This tutorial copy paste from http://www.lungstruck.com/, on a this post, I wrote about how I setup a transparent bridge computer, which is able to monitor all network traffic passed through it. It works great, but to make it really useful, it needs some software that can report on the monitored network traffic in a useful manner. I decided to use ntop for this purpose, as it provides powerful reporting on bandwidth usage, which is exactly what I’m after. I’m not a regular Linux user, so I usually take the easy approach and install software through whatever GUI-based software manager is included. When I did this in Linux Mint however, I found the version available was not the latest, which is 5.0.1. I also learned that ntop has since been replaced by ntopng, which wasn’t available through the GUI. I’ve had some college courses in Linux/Unix administration, so I figured I could handle installing it “the hard way”. In this post, I’ll cover how I got ntop 5.0.1 running on my bridge computer.
First, a note about my choice. I went with ntop 5.0.1 rather than the newer ntopng. The reason is simple: I found more documentation on installing ntop than I did for ntopng. Primarily, I relied on these two articles: nTop vs darkstat, and Install ntop on RH Enterprise Linux / CentOS Linux.
Starting with my bridge computer that I already setup (with the bridge interface being br0), here’s what I did. I’ve tested this on both Linux Mint 15 xfce 32-bit and Ubuntu Server 12.04.3 LTS 32-bit.
Install the dependencies:
sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev automake libtool subversion
sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev automake libtool subversion
Then download ntop 5.0.1 from SourceForge, uncompress it, build it, install it and copy the necessary files:
wget --trust-server-name http://sourceforge.net/projects/ntop/files/ntop/Stable/ntop-5.0.1.tar.gz/download
tar xzvf ntop-5.0.1.tar.gz
cd ntop-5.0.1/
./autogen.sh
make
sudo make install
sudo cp /usr/local/lib/libntop* /usr/lib/
wget --trust-server-name http://sourceforge.net/projects/ntop/files/ntop/Stable/ntop-5.0.1.tar.gz/download
tar xzvf ntop-5.0.1.tar.gz
cd ntop-5.0.1/
./autogen.sh
make
sudo make install
sudo cp /usr/local/lib/libntop* /usr/lib/
Before running ntop, I created an ntop user and setup the appropriate permissions:
sudo useradd -M -s /sbin/nologin -r ntop
sudo chown -R ntop:root /usr/local/var/ntop
sudo chown -R ntop:ntop /usr/local/share/ntop
sudo useradd -M -s /sbin/nologin -r ntop
sudo chown -R ntop:root /usr/local/var/ntop
sudo chown -R ntop:ntop /usr/local/share/ntop
Now set the administrator password for ntop’s web interface:
sudo ntop --set-admin-password=1234
sudo ntop --set-admin-password=1234
And it’s ready for testing. Start ntop:
sudo ntop -i "br0" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check -use-syslog=daemon
sudo ntop -i "br0" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check -use-syslog=daemon
Open a web browser and try http://localhost:3000. It works!
Finally, I want it to startup automatically, so i added the following line to /etc/rc.local:
/usr/local/bin/ntop -i "br0" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check -use-syslog=daemon
/usr/local/bin/ntop -i "br0" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check -use-syslog=daemon
Rebooted and tested it again, it works! The only other thing I did for the Linux Mint computer was to install SSH, since it’s not installed automatically:
Sudo apt-get install openssh-server
/etc/init.d/ssh start
Sudo apt-get install openssh-server
/etc/init.d/ssh start
The resulting ntop bridge works great. I’ve had in place at work for over a week without any problems, and it’s helped identify some bandwidth hogs on our network.
Tidak ada komentar:
Posting Komentar