Install ntopng on Rocky Linux 8

This guide will take you through how to install ntopng on Rocky Linux 8. ntopng is a high performance web-based network traffic monitoring application. It provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information.

Installing ntopng on Rocky Linux 8

There exists various versions of ntopng. From community versions to Enterprise versions.

We will learn how to install community version of ntopng on Rocky Linux 8.

Install the ntop Packages Repository on Rocky Linux 8

ntopng is not available on default Rocky Linux 8 repositories.

Thus, you need to install the ntop Packages Repository.

wget https://packages.ntop.org/centos-stable/ntop.repo -O /etc/yum.repos.d/ntop.repo

Install and enable other repositories

dnf install epel-release

dnf install http://rpms.remirepo.net/enterprise/remi-release-8.rpm

dnf config-manager --set-enabled powertools

Install ntopng

Next, execute the commands below to install ntopng.

dnf erase zeromq3

dnf install pfring-dkms n2disk nprobe ntopng cento pfring-drivers-zc-dkms

Run ntopng community Version

In order to run the community version of ntopng, edit the configuration file, /etc/ntopng/ntopng.conf, by running the command below;

sed -i 's#-G=/var/run/ntopng.pid#-G=/var/run/ntopng.pid \\n--community#'  /etc/ntopng/ntopng.conf

That is the only configuration we can make in this demo. The file is highly commented and you can read through it for more configuration options.

Running ntopng Service

Start and enable ntopng to run on system boot;

systemctl enable --now ntopng

Check the status;

systemctl status ntopng

● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
   Loaded: loaded (/usr/lib/systemd/system/ntopng.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-07-22 13:20:13 EAT; 12s ago
  Process: 5087 ExecStopPost=/bin/rm -rf /run/ntopng.conf /run/ntopng.conf.raw /run/ntopng.pid (code=exited, status=0/SUCCESS)
  Process: 5510 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|[ ]*--pid.*/s/^/#/" /run/ntopng.conf.raw > /run/ntopng.conf (code=exited, status>
  Process: 5507 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf.d/*.conf >> /run/ntopng.conf.raw 2>/dev/null || true (code=exited, status=0/SUCCESS)
  Process: 5503 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf > /run/ntopng.conf.raw (code=exited, status=0/SUCCESS)
  Process: 5490 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a restore || true (code=exited, statu>
 Main PID: 5512 (ntopng)
    Tasks: 47 (limit: 23673)
   Memory: 203.7M
   CGroup: /system.slice/ntopng.service
           └─5512 /usr/bin/ntopng /run/ntopng.conf

Jul 22 13:20:16 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:16 [Ntop.cpp:882] Adding fe80::301d:abeb:ad8b:6c56/64 as IPv6 local network for enp0s8
Jul 22 13:20:16 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:16 [PeriodicActivities.cpp:107] Started periodic activities loop...
Jul 22 13:20:17 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:17 [startup.lua:50] Processing startup.lua: please hold on...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:144] [lists_utils.lua:758] Refreshing category lists...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:144] [lists_utils.lua:696] Category Lists (695 hosts, 3140 IPs, 99 JA3) loaded in>
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:218] Startup completed: ntopng is now operational
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [PeriodicActivities.cpp:168] Each periodic activity script will use 4 threads
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface lo [id: 1]...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface enp0s3 [id: 2]...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface enp0s8 [id: 3]...

Access ntopng Web Interface

By default, ntopng listens on port 3000/tcp.

ss -altnp | grep 3000

LISTEN 0      128          0.0.0.0:3000      0.0.0.0:*    users:(("ntopng",pid=5512,fd=45))

Hence, open this port on firewalld:

firewall-cmd --permanent --add-port=3000/tcp

firewall-cmd --reload

Next, navigate to http://server-IP:3000

Login using the default credentials: admin:admin and reset the password afterwards.

Some dashboards for ntopng;

Alerts

And that is it. ntopng is now installed and running. You can read further on the documentation page;

ntopng Documentation

Other tutorials

Detecting Malicious Files with Wazuh and VirusTotal

Install Prometheus on Rocky Linux 8

Install Grafana on Rocky Linux 8