designetwork(EN)

IT technical memo of networking

ntop (Flow Collector) install to CentOS7

f:id:daichi703n:20160123154517p:plain

Try to use ntop as NetFlow Collector, that is OSS (Open Source Software) work on CentOS(Linux).
It is recommended to use OSS in my company.
In fact, OSS is comfortable because the plug-in is able to make by myself.

installing ntop

At first, add Repository of EPEL.

yum install epel-release wget

Updating yum.

yum update

Creating ntop repository.

vi /etc/yum.repos.d/ntop.repo

[ntop]

name=ntop packages

baseurl=http://www.nmon.net/centos-stable/$releasever/$basearch/

enabled=1

gpgcheck=1

gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri

[ntop-noarch]

name=ntop packages

baseurl=http://www.nmon.net/centos-stable/$releasever/noarch/

enabled=1

gpgcheck=1

gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri

Installing ntop.

yum install ntopng ntopng-data

Installing redis server.

yum install redis php-pecl-redis yum install hiredis-devel

Start Services

Start redis server and ntop.

systemctl start redis.service

systemctl status redis.service

● redis.service - Redis persistent key-value database

Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled)

Drop-In: /etc/systemd/system/redis.service.d

       mqlimit.conf

Active: active (running) since Sat 2016-01-23 14:48:01 JST; 9min ago

Main PID: 1248 (redis-server)

CGroup: /system.slice/redis.service

       mq1248 /usr/bin/redis-server 127.0.0.1:6379

Jan 23 14:48:01 CentOS-01.daichi703n.local systemd[1]: Started Redis persistent key-value database.

Jan 23 14:48:01 CentOS-01.daichi703n.local systemd[1]: Starting Redis persistent key-value database...

Jan 23 14:57:20 CentOS-01.daichi703n.local systemd[1]: Started Redis persistent key-value database.

systemctl start ntopng.service

systemctl status ntopng.service

● ntopng.service - Start/stop ntopng program

Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: disabled)

Active: active (running) since Sat 2016-01-23 14:48:05 JST; 11min ago

Main PID: 1305 (ntopng)

CGroup: /system.slice/ntopng.service

       mq1305 /usr/bin/ntopng /etc/ntopng/ntopng.conf

Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:158] ERROR: [LICENSE] Invalid or missin...le]

Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:171] WARNING: [LICENSE] ntopng will now...tes

Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:173] WARNING: [LICENSE] before returnin...ode

Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:174] WARNING: [LICENSE] You can buy a p...org

Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:175] WARNING: [LICENSE] or run ntopng i...ing

Jan 23 14:48:03 CentOS-01.daichi703n.local ntopng[1305]: [NtopPro.cpp:176] WARNING: [LICENSE] ntopng --community

Jan 23 14:48:05 CentOS-01.daichi703n.local ntopng[1254]: Starting ntopng: 1305

Jan 23 14:48:05 CentOS-01.daichi703n.local ntopng[1254]: [ OK ]

Jan 23 14:48:05 CentOS-01.daichi703n.local systemd[1]: Started Start/stop ntopng program.

Jan 23 14:59:10 CentOS-01.daichi703n.local systemd[1]: Started Start/stop ntopng program.

Hint: Some lines were ellipsized, use -l to show in full.

Paramater of starting ntop

cat /etc/ntopng/ntopng.start

--local-networks "192.168.0.0/24"

--interface 0

Determine the range of Local-Network and Interface.
Check the opening Port 3000.

netstat -tanp | grep LISTEN

tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 24474/mysqld

tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 13913/redis-server

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1302/sshd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2044/master

tcp6 0 0 :::80 :::* LISTEN 2267/httpd

tcp6 0 0 :::22 :::* LISTEN 1302/sshd

tcp6 0 0 :::3000 :::* LISTEN 15188/ntopng

tcp6 0 0 ::1:25 :::* LISTEN 2044/master

Don't miss the FW permission.

firewall-cmd --direct --add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp --dport 3000 -j ACCEPT


Login to ntop

Access with Web Browser to http://[Server IP Address or FQDN]:3000/

f:id:daichi703n:20160123154732p:plain

Default UserID/Password is admin/admin

Top-page is like below.
f:id:daichi703n:20160123154513p:plain First logged in, only monitored local server traffic.

Next step, collect the FlowRecord of Network Devices.


This Blog is English Version of my JP's.

Sorry if my English sentences are incorrect.

designetwork