I was doing some random research on ntopng
a few days ago and I happened to stumble upon a page that was linking to my own blog. I didn't ever think I'd see the day where someone would link to one of my tutorials, especially on a sub-Reddit. This blog was mainly created for myself, little things like this motivate me to post more often.
My ntopng on Ubuntu 14.04 LTS Server post was created only 7 months ago. Unfortunately my tutorial didn't work out for that individual user, and it goes to show how quickly documentation can become inconsistent, especially in the open source world. So I've decided to revisit the topic and redocument it again from scratch; below are directions for installing ntopng
1.2.2 on Ubuntu 14.04.
Installing ntopng
Directions for installing ntopng
seem liked they are far more streamlined compared to when I first did this last July. I'll be simply following the ntop.org official directions for their stable build packages.
Pull down the apt-ntop-stable.deb
package using wget
, and install with dpkg
:
ubuntu@ubuntu-14-04:~$ sudo -i [sudo] password for ubuntu: root@ubuntu-14-04:~# wget http://www.nmon.net/apt-stable/14.04/all/apt-ntop-stable.deb root@ubuntu-14-04:~# ls apt-ntop-stable.deb root@ubuntu-14-04:~# dpkg -i apt-ntop-stable.deb Selecting previously unselected package apt-ntop-stable. (Reading database ... 55712 files and directories currently installed.) Preparing to unpack apt-ntop-stable.deb ... Unpacking apt-ntop-stable (2.1-288) ... Setting up apt-ntop-stable (2.1-288) ... Adding ntop key to apt keyring OK
The apt-ntop-stable.deb
package doesn't install ntopng
itself, it's simply files to add the repository. See below:
root@ubuntu-14-04:~# dpkg -l | grep ntop ii apt-ntop-stable 2.1-288 all ntop apt package repository root@ubuntu-14-04:~# dpkg -L apt-ntop-stable /. /etc /etc/nbox /etc/nbox/ntop-apt.key /etc/apt /etc/apt/sources.list.d /etc/apt/sources.list.d/ntop-stable.list
Run apt-get update
to update your system repositories and install the packages as per directions:
root@ubuntu-14-04:~# apt-get update root@ubuntu-14-04:~# apt-get -y install pfring nprobe ntopng ntopng-data n2disk nbox
Here's a short description of what each package in the family does:
root@ubuntu-14-04:~# dpkg -s pfring nprobe ntopng ntopng-data n2disk nbox | egrep "^Package|^Description" Package: pfring Description: PF_RING (http://www.ntop.org/pf_ring/) Package: nprobe Description: A network probe. Package: ntopng Description: Web-based traffic monitoring. Package: ntopng-data Description: Data files (geoip) for ntopng. Package: n2disk Description: A packet-to-disk application. Package: nbox Description: Web management interface for ntop apps.
- pfring is a module that allows for high-speed package captures, it's recommended to enable this if you plan on capturing on high-traffic interfaces.
- nProbe is simply the NetFlow probe, for example you can setup multiple probes throughout your network and send all the NetFlow data to a central
ntopng
instance to visualize all the traffic. - n2disk allows you to efficiently write huge volumes of packet captures to disk without packet loss.
A lot of packages will be installed, and at the very end you should see the following message:
IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT You can now point your browser to https://localhost/ The default user is nbox with password nbox IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT
- Don't forget that the address is https and not regular https. If you use http it will direct you to the Apache2 Ubuntu Default Page.
Before you visit the https://localhost page, however, restart the apache2
service:
root@ubuntu-14-04:~# service apache2 restart * Restarting web server apache2 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
I was getting a Service Unavailable error, and the restart fixed this.
Starting ntopng with the nBox web GUI
Unlike before where we had to configure things manually, the new ntop UI or nBox web GUI makes many of the configurations trivial.
After logging into https://localhost with the default credentials (nbox:nbox
), at the top of the nBox dashboard:
- Applications > ntopng
- Under the Configuration > General
- Select which interfaces you want to monitor. If you want to select multiple, hold <Ctrl> and click.
- Enable the service to startup automatically, if needed.
You can edit other settings under Hosts, Flows, Directory, and Advanced.
When finished, click Save Changes. Then click back to the Status tab, and click On for the interface you selected.
The interface will tell you that you can now access ntopng
at the http://<server IP>:3000 address.
Note that additional changes under the Configuration tab first require you to stop the ntopng
service by clicking the Off button for your interface under the Status tab.
Change those default credentials
nBox GUI
On the of the nBox web GUI, System > Users. Web Users > for the already selected nbox user click Change Pwd.
ntopng GUI
The default username and password for the ntopng
web interface is admin
. To change the defaults, after logging into the web interface, click the Gear Icon > Manage Users, for the admin
user, click Manage and change the password.
Conclusion
The nBox web UI greatly simplified configuration of all the components of the ntop family, in addition, it's refreshing to see that the ntopng UI is becoming more and more refined with each release.