1. Introduction to ntopng
ntopng is a web-based network traffic analysis tool, which can monitor and analyze network traffic in real time, provide a rich visual interface, and help users better understand network conditions and optimize network performance. ntopng supports multiple protocols and data sources, including TCP, UDP, HTTP, DNS, NetFlow, etc. It can conduct in-depth analysis of network traffic and provide real-time alarm and logging functions. The advantage of ntopng is that it is easy to install and use, with powerful functions and flexible configuration options, which can help administrators quickly identify network problems and take corresponding measures.
2. The official website of ntopng
https://www.ntop.org/products/traffic-analysis/ntop/
3. The difference and connection between ntopng and ntop
Both ntop and ntopng are network traffic analysis tools developed by the same development team. The main difference between them is that ntop is command-line based, while ntopng is web-based, that is, ntopng provides a more modern and easy-to-use user interface.
ntopng is the successor of ntop, which improves and expands the functions and performance of ntop. ntopng supports more protocols and data sources, can analyze and monitor network traffic more finely, and provides more visual interfaces and real-time alarm functions.
In general, ntopng is an upgraded version of ntop, which provides a more modern and easy-to-use interface, and supports more protocols and functions.
4. Install ntopng
Here is installed by yum:
add warehouse
[root@DeveCode ~]# curl https://packages.ntop.org/centos-stable/ntop.repo > /etc/yum.repos.d/ntop.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 364 100 364 0 0 53 0 0:00:06 0:00:06 --:--:-- 84
[root@DeveCode ~]#
Install epel source
[root@DeveCode ~]# yum install epel-release
Install the package corresponding to ntop
[root@DeveCode ~]# yum clean all
[root@DeveCode ~]# yum update
[root@DeveCode ~]#
[root@DeveCode ~]# yum install pfring-dkms n2disk nprobe ntopng cento ntap
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* epel: ftp.iij.ad.jp
* extras: mirrors.huaweicloud.com
* updates: mirrors.huaweicloud.com
Resolving dependencies
There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you' ll have to try removing/installing packages by hand (maybe package-cleanup can help).
...
Installed:
cento.x86_64 0:1.18.230517-786 n2disk.x86_64 0:3.6.230517-5290 nprobe.x86_64 0:10.2.230517-8012 ntap.x86_64 0:1.0.230517-119 ntopng.x86_6 4 0:5.6.230517-20406 pfring-dkms.noarch 0:8.4.0.8267-8267
Installed as a dependency:
dkms.noarch 0:3.0.11-1.el7 elfutils-libelf-devel.x86_64 0:0.176-5.el7 jemalloc.x86_64 0:3.6.0-1.el7 kernel-devel.x86_64 0:3.10.0-1160.90 .1.el7 libatomic.x86_64 0:4.8.5-44.el7
libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 libsodium.x86_64 0:1.0.18-1.el7 libzstd.x86_64 0:1.5.5-1.el7 ndpi.x86_64 0:4.6.0-4220 ntop-license. x86_640:1.0-440
ntopng-data.noarch 0:5.6.230517-20406 numactl.x86_64 0:2.0.12-5.el7 openpgm.x86_64 0:5.2.122-2.el7 pfring.x86_64 0:8.4.0-8267 radcli.x86_64 0 :1.2.12-1.el7
redis.x86_64 0:3.2.12-2.el7 rrdtool.x86_64 0:1.4.8-9.el7 zeromq.x86_64 0:4.1.4-6.el7
complete!
[root@DeveCode ~]#
Install the PF_RING driver
PF_RING no longer includes the ZC drivers, so you can choose to install them.
[root@DeveCode ~]# yum install pfring-drivers-zc-dkms
Configure ntopng
The default configuration file for ntopng is usually located at /etc/ntopng/ntopng.conf. This file can be edited to configure parameters of ntopng, such as listening interface, log level, alert rules, etc.
listening interface
For example, if you want to listen on the eth0 interface, you can add the following line to your configuration file:
--interface=eth0
log level
The default log level of ntopng is 2 (warning level), you can adjust it to a higher or lower level as needed. For example, if you want to set the log level to 4 (debug level), you can add the following line to the configuration file:
--log-level=4
alert rules
ntopng provides some alert rules that can trigger an alert when network traffic reaches a certain threshold. You can enable or disable these rules in the configuration file. For example, if you want to enable a DDoS alert rule, you can add the following line to your configuration file:
--enable-ddos
web interface
ntopng provides a web interface that can be accessed in a browser to view network traffic statistics. You can specify the port number and access password of the web interface in the configuration file. For example, if you want to set the port number of the web interface to 8080 and use the password "mypassword" for access, you can add the following line to the configuration file:
--http-port=8080 --http-password=mypassword
database
ntopng can write the collected network traffic data into the database. You can specify the database type, hostname, username and password in the configuration file. For example, if you want to write data to a MySQL database, you can add the following line to the configuration file:
--data-channel=mysql:mysql://localhost/ntopng?user=root&password=mypassword
The above are some common ntopng configuration items, which can be adjusted as needed. After modifying the configuration file, you need to restart the ntopng service to make the configuration take effect. You can restart ntopng with the following command:
systemctl restart ntopng
start ntopng
[root@DeveCode ~]# systemctl start ntopng
[root@DeveCode ~]# systemctl stop firewalld
[root@DeveCode ~]#
test
http://192.168.250.239:3000/
The default username is: admin/admin
You must be logged in to post a comment.