CentOS 7 – Installing ntop (ntopng in fact) using RPM packages

Updated 9/11/2015: New instructions on how to start and configure ntopng, after Ntop has changed the behaviour. New CentOS repository added. Hiredis is now needed. Thanks so much to Shashi and Steven for your comments.

—

Ntop NG is an extraordinary tool that helps you to know more about your network traffic. It has a lot of great features and I use it mainly to know quickly what kind of traffic is being generated in my network lab thanks to its web interface with summaries and rrd charts. It supports sFlow so it will be great to use it with openvswitch and get some statistics.

Ntop offers RPM packages for both CentOS/RHEL 6 and CentOS/RHEL 7 so it’s very easy to install.

First of all we’re going to add the EPEL repository:

yum install epel-release wget

We’ll need to install the latest RPM packages: ntopng-data and ntopng.

Let’s create the ntop repository for the nightly builds:

cat <<EOT > /etc/yum.repos.d/ntop.repo
[ntop]
name=ntop packages
baseurl=http://packages.ntop.org/centos/\$releasever/\$basearch/
enabled=1
gpgcheck=1
gpgkey=http://packages.ntop.org/centos/RPM-GPG-KEY-deri
[ntop-noarch]
name=ntop packages
baseurl=http://packages.ntop.org/centos/\$releasever/noarch/
enabled=1
gpgcheck=1
gpgkey=http://packages.ntop.org/centos/RPM-GPG-KEY-deri
EOT

Let’s install the packages. We’ll have to accept Luca Deri’s GPG key:

yum install ntopng ntopng-data

Updated (thanks to Davide Lorenzetti for his comment): Let’s install the hiredis-devel package and start the redis server before starting ntopng. You can also enable the service to start at boot time using: systemctl enable redis.service

yum install hiredis-devel
systemctl start redis.service

Let’s start ntopng using systemctl.

systemctl start ntopng.service

Ntop will create a default configuration file at /etc/ntopng/ntopng.conf, however if you check the status, you’ll see that NTOP warns you about no Pro licence is found and so it will run in community mode after 10 minutes.

systemctl status ntopng
oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:145] WARNING: [LICENSE] ntopng will now run in pro mode for 10 minutes oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:147] WARNING: [LICENSE] before returning to community mode oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:148] WARNING: [LICENSE] You can buy a permanent license at http://shop.ntop.org oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:149] WARNING: [LICENSE] or run ntopng in community mode starting oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:150] WARNING: [LICENSE] ntopng --community oct 16 19:29:39 tornasol.artemit.lab ntopng[3001]: [src/HTTPserver.cpp:486] ERROR: Unable to start HTTP server (IPv4) on ports 3000,3001s Success

As we have no Pro licence (unless you get one of course) we can edit /etc/ntopng/ntopng.conf file to remove the warnings (I’ve added a \ after the pid file):

-G=/var/tmp/ntopng.pid\
--community

We’ll restart ntopng and check the status again:

systemctl restart ntopng
systemctl status ntopng
ntopng.service - Start/stop ntopng program Loaded: loaded (/etc/systemd/system/ntopng.service; enabled) Active: active (running) since vie 2015-10-16 21:19:52 CEST; 21s ago Process: 1711 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS) Process: 1756 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, status=0/SUCCESS) Main PID: 1762 (ntopng) CGroup: /system.slice/ntopng.service └─1762 /usr/bin/ntopng /etc/ntopng/ntopng.conf oct 16 21:19:52 tornasol.artemit.lab ntopng[1756]: Starting ntopng: [ OK ] oct 16 21:19:52 tornasol.artemit.lab systemd[1]: Started Start/stop ntopng program.

Sweet. You can also enable the service to start at boot time using:

systemctl enable redis.service
systemctl enable ntopng.service

Ntopng listens by default at the 3000 TCP port so you’ll need a firewall rule if trying
to get access from a remote machine. If using the dynamic firewall daemon you can use
firewall-cmd to configure the firewall to allow traffic to 3000 port coming from a specific IP address (-s X.X.X.X, e.g my IP is 192.168.5.100). Note that this rule is not permanent.

firewall-cmd --direct --add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp --dport 3000 -s 192.168.5.100 -j ACCEPT

Using a web browser, introduce the IP address of the host running ntop specifying port 3000(e.g http://192.168.1.185:3000). If a login/password shows, enter user admin and password admin and enjoy your ntopng network monitor!

If you want to set any configuration options to /etc/ntopng/ntopng.conf file, I found it a little tricky so read the man page (man ntopng). I’ll update this post offering some examples.

A big thank you to Luca Deri and Ntop’s team!

Cheers!

P.S: If you want to use SSL with the web interface please read my post