failure. This evening I’ll check again the installation steps and let you know if they still work for me.
Thanks!
LikeLike
Hi,
I figured out.. some how its missed ntopng.start during my upgrade process. Thanks for your prompt replay.
LikeLike
Thanks for your feedback
LikeLike
Hi, I’ve rechecked the steps and there was a typo (–community and not –community= ) however if your ntopng is in state activating check that you’ve already started the Redis server first (systemctl start redis.service). If you need help, let me know.
LikeLike
Hi, not having much luck getting ntop started…
25/Nov/2015 13:15:03 [Ntop.cpp:1152] Registered interface eth0 [id: 0]
25/Nov/2015 13:15:03 [Ntop.cpp:1165] Registered interface view eth0 [id: 0]
25/Nov/2015 13:15:03 [Utils.cpp:304] User changed to nobody
25/Nov/2015 13:15:03 [main.cpp:240] PID stored in file /var/tmp/ntopng.pid
25/Nov/2015 13:15:03 [HTTPserver.cpp:451] Found SSL certificate /usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem
25/Nov/2015 13:15:03 [HTTPserver.cpp:495] ERROR: Unable to start HTTP server (IPv4) on ports 3000,3001s: No such file or directory
This only happens when I enable HTTPS (I followed the guide on Github). If I disable HTTPS and use only HTTP, it automatically redirects to HTTPS and thus fails to connect.
LikeLike
Hi,
I’ll check if I can add SSL to ntop and let you know if it works,
Cheers!
LikeLike
Hi Brad,
I’ve succeded. Please run: yum install openssl openssl-devel so you have the openssl libraries needed by the mongoose webserver used in ntopng. I’ve created a new post explaining the full steps I’ve followed if you need more help.
Cheers
LikeLike
i did read your post about you dident have time, tho i have to ask, i followed your updated guide, my firewalld is turned off, i have good hardware FW on my LAN and ntopng will only be used on this fiberoptic LAN for privet use.
my redis.service having problem to get it running. 😦
[root@FileServer bin]# systemctl start redis.service
[root@FileServer bin]# systemctl status redis.service
redis.service – Redis persistent key-value database
Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled)
Drop-In: /etc/systemd/system/redis.service.d
└─limit.conf
Active: failed (Result: exit-code) since Sun 2015-11-29 01:36:15 CET; 13s ago
Process: 6674 ExecStop=/usr/bin/redis-shutdown (code=exited, status=127)
Process: 6672 ExecStart=/usr/bin/redis-server /etc/redis.conf –daemonize no (code=exited, status=127)
Main PID: 6672 (code=exited, status=127)
CGroup: /system.slice/redis.service
Nov 29 01:36:15 FileServer.lan systemd[1]: Started Redis persistent key-value database.
Nov 29 01:36:15 FileServer.lan redis-server[6672]: /usr/bin/redis-server: error while loading shared libraries: libjemalloc.so.1: cannot open shared object file: No such file or directory
Nov 29 01:36:15 FileServer.lan systemd[1]: redis.service: main process exited, code=exited, status=127/n/a
Nov 29 01:36:15 FileServer.lan redis-shutdown[6674]: /usr/bin/redis-cli: error while loading shared libraries: libjemalloc.so.1: cannot open shared object file: No such file or directory
Nov 29 01:36:15 FileServer.lan systemd[1]: redis.service: control process exited, code=exited status=127
Nov 29 01:36:15 FileServer.lan systemd[1]: Unit redis.service entered failed state.
#############################
[root@FileServer bin]# systemctl stop ntopng
[root@FileServer bin]# systemctl stop redis
[root@FileServer bin]# systemctl start redis
[root@FileServer bin]# systemctl start ntopng
[root@FileServer bin]# systemctl status ntopng
ntopng.service – Start/stop ntopng program
Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
Active: activating (start) since Sun 2015-11-29 01:45:52 CET; 3s ago
Process: 9662 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
Control: 9669 (ntopng)
CGroup: /system.slice/ntopng.service
├─9669 /bin/bash /etc/systemd/scripts/ntopng start
└─9703 sleep 1
Nov 29 01:45:52 FileServer.lan ntopng[9675]: [Redis.cpp:93] ERROR: ntopng requires redis server to be up and running
Nov 29 01:45:52 FileServer.lan ntopng[9675]: [Redis.cpp:94] ERROR: Please start it and try again or use -r
LikeLike
Hi, thanks for your feedback.
As you say there’s a problem with the redis server not starting. According to the output maybe the jemalloc package is missing, can you try: yum install jemalloc and check if the redis server can be started afterwards? If not tell me and I’ll re-check the installation steps.
Cheers!
LikeLike
N40LAB,
Excellent procedure.
I found it was necessary to run:
/usr/sbin/ldconfig
in order for suricata-2.0.11 to load libsnf.so.0.
One question: Is there a way to force http://:3000 to use IPV4 rather than IPV6?
Netstat(8) on the ntopng server shows:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 44 gw:ssh t540p-e:41448 ESTABLISHED
tcp 0 0 localhost:6379 localhost:54389 ESTABLISHED
tcp 0 0 localhos:x11-ssh-offset localhost:49585 ESTABLISHED
tcp 0 0 localhost:49585 localhos:x11-ssh-offset ESTABLISHED
tcp 0 0 localhost:54389 localhost:6379 ESTABLISHED
tcp6 0 0 gw:hbci t540p-e:57812 TIME_WAIT
tcp6 0 0 gw:hbci t540p-e:57796 TIME_WAIT
.
.
.
tcp6 0 0 gw:hbci t540p-e:57748 TIME_WAIT
I’m running CentOS7 3.10.0-327.4.4.el7.x86_64.
Thanks for publishing the CentOS ntopng procedure.
Take Care
LikeLike
N40lab,
Re: my earlier comment.
Running /usr/sbin/ldconfig to get suricata to work is not sufficient. Setting:
LD_LIBRARY_PATH=”/usr/lib64:/usr/lib:/usr/local/lib”; export LD_LIBRARY_PATH
does appear to work. However, I really need to compile suricata, tcpdump, and possibly others with pf_ring support.
I’m still interested in thoughts on how to establish an IPV4 web link with ntopng.
Thanks, again
LikeLike
Cool 🙂 Just follow the instructions and read it carefully.
Everything working fine 🙂
Thanks
LikeLike
Thanks for your feedback, and glad that it worked for you 😀
LikeLike