- Install RRDTool on Red Hat Enterprise Linux
- Install ntop on Red Hat Enterprise Linux / CentOS Linux
Q. ntop is a network probe that shows network usage in a way similar to what top does for processes. How do I install latest version of ntop on RHEL 5.x systems?
A. ntop is a network and traffic analyzer that provides a wealth of information on various networking hosts and protocols. ntop is primarily accessed via a built-in web interface.
Following instructions are tested on 32/64 bit versions only:
a) RHEL Linux 5.x
b) CentOS Linux 5.x
Download latest ntop
Visit ntop project to grab latest version. You can use wget to grab the same, enter:
# cd /opt
# wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz
Untar tar ball, enter:
# tar -zxvf ntop-3.3.6.tar.gz
Configure and Compile ntop under RHEL
You must have RRDTool installed. You also need to install libpcap, enter:
# yum install libpcap-devel libpcap
Type the following commands to compile and install ntop:
# cd ntop
# ./autogen.sh
Just type make to compile ntop:
# make
Just type make install to install ntop:
# make install
# make install-data-as
Create ntop user
Type the following command to run ntop as ntop user, enter:
# useradd -M -s /sbin/nologin -r ntop
Setup directory permissions
Next, you need to setup directory permissions, enter:
# chown ntop:root /usr/local/var/ntop/
# chown ntop:ntop /usr/local/share/ntop/
Setup ntop user admin password
Type the following command to set ntop admin password, enter:
# ntop -A
Sample output:
Mon Jul 28 03:38:34 2008 NOTE: Interface merge enabled by default Mon Jul 28 03:38:34 2008 Initializing gdbm databases ntop startup - waiting for user response! Please enter the password for the admin user: Please enter the password again: Mon Jul 28 03:38:42 2008 Admin user password has been set
Start ntop
Type the following command to start ntop:
# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Sample output:
Mon Jul 28 03:42:19 2008 NOTE: Interface merge enabled by default Mon Jul 28 03:42:19 2008 Initializing gdbm databases
If you have multiple interface (eth0, eth1 and so on), start ntop as follows:
# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Where,
- -i "eth0,eth1" : Specifies the network interface or interfaces to be used by ntop for network monitoring. Here you are monitoring eth0 and eth1.
- -d : Run ntop as a daemon.
- -L : Send all log messages to the system log (/var/log/messages) instead of screen.
- -u ntop : Start ntop as ntop user
- -P /usr/local/var/ntop : Specify where ntop stores database files. You may need to backup database as part of your disaster recovery program.
- --skip-version-check : By default, ntop accesses a remote file to periodically check if the most current version is running. This option disables that check.
- --use-syslog=daemon : Use syslog daemon.
How do I view ntop stats?
By default ntop listen on 3000 port. You can view ntop stats by visiting following url:
http://localhost:3000/
OR
http://server-ip:3000/
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])
(Fig.02: Network Load Statistics (click to enlarge])
Open port 3000 using iptables
Open /etc/sysconfig/iptables file, enter:
# vi /etc/sysconfig/iptables
Append following code before final REJECT line:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
Save and close the file. Restart firewall:
# service iptables restart
How do I view ntop stats without opening port 3000?
Setup simple tunnel using ssh, enter the following on your local UNIX / Linux desktop system:
$ ssh -L 3000:localhost:3000 -N -f user@server.yourcorp.com
Now open browser and type the following command:
http://localhost:3000/
How do I start ntop on boot?
Open /etc/rc.local file, enter:
# vi /etc/rc.local
Append the following line:
/usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Save and close the file.
How do I stop ntop?
Use web interface to shutdown ntop, or use normal kill / killall command:
# killall ntop
Further readings:
- ntop man page
- ntop project
- Email FAQ to a friend
- Printable version
- Rss Feed
- Last Updated: 7-28-08
{ 12 comments… read them below or add one }
Thanks for the wonderful post Vivek. I have tried this out and it works flawlessly.
Maybe you need to mention that the installation of gdbm-devel as by default, I could not find that on the server. The other requirements are libtool automake autoconf.
So maybe someone would require to use this command as well:-
# yum install libtool automake autoconf gdbm-devel
Gagan,
No problem. Yes, deps may vary from one installation to other.
I appropriate your post.
Under the Centos5 you can install ntop natively by using rpmforge and epel repos.
I just enter the command:
“yum install ntop”
and voilĂ .) :
Resolving Dependencies
–> Running transaction check
—> Package ntop.i386 0:3.3.6-1.el5.rf set to be updated
–> Processing Dependency: librrd_th.so.2 for package: ntop
–> Running transaction check
—> Package rrdtool.i386 0:1.2.27-3.el5 set to be updated
–> Finished Dependency Resolution
===8<—–
Installed: ntop.i386 0:3.3.6-1.el5.rf
Dependency Installed: rrdtool.i386 0:1.2.27-3.el5
Complete!
dot22,
Thanks for pointing out rpmforge repos. I generally don’t mix 3rd party repos with RHEL (as I might break their TOS). But under CentOS I don’t mind using rpmforge.
hi i have problems in the installation here is it:
[root@124 ~]# /usr/local/bin/ntop -i “eth0,eth1″ -d -L -u ntop -P /usr/local/var/ntop –skip-version-check –use-syslog=daemon
Wed Nov 5 09:27:49 2008 NOTE: Interface merge enabled by default
Wed Nov 5 09:27:49 2008 Initializing gdbm databases
Wed Nov 5 09:27:49 2008 **ERROR** ….open of /usr/local/var/ntop/prefsCache.db failed: Can’t be writer
Wed Nov 5 09:27:49 2008 Possible solution: please use ‘-P ‘
Wed Nov 5 09:27:49 2008 **FATAL_ERROR** GDBM open failed, ntop shutting down…
Wed Nov 5 09:27:49 2008 CLEANUP[t3086464704]: ntop caught signal 2 [state=2]
Wed Nov 5 09:27:49 2008 ntop is now quitting…
what would be the possible solution to this….
Hi, How to install ntop v3.x + mySQL ?
Thanks for this post, I was running into a lot of compilation errors, and no other website out there had as clear instructions as you did. Thanks again !
Hi Ruben,
Just do the following first before invoking above command & you will be able to start ntop :-)
$ killall ntop
I follow your instructions (including on install rddtool), but autogen.sh is stuck with this error message:
configure: error: Unable to find RRD at /usr/local/rrdtool: please use –with-rrd-home=DIR
verifying:
[root@HPAllan:/usr/src/ntop-3.3.9#]: ls /usr/local/rrdtool
lrwxrwxrwx 1 root root 23 Abr 8 09:47 /usr/local/rrdtool -> /usr/src/rrdtool-1.3.6/
so, rrdtool IS there :(
any hint?
another question:
ntop is up and running BUT.. :
when asking for the graphical (network load or anyother) it show this:
“NOTE: this page is not operational when the RRD plugin is disabled, misconfigured or missing.”
in the configuration, the rrd plugin is ENABLED (shows ‘yes’).
now I am stuck :(
any advice, PLEASE?
I have a problem doing install in method make install
cp: cannot stat `GeoLiteCity.dat’: No such file or directory
make[2]: *** [install-data-local] Error 1
make[2]: Leaving directory `/usr/local/ntop-3.3.10-rc1′
make[1]: *** [install-am] Error 2
make[1]: Leaving directory `/usr/local/ntop-3.3.10-rc1′
make: *** [install-recursive] Error 1
how to solve it, Thank you.
mkdir -p — //usr/local/etc/ntop
cp: cannot stat `GeoLiteCity.dat’: No such file or directory
make[2]: *** [install-data-local] Error 1
make[2]: Leaving directory `/root/ntop-3.3.9′
make[1]: *** [install-am] Error 2
make[1]: Leaving directory `/root/ntop-3.3.9′
make: *** [install-recursive] Error 1
[root@localhost ntop-3.3.9]#