Install ntop on Red Hat Enterprise Linux / CentOS Linux

Posted on in Categories , , , , , last updated July 28, 2008

Q. ntop is a network probe that shows network usage in a way similar to what top does for processes. How do I install latest version of ntop on RHEL 5.x systems?

A. ntop is a network and traffic analyzer that provides a wealth of information on various networking hosts and protocols. ntop is primarily accessed via a built-in web interface.

Following instructions are tested on 32/64 bit versions only:
a) RHEL Linux 5.x
b) CentOS Linux 5.x

Download latest ntop

Visit ntop project to grab latest version. You can use wget to grab the same, enter:
# cd /opt
# wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz
Untar tar ball, enter:
# tar -zxvf ntop-3.3.6.tar.gz

Configure and Compile ntop under RHEL

You must have RRDTool installed. You also need to install libpcap, enter:
# yum install libpcap-devel libpcap
Type the following commands to compile and install ntop:
# cd ntop
# ./autogen.sh
Just type make to compile ntop:
# make
Just type make install to install ntop:
# make install
# make install-data-as

Create ntop user

Type the following command to run ntop as ntop user, enter:
# useradd -M -s /sbin/nologin -r ntop

Setup directory permissions

Next, you need to setup directory permissions, enter:
# chown ntop:root /usr/local/var/ntop/
# chown ntop:ntop /usr/local/share/ntop/

Setup ntop user admin password

Type the following command to set ntop admin password, enter:
# ntop -A
Sample output:

Mon Jul 28 03:38:34 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:38:34 2008  Initializing gdbm databases


ntop startup - waiting for user response!


Please enter the password for the admin user: 
Please enter the password again: 
Mon Jul 28 03:38:42 2008  Admin user password has been set

Start ntop

Type the following command to start ntop:
# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Sample output:

Mon Jul 28 03:42:19 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:42:19 2008  Initializing gdbm databases

If you have multiple interface (eth0, eth1 and so on), start ntop as follows:
# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Where,

  • -i “eth0,eth1” : Specifies the network interface or interfaces to be used by ntop for network monitoring. Here you are monitoring eth0 and eth1.
  • -d : Run ntop as a daemon.
  • -L : Send all log messages to the system log (/var/log/messages) instead of screen.
  • -u ntop : Start ntop as ntop user
  • -P /usr/local/var/ntop : Specify where ntop stores database files. You may need to backup database as part of your disaster recovery program.
  • –skip-version-check : By default, ntop accesses a remote file to periodically check if the most current version is running. This option disables that check.
  • –use-syslog=daemon : Use syslog daemon.

How do I view ntop stats?

By default ntop listen on 3000 port. You can view ntop stats by visiting following url:
http://localhost:3000/
OR
http://server-ip:3000/
ntop in action
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])

(Fig.02: Network Load Statistics (click to enlarge])

Open port 3000 using iptables

Open /etc/sysconfig/iptables file, enter:
# vi /etc/sysconfig/iptables
Append following code before final REJECT line:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
Save and close the file. Restart firewall:
# service iptables restart

How do I view ntop stats without opening port 3000?

Setup simple tunnel using ssh, enter the following on your local UNIX / Linux desktop system:
$ ssh -L 3000:localhost:3000 -N -f [email protected]
Now open browser and type the following command:
http://localhost:3000/

How do I start ntop on boot?

Open /etc/rc.local file, enter:
# vi /etc/rc.local
Append the following line:
/usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Save and close the file.

How do I stop ntop?

Use web interface to shutdown ntop, or use normal kill / killall command:
# killall ntop

Further readings:

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on (or read 38 comments/add one below):

38 comment

  1. Thanks for the wonderful post Vivek. I have tried this out and it works flawlessly.

    Maybe you need to mention that the installation of gdbm-devel as by default, I could not find that on the server. The other requirements are libtool automake autoconf.

    So maybe someone would require to use this command as well:-

    # yum install libtool automake autoconf gdbm-devel

  3. Under the Centos5 you can install ntop natively by using rpmforge and epel repos.
    I just enter the command:
    “yum install ntop”
    and voilà .) :

    Resolving Dependencies
    –> Running transaction check
    —> Package ntop.i386 0:3.3.6-1.el5.rf set to be updated
    –> Processing Dependency: librrd_th.so.2 for package: ntop
    –> Running transaction check
    —> Package rrdtool.i386 0:1.2.27-3.el5 set to be updated
    –> Finished Dependency Resolution
    ===8<—–
    Installed: ntop.i386 0:3.3.6-1.el5.rf
    Dependency Installed: rrdtool.i386 0:1.2.27-3.el5
    Complete!

  4. dot22,

    Thanks for pointing out rpmforge repos. I generally don’t mix 3rd party repos with RHEL (as I might break their TOS). But under CentOS I don’t mind using rpmforge.

  5. hi i have problems in the installation here is it:

    [[email protected] ~]# /usr/local/bin/ntop -i “eth0,eth1” -d -L -u ntop -P /usr/local/var/ntop –skip-version-check –use-syslog=daemon
    Wed Nov 5 09:27:49 2008 NOTE: Interface merge enabled by default
    Wed Nov 5 09:27:49 2008 Initializing gdbm databases
    Wed Nov 5 09:27:49 2008 **ERROR** ….open of /usr/local/var/ntop/prefsCache.db failed: Can’t be writer
    Wed Nov 5 09:27:49 2008 Possible solution: please use ‘-P ‘
    Wed Nov 5 09:27:49 2008 **FATAL_ERROR** GDBM open failed, ntop shutting down…
    Wed Nov 5 09:27:49 2008 CLEANUP[t3086464704]: ntop caught signal 2 [state=2]
    Wed Nov 5 09:27:49 2008 ntop is now quitting…

    what would be the possible solution to this….

  7. Thanks for this post, I was running into a lot of compilation errors, and no other website out there had as clear instructions as you did. Thanks again !

  8. Hi Ruben,

    Just do the following first before invoking above command & you will be able to start ntop :-)

    $ killall ntop

  9. I follow your instructions (including on install rddtool), but autogen.sh is stuck with this error message:

    configure: error: Unable to find RRD at /usr/local/rrdtool: please use –with-rrd-home=DIR

    verifying:

    [[email protected]:/usr/src/ntop-3.3.9#]: ls /usr/local/rrdtool
    lrwxrwxrwx 1 root root 23 Abr 8 09:47 /usr/local/rrdtool -> /usr/src/rrdtool-1.3.6/

    so, rrdtool IS there :(

    any hint?

  10. another question:
    ntop is up and running BUT.. :
    when asking for the graphical (network load or anyother) it show this:
    “NOTE: this page is not operational when the RRD plugin is disabled, misconfigured or missing.”

    in the configuration, the rrd plugin is ENABLED (shows ‘yes’).

    now I am stuck :(

    any advice, PLEASE?

    1. You have to change ownership of the ntop directory to ntop user by running something like this for a compiled version of ntop.
      chown -R ntop /usr/local/var/ntop

      For an rpm version of ntop, it would be this command.
      chown -R ntop /var/ntop

      Hope this helps.

  11. I have a problem doing install in method make install

    cp: cannot stat `GeoLiteCity.dat’: No such file or directory
    make[2]: *** [install-data-local] Error 1
    make[2]: Leaving directory `/usr/local/ntop-3.3.10-rc1′
    make[1]: *** [install-am] Error 2
    make[1]: Leaving directory `/usr/local/ntop-3.3.10-rc1′
    make: *** [install-recursive] Error 1

    how to solve it, Thank you.

  12. mkdir -p — //usr/local/etc/ntop
    cp: cannot stat `GeoLiteCity.dat’: No such file or directory
    make[2]: *** [install-data-local] Error 1
    make[2]: Leaving directory `/root/ntop-3.3.9′
    make[1]: *** [install-am] Error 2
    make[1]: Leaving directory `/root/ntop-3.3.9′
    make: *** [install-recursive] Error 1
    [[email protected] ntop-3.3.9]#

  13. Hello Vivek,

    I m not able to view graphs.
    When i click on “Network Load”, gives below error
    Error: NOTE: this page is not operational when the RRD plugin is disabled, misconfigured or missing. Please check the ntop log file.

    Below are the permission.
    [email protected] [/usr/local/var/ntop/rrd]# ll
    total 10
    drwxr-xr-x 5 ntop ntop 2048 Jul 21 13:31 ./
    drwxr-xr-x 3 ntop root 2048 Jul 22 14:31 ../
    drwxrwxrwx 8 ntop ntop 2048 Jul 22 14:26 flows/
    drwxrwxrwx 2 ntop ntop 2048 Jul 21 13:31 graphics/
    drwxrwxrwx 3 ntop ntop 2048 Jul 21 13:31 interfaces/

    Below is the log.
    Wed Jul 22 14:31:29 2009 **ERROR** RRD: Disabled – unable to create directory (err 13, /usr/local/var/ntop/rrd/graphics)

    Regards,
    Mihirj

  14. I noticed rrd didn’t work for me if I started `ntop -d` as a daemon. If I started it without the the -d flag as `ntop &` the rrd graphs work fine. I’m using v.3.3.11-dev which warns of possible funny business. Overall, the tool built easily and is completely awesome for monitoring network traffic!

    1. Thanks m++, that worked for me too..
      I started Ntop without the daemon option..

      But one thing I noticed, wen I ran ntop, it would load, but I cant have access to the web interface..
      Sorted that out by running
      #ntop -W 3001 (this runs as a daemon)
      #stop Ntop
      #/etc/init.d/ntop start –

      That worked..

  15. cp: cannot stat `GeoLiteCity.dat’: No such file or directory
    make[2]: *** [install-data-local] Error 1
    make[2]: Leaving directory `/usr/local/ntop-3.3.10-rc1′
    make[1]: *** [install-am] Error 2
    make[1]: Leaving directory `/usr/local/ntop-3.3.10-rc1′
    make: *** [install-recursive] Error 1

    how to solve it, Thank you.

  18. I m getting error when i use make command
    plzzz help me
    ntop.h:417:19: error: evdns.h: No such file or directory
    address.c: In function ‘dns_response_callback’:
    address.c:123: error: ‘DNS_ERR_NONE’ undeclared (first use in this function)
    address.c:123: error: (Each undeclared identifier is reported only once
    address.c:123: error: for each function it appears in.)
    address.c:129: error: ‘DNS_IPv6_AAAA’ undeclared (first use in this function)
    address.c:142: warning: assignment discards qualifiers from pointer target type
    address.c:150: error: ‘DNS_IPv4_A’ undeclared (first use in this function)
    address.c:164: error: ‘DNS_PTR’ undeclared (first use in this function)
    address.c: In function ‘queueAddress’:
    address.c:243: warning: nested extern declaration of ‘evdns_resolve_reverse’
    address.c:243: error: ‘DNS_ERR_NONE’ undeclared (first use in this function)
    address.c:249: warning: nested extern declaration of ‘evdns_resolve_reverse_ipv6′
    make[2]: *** [address.lo] Error 1
    make[2]: Leaving directory `/opt/ntop-3.3.10′
    make[1]: *** [all-recursive] Error 1
    make[1]: Leaving directory `/opt/ntop-3.3.10’
    make: *** [all] Error 2

  19. Hi

    I have tried installing ntop and installation is completed fine.
    But the link http://serverip:3000 is now working
    Mine is a vps. The /etc/sysconfig/iptables is an empty file.
    I am a getting a page load error while accessing the link
    http is up and running fine.
    Do you have any idea why it is due to?

  20. hi, i am having

    ERROR: gdbm header or library routines are missing…

    Any ideas? I have installed:

    gdbm-1.8.0-26.2.1

    1. Hi Ace, you need to install devel libraries try doing this
      yum install libpcap-devel gdbm-deve
      Cheers,
      Pablo

  21. I have geoip-1.4.6-1 installed but still I get:

    Removing dups and misplaced entries from LIBS and INCS…
    checking for GeoIP_record_by_ipnum in -lGeoIP… no
    checking for GeoIP_name_by_ipnum_v6 in -lGeoIP… no
    Please install GeoIP (http://www.maxmind.com/)

    Is this an error or not?

  23. I am getting error

    configure: error: Unable to find RRD at /usr/local/rrdtool: please use –with-rrd-home=DIR

    But i have rrd tool installed. Please help me to solve….

    Thanks,
    Nandakumar.D

  24. Hi,

    Getting the error below, I have added /usr/local/lib in ldconfig.conf and updated the cache but still showing the error.

    /usr/local/bin/ntop: error while loading shared libraries: /usr/local/lib/libntopreport-4.0.1.so: cannot restore segment prot after reloc: Permission denied

  25. This mean??? while I’m try to execute the startup of ntop

    # /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop –skip-version-check –use-syslog=daemon

    **ERROR** ++++ DEMON MODE=1

    Tue Dec 28 15:52:52 2010 NOTE: Interface merge enabled by default
    Tue Dec 28 15:52:52 2010 Initializing gdbm databases
    Tue Dec 28 15:52:52 2010 **ERROR** ++++ DEMON MODE=1

  27. Hi. Thanks for putting this tutorial together. After 2 days of tryhing to install this app, it’s working. I do have a question about an error that was pointed out above, but not answered. See below.

    Do this error message mean that it was started, but not running as a daemon at start up? I do get data and able to see graphs.

    Thanks for your help. Vince

    # /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop –skip-version-check –use-syslog=daemon

    **ERROR** ++++ DEMON MODE=1

    Tue Dec 28 15:52:52 2010 NOTE: Interface merge enabled by default
    Tue Dec 28 15:52:52 2010 Initializing gdbm databases
    Tue Dec 28 15:52:52 2010 **ERROR** ++++ DEMON MODE=1

  29. Great tutorial !
    I got it to work, but how do I get it to run as a daemon : ie on centos to be able to use service ntop start/stop/status ?
    thanks in advance

  30. for who’s try to install ntop on Centos, RedHat or OracleLinux 6 like me :)
    yum install cairo-devel libxml2-devel pango-devel pango libpng-devel -y
    yum install freetype freetype-devel libart_lgpl-devel wget gcc make -y
    yum install perl-ExtUtils-MakeMaker -y
    yum install graphviz -y

    before the ./autogen.sh

    it will help you

  31. this manual did not worked for me at Centos 5.x 64, ntop needed some “svn/subversion”, but i was not successfull installing it.

  32. Could you please help me on this.

    /usr/bin/ntop -i “eth0,eth1,eth2” -d -L -u ntop -P /var/ntop –skip-version-check –use-syslog=daemon
    Thu Sep 19 13:18:34 2013 NOTE: Interface merge enabled by default
    Thu Sep 19 13:18:34 2013 Initializing gdbm databases
    Thu Sep 19 13:18:34 2013 **ERROR** ….open of /var/ntop/prefsCache.db failed: Can’t be writer
    Thu Sep 19 13:18:34 2013 Possible solution: please use ‘-P ‘
    Thu Sep 19 13:18:34 2013 **FATAL_ERROR** GDBM open failed, ntop shutting down…
    Thu Sep 19 13:18:34 2013 CLEANUP[t3086771920]: ntop caught signal 2 [state=2]
    Thu Sep 19 13:18:34 2013 ntop is now quitting…

Comments are closed.

Tagged as: Tags , , , , , , , , , , , , , ,