Sunday, February 15, 2015

ntopng 1.2.2 on Ubuntu 14.04, revisited

I was doing some random research on ntopng a few days ago and I happened to stumble upon a page that was linking to my own blog. I didn't ever think I'd see the day where someone would link to one of my tutorials, especially on a sub-Reddit. This blog was mainly created for myself, little things like this motivate me to post more often.

My ntopng on Ubuntu 14.04 LTS Server post was created only 7 months ago. Unfortunately my tutorial didn't work out for that individual user, and it goes to show how quickly documentation can become inconsistent, especially in the open source world. So I've decided to revisit the topic and redocument it again from scratch; below are directions for installing ntopng 1.2.2 on Ubuntu 14.04.

Installing ntopng

Directions for installing ntopng seem liked they are far more streamlined compared to when I first did this last July. I'll be simply following the ntop.org official directions for their stable build packages.

Pull down the apt-ntop-stable.deb package using wget, and install with dpkg:

ubuntu@ubuntu-14-04:~$ sudo -i
[sudo] password for ubuntu: 

root@ubuntu-14-04:~# wget http://www.nmon.net/apt-stable/14.04/all/apt-ntop-stable.deb
root@ubuntu-14-04:~# ls
apt-ntop-stable.deb

root@ubuntu-14-04:~# dpkg -i apt-ntop-stable.deb 
Selecting previously unselected package apt-ntop-stable.
(Reading database ... 55712 files and directories currently installed.)
Preparing to unpack apt-ntop-stable.deb ...
Unpacking apt-ntop-stable (2.1-288) ...
Setting up apt-ntop-stable (2.1-288) ...
Adding ntop key to apt keyring
OK

The apt-ntop-stable.deb package doesn't install ntopng itself, it's simply files to add the repository. See below:

root@ubuntu-14-04:~# dpkg -l | grep ntop
ii  apt-ntop-stable       2.1-288        all          ntop apt package repository

root@ubuntu-14-04:~# dpkg -L apt-ntop-stable
/.
/etc
/etc/nbox
/etc/nbox/ntop-apt.key
/etc/apt
/etc/apt/sources.list.d
/etc/apt/sources.list.d/ntop-stable.list

Run apt-get update to update your system repositories and install the packages as per directions:

root@ubuntu-14-04:~# apt-get update
root@ubuntu-14-04:~# apt-get -y install pfring nprobe ntopng ntopng-data n2disk nbox

Here's a short description of what each package in the family does:

root@ubuntu-14-04:~# dpkg -s pfring nprobe ntopng ntopng-data n2disk nbox | egrep "^Package|^Description"

Package: pfring
Description: PF_RING (http://www.ntop.org/pf_ring/)

Package: nprobe
Description: A network probe.

Package: ntopng
Description: Web-based traffic monitoring.

Package: ntopng-data
Description: Data files (geoip) for ntopng.

Package: n2disk
Description: A packet-to-disk application.

Package: nbox
Description: Web management interface for ntop apps.
  • pfring is a module that allows for high-speed package captures, it's recommended to enable this if you plan on capturing on high-traffic interfaces.
  • nProbe is simply the NetFlow probe, for example you can setup multiple probes throughout your network and send all the NetFlow data to a central ntopng instance to visualize all the traffic.
  • n2disk allows you to efficiently write huge volumes of packet captures to disk without packet loss.

A lot of packages will be installed, and at the very end you should see the following message:

IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT

You can now point your browser to https://localhost/

The default user is nbox with password nbox

IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT
  • Don't forget that the address is https and not regular https. If you use http it will direct you to the Apache2 Ubuntu Default Page.

Before you visit the https://localhost page, however, restart the apache2 service:

root@ubuntu-14-04:~# service apache2 restart
 * Restarting web server apache2                                                                                              AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

I was getting a Service Unavailable error, and the restart fixed this.

Starting ntopng with the nBox web GUI

Unlike before where we had to configure things manually, the new ntop UI or nBox web GUI makes many of the configurations trivial.

After logging into https://localhost with the default credentials (nbox:nbox), at the top of the nBox dashboard:

  • Applications > ntopng
  • Under the Configuration > General
  • Select which interfaces you want to monitor. If you want to select multiple, hold <Ctrl> and click.
  • Enable the service to startup automatically, if needed.

You can edit other settings under Hosts, Flows, Directory, and Advanced.

When finished, click Save Changes. Then click back to the Status tab, and click On for the interface you selected.

The interface will tell you that you can now access ntopng at the http://<server IP>:3000 address.

Note that additional changes under the Configuration tab first require you to stop the ntopng service by clicking the Off button for your interface under the Status tab.

Change those default credentials

nBox GUI

On the of the nBox web GUI, System > Users. Web Users > for the already selected nbox user click Change Pwd.

ntopng GUI

The default username and password for the ntopng web interface is admin. To change the defaults, after logging into the web interface, click the Gear Icon > Manage Users, for the admin user, click Manage and change the password.

Conclusion

The nBox web UI greatly simplified configuration of all the components of the ntop family, in addition, it's refreshing to see that the ntopng UI is becoming more and more refined with each release.

7 comments:

  1. I just wanted to thank you for this article. this is just what I was looking for and it couldnt be anymore helpful. You are a genius.

    ReplyDelete
  2. Very good Documentation worked just copying and pasting the commands

    ReplyDelete
  3. Thank you so much, lot days ago i'm trying to install with some errors, i'm a newbie but your tutorial was easy and your skills light my dark way thank you so much.

    ReplyDelete
  4. Hi,

    I'm Trying to follow the steps indicated here but i encountered an error in the first part of the blog which is:
    root@ubuntu-14-04:~# wget http://www.nmon.net/apt-stable/14.04/all/apt-ntop-stable.deb
    root@ubuntu-14-04:~# ls
    apt-ntop-stable.deb

    root@ubuntu-14-04:~# dpkg -i apt-ntop-stable.deb
    Selecting previously unselected package apt-ntop-stable.
    (Reading database ... 55712 files and directories currently installed.)
    Preparing to unpack apt-ntop-stable.deb ...
    Unpacking apt-ntop-stable (2.1-288) ...
    Setting up apt-ntop-stable (2.1-288) ...
    Adding ntop key to apt keyring
    OK


    can you help me solve this.
    thanks

    ReplyDelete
  5. http://www.nmon.net/ 无法访问. 源地址变了么

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete