About Linux FAQ

Browse More FAQs:

Install ntop on Red Hat Enterprise Linux / CentOS Linux

Posted by Vivek Gite [Last updated: July 28, 2008]

This FAQ is part 4 of 1 in the series RRDtool

Q. ntop is a network probe that shows network usage in a way similar to what top does for processes. How do I install latest version of ntop on RHEL 5.x systems?

A. ntop is a network and traffic analyzer that provides a wealth of information on various networking hosts and protocols. ntop is primarily accessed via a built-in web interface.

Following instructions are tested on 32/64 bit versions only:
a) RHEL Linux 5.x
b) CentOS Linux 5.x

Download latest ntop

Visit ntop project to grab latest version. You can use wget to grab the same, enter:
# cd /opt
# wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz
Untar tar ball, enter:
# tar -zxvf ntop-3.3.6.tar.gz

Configure and Compile ntop under RHEL

You must have RRDTool installed. You also need to install libpcap, enter:
# yum install libpcap-devel libpcap
Type the following commands to compile and install ntop:
# cd ntop
# ./autogen.sh
Just type make to compile ntop:
# make
Just type make install to install ntop:
# make install
# make install-data-as

Create ntop user

Type the following command to run ntop as ntop user, enter:
# useradd -M -s /sbin/nologin -r ntop

Setup directory permissions

Next, you need to setup directory permissions, enter:
# chown ntop:root /usr/local/var/ntop/
# chown ntop:ntop /usr/local/share/ntop/

Setup ntop user admin password

Type the following command to set ntop admin password, enter:
# ntop -A
Sample output:

Mon Jul 28 03:38:34 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:38:34 2008  Initializing gdbm databases

ntop startup - waiting for user response!

Please enter the password for the admin user:
Please enter the password again:
Mon Jul 28 03:38:42 2008  Admin user password has been set

Start ntop

Type the following command to start ntop:
# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Sample output:

Mon Jul 28 03:42:19 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:42:19 2008  Initializing gdbm databases

If you have multiple interface (eth0, eth1 and so on), start ntop as follows:
# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Where,

  • -i "eth0,eth1" : Specifies the network interface or interfaces to be used by ntop for network monitoring. Here you are monitoring eth0 and eth1.
  • -d : Run ntop as a daemon.
  • -L : Send all log messages to the system log (/var/log/messages) instead of screen.
  • -u ntop : Start ntop as ntop user
  • -P /usr/local/var/ntop : Specify where ntop stores database files. You may need to backup database as part of your disaster recovery program.
  • --skip-version-check : By default, ntop accesses a remote file to periodically check if the most current version is running. This option disables that check.
  • --use-syslog=daemon : Use syslog daemon.

How do I view ntop stats?

By default ntop listen on 3000 port. You can view ntop stats by visiting following url:
http://localhost:3000/
OR
http://server-ip:3000/
ntop in action
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])

(Fig.02: Network Load Statistics (click to enlarge])

Open port 3000 using iptables

Open /etc/sysconfig/iptables file, enter:
# vi /etc/sysconfig/iptables
Append following code before final REJECT line:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
Save and close the file. Restart firewall:
# service iptables restart

How do I view ntop stats without opening port 3000?

Setup simple tunnel using ssh, enter the following on your local UNIX / Linux desktop system:
$ ssh -L 3000:localhost:3000 -N -f user@server.yourcorp.com
Now open browser and type the following command:
http://localhost:3000/

How do I start ntop on boot?

Open /etc/rc.local file, enter:
# vi /etc/rc.local
Append the following line:
/usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Save and close the file.

How do I stop ntop?

Use web interface to shutdown ntop, or use normal kill / killall command:
# killall ntop

Further readings:

E-mail this to a friend      Printable version

Related Other Helpful FAQs:

Discussion on This FAQ

  1. Gagan Brahmi Says:
    July 29th, 2008 at 11:58 am

    Thanks for the wonderful post Vivek. I have tried this out and it works flawlessly.

    Maybe you need to mention that the installation of gdbm-devel as by default, I could not find that on the server. The other requirements are libtool automake autoconf.

    So maybe someone would require to use this command as well:-

    # yum install libtool automake autoconf gdbm-devel

  2. vivek Says:
    July 29th, 2008 at 12:28 pm

    Gagan,

    No problem. Yes, deps may vary from one installation to other.

    I appropriate your post.

  3. dot22 Says:
    July 29th, 2008 at 12:44 pm

    Under the Centos5 you can install ntop natively by using rpmforge and epel repos.
    I just enter the command:
    “yum install ntop”
    and voilĂ  .) :

    Resolving Dependencies
    –> Running transaction check
    —> Package ntop.i386 0:3.3.6-1.el5.rf set to be updated
    –> Processing Dependency: librrd_th.so.2 for package: ntop
    –> Running transaction check
    —> Package rrdtool.i386 0:1.2.27-3.el5 set to be updated
    –> Finished Dependency Resolution
    ===8<—–
    Installed: ntop.i386 0:3.3.6-1.el5.rf
    Dependency Installed: rrdtool.i386 0:1.2.27-3.el5
    Complete!

  4. vivek Says:
    July 29th, 2008 at 12:46 pm

    dot22,

    Thanks for pointing out rpmforge repos. I generally don’t mix 3rd party repos with RHEL (as I might break their TOS). But under CentOS I don’t mind using rpmforge.

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Tags: , , , , , , , , , , , , , ,

Copyright © 2006-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.