Install ntop, a network traffic probe

From BubbaWiki
Revision as of 22:14, 26 October 2010 by Morten Bjørhus (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

ntop is "a network traffic probe that shows the network usage, similar to what the popular top Unix command does". See www.ntop.org . ntop is not as straightforward to install on the bubba as vnstat; some tweaks have to be made. In particular, note that the program does not have a config file, but must be configured through the built-in web server which by default runs on port 3000.


To get started, become root, and install the ntop package

su 

apt-get install ntop

If you are asked to provide a password for the admin user, enter one (and remember it!), and you are up and running.


If not (as was the case with me when installing it for the second time) do the following to set the password:

ntop --set-admin-password


In any case, do the following, to make sure ntop runs as the ntop user:

/etc/init.d/ntop stop

ntop -u ntop -d

/etc/init.d/ntop restart


At this point the ntop daemon will be running, and you can connect to it on port 3000.

The configuration is located under Admin->Configure in the top menu in the web interface.


However, to be able to use features like IP->Local->Network Traffic Map, you will have to install the graphviz package as well:

apt-get install graphviz

/etc/init.d/ntop restart


The IP->Local->Network Traffic Map function uses /usr/bin/dot to from the graphviz package to make the graph. One has to specify its location in the ntop configuration (the key dot.path) for ntop to be able to find it. It will still fail, though, complaining about not being able to open/use a font. The font it attempts to use (Helvetica) is hard coded into ntop itself, and not possible to change. Sine this font does not exists on the system (at least not on mine), I had to find a way to go around it. First, install some fonts, e.g., the msttcorefonts :

apt-get install msttcorefonts

update-ms-fonts

The fonts are now available here:

ls /usr/share/fonts/truetype/msttcorefonts/


Next, make a wrapper script for the /usr/bin/dot program that will set the font to one we now know to exist on the system:

cd

nano dot-ntop-wrapper.sh

In the editor, enter the follwing script:

#!/bin/sh

/usr/bin/dot -Nfontname=msttcorefonts/Arial $@

Do Ctrl-X, etc to save and exit the nano editor. Then make the script executable and copy it to the /usr/bin directory:

chmod a+x ./dot-ntop-wrapper.sh

cp dot-ntop-wrapper.sh /usr/bin/


The last thing to do is to go to the Admin->Configure->Preferences page in ntop (available through a web browser on port 3000, as noted above) and set the key

dot.path

to the value

/usr/bin/dot-ntop-wrapper.sh

Press the Set button next to the entry to make sure it is saved.


Now ntop should hopefully work fine on bubba's port 3000.