Try to use ntop as NetFlow Collector, that is OSS (Open Source Software) work on CentOS(Linux).
It is recommended to use OSS in my company.
In fact, OSS is comfortable because the plug-in is able to make by myself.
installing ntop
At first, add Repository of EPEL.
Updating yum.
yum update
Creating ntop repository.
vi /etc/yum.repos.d/ntop.repo
[ntop]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri
[ntop-noarch]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/noarch/
enabled=1
gpgcheck=1
Installing ntop.
yum install ntopng ntopng-data
Installing redis server.
Start Services
Start redis server and ntop.
systemctl start redis.service
systemctl status redis.service
● redis.service - Redis persistent key-value database
Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/redis.service.d
mqlimit.confActive: active (running) since Sat 2016-01-23 14:48:01 JST; 9min ago
Main PID: 1248 (redis-server)
CGroup: /system.slice/redis.service
mq1248 /usr/bin/redis-server 127.0.0.1:6379Jan 23 14:48:01 CentOS-01.daichi703n.local systemd[1]: Started Redis persistent key-value database.
Jan 23 14:48:01 CentOS-01.daichi703n.local systemd[1]: Starting Redis persistent key-value database...
Jan 23 14:57:20 CentOS-01.daichi703n.local systemd[1]: Started Redis persistent key-value database.
systemctl start ntopng.service
systemctl status ntopng.service
● ntopng.service - Start/stop ntopng program
Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2016-01-23 14:48:05 JST; 11min ago
Main PID: 1305 (ntopng)
CGroup: /system.slice/ntopng.service
mq1305 /usr/bin/ntopng /etc/ntopng/ntopng.confJan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:158] ERROR: [LICENSE] Invalid or missin...le]
Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:171] WARNING: [LICENSE] ntopng will now...tes
Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:173] WARNING: [LICENSE] before returnin...ode
Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:174] WARNING: [LICENSE] You can buy a p...org
Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:175] WARNING: [LICENSE] or run ntopng i...ing
Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:176] WARNING: [LICENSE] ntopng --community
Jan 23 14:48:05 CentOS-01.daichi703n.local ntopng[1254]: Starting ntopng: 1305
Jan 23 14:48:05 CentOS-01.daichi703n.local ntopng[1254]: [ OK ]
Jan 23 14:48:05 CentOS-01.daichi703n.local systemd[1]: Started Start/stop ntopng program.
Jan 23 14:59:10 CentOS-01.daichi703n.local systemd[1]: Started Start/stop ntopng program.
Hint: Some lines were ellipsized, use -l to show in full.
Paramater of starting ntop
cat /etc/ntopng/ntopng.start
--local-networks "192.168.0.0/24"
--interface 0
Determine the range of Local-Network and Interface.
Check the opening Port 3000.
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 24474/mysqld
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 13913/redis-server
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1302/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2044/master
tcp6 0 0 :::80 :::* LISTEN 2267/httpd
tcp6 0 0 :::22 :::* LISTEN 1302/sshd
tcp6 0 0 :::3000 :::* LISTEN 15188/ntopng
tcp6 0 0 ::1:25 :::* LISTEN 2044/master
Don't miss the FW permission.
firewall-cmd --direct --add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp --dport 3000 -j ACCEPT
Login to ntop
Access with Web Browser to http://[Server IP Address or FQDN]:3000/
Default UserID/Password is admin/admin
Top-page is like below.
First logged in, only monitored local server traffic.
Next step, collect the FlowRecord of Network Devices.
