Install ntopng on Rocky Linux 8

gen_too
|
Last Updated:
|
Monitoring, HowTos
|
Leave a Comment

This guide will take you through how to install ntopng on Rocky Linux 8. ntopng is a high performance web-based network traffic monitoring application. It provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information.

Main ntopng Features

  • Sort network traffic according to many criteria including IP address, port, Layer-7 (L7) application protocols, throughput, Autonomous Systems (ASs)
  • Show realtime network traffic and active hosts
  • Produce long-term reports for several network metrics including throughput and L7 application protocols
  • Top talkers (senders/receivers), top ASs, top L7 application protocols
  • Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted
  • Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses
  • Geolocate and overlay hosts in a geographical map
  • Discover Layer-7 application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology
  • Analyze IP traffic and sort it according to the source/destination
  • Report IP protocol usage sorted by protocol type
  • Produce HTML5/AJAX network traffic statistics
  • Full support for IPv4 and IPv6
  • Full Layer-2 support (including ARP statistics)
  • GTP/GRE detunnelling
  • Support for nIndexMySQLElasticSearch export of monitored data
  • Interactive historical exploration of monitored data exported to nIndex and MySQL
  • Flexible alerts handling
  • SNMP v1/v2c/v3 support and continuous monitoring of SNMP devices
  • Identity Management, including correlation of VPN users to traffic
  • Focused on cybersecurity
  • Behavioral traffic analyses such as lateral movements and periodic traffic detection
  • REST API to ease integrations with third-parties

Install ntopng on Rocky Linux 8

There exists various versions of ntopng. From community versions to Enterprise versions.

We will learn how to install community version of ntopng on Rocky Linux 8.

Install the ntop Packages Repository on Rocky Linux 8

ntopng is not available on default Rocky Linux 8 repositories.

Thus, you need to install the ntop Packages Repository. 

wget https://packages.ntop.org/centos-stable/ntop.repo -O /etc/yum.repos.d/ntop.repo

Install and enable other repositories

dnf install epel-release
dnf install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf config-manager --set-enabled powertools

Install ntopng on Rocky Linux 8

Next, execute the commands below to install ntopng on Rocky Linux 8.

dnf erase zeromq3
dnf install pfring-dkms n2disk nprobe ntopng cento pfring-drivers-zc-dkms

Run ntopng community Version

In order to run the community version of ntopng, edit the configuration file, /etc/ntopng/ntopng.conf, by running the command below;

sed -i 's#-G=/var/run/ntopng.pid#-G=/var/run/ntopng.pid \\n--community#'  /etc/ntopng/ntopng.conf

That is the only configuration we can make in this demo. The file is highly commented and you can read through it for more configuration options.

Running ntopng Service

Start and enable ntopng to run on system boot;

systemctl enable --now ntopng

Check the status;

systemctl status ntopng

● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
   Loaded: loaded (/usr/lib/systemd/system/ntopng.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-07-22 13:20:13 EAT; 12s ago
  Process: 5087 ExecStopPost=/bin/rm -rf /run/ntopng.conf /run/ntopng.conf.raw /run/ntopng.pid (code=exited, status=0/SUCCESS)
  Process: 5510 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|[ ]*--pid.*/s/^/#/" /run/ntopng.conf.raw > /run/ntopng.conf (code=exited, status>
  Process: 5507 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf.d/*.conf >> /run/ntopng.conf.raw 2>/dev/null || true (code=exited, status=0/SUCCESS)
  Process: 5503 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf > /run/ntopng.conf.raw (code=exited, status=0/SUCCESS)
  Process: 5490 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a restore || true (code=exited, statu>
 Main PID: 5512 (ntopng)
    Tasks: 47 (limit: 23673)
   Memory: 203.7M
   CGroup: /system.slice/ntopng.service
           └─5512 /usr/bin/ntopng /run/ntopng.conf

Jul 22 13:20:16 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:16 [Ntop.cpp:882] Adding fe80::301d:abeb:ad8b:6c56/64 as IPv6 local network for enp0s8
Jul 22 13:20:16 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:16 [PeriodicActivities.cpp:107] Started periodic activities loop...
Jul 22 13:20:17 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:17 [startup.lua:50] Processing startup.lua: please hold on...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:144] [lists_utils.lua:758] Refreshing category lists...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:144] [lists_utils.lua:696] Category Lists (695 hosts, 3140 IPs, 99 JA3) loaded in>
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:218] Startup completed: ntopng is now operational
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [PeriodicActivities.cpp:168] Each periodic activity script will use 4 threads
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface lo [id: 1]...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface enp0s3 [id: 2]...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface enp0s8 [id: 3]...

Access ntopng Web Interface

By default, ntopng listens on port 3000/tcp.

ss -altnp | grep 3000
LISTEN 0      128          0.0.0.0:3000      0.0.0.0:*    users:(("ntopng",pid=5512,fd=45))

Hence, open this port on firewalld:

firewall-cmd --permanent --add-port=3000/tcp
firewall-cmd --reload

Next, navigate to http://server-IP:3000

Login using the default credentials: admin:admin and reset the password afterwards.

ntopng login

Some dashboards for ntopng;

dashboard

Alerts

alerts
interface

And that is it. ntopng is now installed and running. You can read further on the documentation page;

ntopng Documentation

Other tutorials

Detecting Malicious Files with Wazuh and VirusTotal

Install Prometheus on Rocky Linux 8

Install Grafana on Rocky Linux 8

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
gen_too
Co-founder of Kifarunix.com, Linux Tips and Tutorials. Linux/Unix admin and author at Kifarunix.com.

Related Posts

Install Elasticsearch 7.x on Ubuntu 18.04/Debian 9.8

Install PostgreSQL 15 on Debian 12

Install Portainer on Ubuntu 22.04

How Small Businesses Can Implement System Security to Keep Their Data Safe

Install Icinga 2 on Debian 10 Buster

Three lucrative online jobs in 2022

Leave a Comment

© 2023 kifarunix.com

Home Advertise with us Privacy Policy