CentOS 7 – Installing ntop (ntopng in fact) using RPM packages

Updated 9/11/2015: New instructions on how to start and configure ntopng, after Ntop has changed the behaviour. New CentOS repository added. Hiredis is now needed. Thanks so much to Shashi and Steven for your comments.

Ntop NG is an extraordinary tool that helps you to know more about your network traffic. It has a lot of great features and I use it mainly to know quickly what kind of traffic is being generated in my network lab thanks to its web interface with summaries and rrd charts. It supports sFlow so it will be great to use it with openvswitch and get some statistics.

Ntop offers RPM packages for both CentOS/RHEL 6 and CentOS/RHEL 7 so it’s very easy to install.

First of all we’re going to add the EPEL repository:

yum install epel-release wget

We’ll need to install the latest RPM packages: ntopng-data and ntopng.

Let’s create the ntop repository for the nightly builds:

cat <<EOT > /etc/yum.repos.d/ntop.repo
[ntop]
name=ntop packages
baseurl=http://packages.ntop.org/centos/\$releasever/\$basearch/
enabled=1
gpgcheck=1
gpgkey=http://packages.ntop.org/centos/RPM-GPG-KEY-deri
[ntop-noarch]
name=ntop packages
baseurl=http://packages.ntop.org/centos/\$releasever/noarch/
enabled=1
gpgcheck=1
gpgkey=http://packages.ntop.org/centos/RPM-GPG-KEY-deri
EOT

Let’s install the packages. We’ll have to accept Luca Deri’s GPG key:

yum install ntopng ntopng-data

Updated (thanks to Davide Lorenzetti for his comment): Let’s install the hiredis-devel package and start the redis server before starting ntopng. You can also enable the service to start at boot time using: systemctl enable redis.service

yum install hiredis-devel
systemctl start redis.service

Let’s start ntopng using systemctl.

systemctl start ntopng.service

Ntop will create a default configuration file at /etc/ntopng/ntopng.conf, however if you check the status, you’ll see that NTOP warns you about no Pro licence is found and so it will run in community mode after 10 minutes.

systemctl status ntopng
oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:145] WARNING: [LICENSE] ntopng will now run in pro mode for 10 minutes oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:147] WARNING: [LICENSE] before returning to community mode oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:148] WARNING: [LICENSE] You can buy a permanent license at http://shop.ntop.org oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:149] WARNING: [LICENSE] or run ntopng in community mode starting oct 16 19:29:38 tornasol.artemit.lab ntopng[3001]: [pro/NtopPro.cpp:150] WARNING: [LICENSE] ntopng --community oct 16 19:29:39 tornasol.artemit.lab ntopng[3001]: [src/HTTPserver.cpp:486] ERROR: Unable to start HTTP server (IPv4) on ports 3000,3001s Success

As we have no Pro licence (unless you get one of course) we can edit /etc/ntopng/ntopng.conf file to remove the warnings (I’ve added a \ after the pid file):

-G=/var/tmp/ntopng.pid\
--community

We’ll restart ntopng and check the status again:

systemctl restart ntopng
systemctl status ntopng
ntopng.service - Start/stop ntopng program Loaded: loaded (/etc/systemd/system/ntopng.service; enabled) Active: active (running) since vie 2015-10-16 21:19:52 CEST; 21s ago Process: 1711 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS) Process: 1756 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, status=0/SUCCESS) Main PID: 1762 (ntopng) CGroup: /system.slice/ntopng.service └─1762 /usr/bin/ntopng /etc/ntopng/ntopng.conf oct 16 21:19:52 tornasol.artemit.lab ntopng[1756]: Starting ntopng: [ OK ] oct 16 21:19:52 tornasol.artemit.lab systemd[1]: Started Start/stop ntopng program.

Sweet. You can also enable the service to start at boot time using:

systemctl enable redis.service
systemctl enable ntopng.service

Ntopng listens by default at the 3000 TCP port so you’ll need a firewall rule if trying
to get access from a remote machine. If using the dynamic firewall daemon you can use
firewall-cmd to configure the firewall to allow traffic to 3000 port coming from a specific IP address (-s X.X.X.X, e.g my IP is 192.168.5.100). Note that this rule is not permanent.

firewall-cmd --direct --add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp --dport 3000 -s 192.168.5.100 -j ACCEPT

Using a web browser, introduce the IP address of the host running ntop specifying port 3000(e.g http://192.168.1.185:3000). If a login/password shows, enter user admin and password admin and enjoy your ntopng network monitor!

ntop_screenshot

If you want to set any configuration options to /etc/ntopng/ntopng.conf file, I found it a little tricky so read the man page (man ntopng). I’ll update this post offering some examples.

A big thank you to Luca Deri and Ntop’s team!

Cheers!

P.S: If you want to use SSL with the web interface please read my post

Advertisements

35 thoughts on “CentOS 7 – Installing ntop (ntopng in fact) using RPM packages

  1. Davide Lorenzetti says:

    I have installed ntop using this procedure but don’t run; i receive the following error:

    [root@CentOS-7 /]# systemctl -l status ntopng.service
    ntopng.service – LSB: Start/stop ntopng web
    Loaded: loaded (/etc/rc.d/init.d/ntopng)
    Active: active (exited) since Fri 2015-04-03 21:39:29 CEST; 9s ago
    Process: 3027 ExecStart=/etc/rc.d/init.d/ntopng start (code=exited, status=0/SUCCESS)

    Apr 03 21:39:29 CentOS-7.0 ntopng[3027]: Starting ntopng: [ OK ]
    Apr 03 21:39:29 CentOS-7.0 systemd[1]: Started LSB: Start/stop ntopng web.
    Apr 03 21:39:29 CentOS-7.0 ntopng[3033]: [Redis.cpp:77] ERROR: ntopng requires redis serv
    er to be up and running
    [root@CentOS-7 /]#

    Like

    • n40lab says:

      First of all, my apologies for being so late answering you. I’ve been checking the steps in the post and you’re absolutely right I’ve updated the post for the steps missing. Once again thank you for your feedback and sorry for not posting the missing step earlier.

      Like

    • n40lab says:

      My apologies for answering you so late. There’s no need to use httpd as NTOPNG already offers one, however one step was missing in the post… I’ve updated the post adding how to start the REDIS server as it’s needed to run ntopng properly. Sorry for the inconvenience. Thanks for your feedback.

      Like

  2. Shashi Harkara says:

    Hi
    I am using centos 7 and I have followed the steps to installed it but it is not working for me.
    First this is sample file is missing so i cannot copy it.
    Secondly, I cannot access using web browser.

    Like

    • n40lab says:

      Hi Shashi,
      thanks for your post. Sorry being late, I’ve been busy at work, It seems that Ntop changed the way their RPM work. I’ve updated and checked that the steps are ok. Please let me know if the steps provided work for you and send me any comment.

      Cheers!

      Like

  3. Steven says:

    Hi there, thanks for the info! I need some help getting mine running. Whenever I try to run ntopng it’s giving me a license error. Invalid or missing ntpong License [Empty License File].

    Is there something I missed? Thanks 🙂

    Like

    • n40lab says:

      Hi Steven,
      thanks for your post. It seems that Ntop shows this message so you can check that you can get a Pro licence, however you can still use the community edition after 10 minutes. Anyway I’ve updated the post so you can remove those warnings. Please let me know if the steps provided work for you.

      Cheers

      Like

  4. abiags@live.com says:

    Hello N40LAB,
    After a long fight, I were able to complete the installation on CentOS 7 using your updated repo and instructions. But after completing the installation everything looks good except- “This webpage is not available”. Below is the status message. Can you please help me on this.
    # sudo systemctl -l status ntopng.service
    ntopng.service – Start/stop ntopng program
    Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
    Active: activating (start) since Sun 2015-10-18 18:09:03 AFT; 4s ago
    Process: 23858 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
    Control: 23866 (ntopng)
    CGroup: /system.slice/ntopng.service
    ├─23866 /bin/bash /etc/systemd/scripts/ntopng start
    └─23897 sleep 1

    Oct 18 18:09:03 localhost.localdomain systemd[1]: Starting Start/stop ntopng program…
    Oct 18 18:09:03 localhost.localdomain ntopng[23866]: Starting ntopng: /usr/bin/ntopng: error while loading shared libraries: libhiredis.so.0.12: cannot open shared object file: No such file or directory

    Like

    • n40lab says:

      Hi,
      assuming that Redis server has been started (systemctl start redis) try installing the hiredis-devel package: yum install hiredis-devel. Let me know if that solves your problem, if not I will re-check all the steps provided in a fresh CentOS 7 vm.

      Thanks for your feedback

      Like

    • n40lab says:

      I’ve updated the post. It seems that now hiredis is needed. Sorry about that error, but I’m using the nightly builds so these things can happen. I’ve tried to use the stable rpm but have found some problems so that’s why the post is using nightly builds.

      Like

  5. abiags@live.com says:

    Hello N40LAB,
    First of all thank you very much for the support. Here is the installation output of hiredis-level:
    $ sudo yum install hiredis-level
    [sudo] password for abi:
    Loaded plugins: fastestmirror, langpacks
    Loading mirror speeds from cached hostfile
    * base: centos.excellmedia.net
    * epel: fedora-epel.mirror.lstn.net
    * extras: centos.excellmedia.net
    * updates: centos.excellmedia.net
    No package hiredis-level available.
    Error: Nothing to do

    Here is the status of redis and ntopng
    $ systemctl -l status redis.service
    redis.service – Redis persistent key-value database
    Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled)
    Drop-In: /etc/systemd/system/redis.service.d
    └─limit.conf
    Active: active (running) since Mon 2015-10-19 09:11:43 AFT; 16min ago
    Main PID: 1330 (redis-server)
    CGroup: /system.slice/redis.service
    └─1330 /usr/bin/redis-server 127.0.0.1:6379
    $ systemctl -l status ntopng.service
    ntopng.service – Start/stop ntopng program
    Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
    Active: activating (start) since Mon 2015-10-19 10:12:55 AFT; 613ms ago
    Process: 31005 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
    Control: 31016 (ntopng)
    CGroup: /system.slice/ntopng.service
    ├─31016 /bin/bash /etc/systemd/scripts/ntopng start
    └─31027 sleep 1
    By the way this morning I have issed yum install update and some updates were installed for ntopng 2.x.x. about 50Mb.
    Thanks in advance..

    Like

    • n40lab says:

      Hi, there is a typo in the package name, should be hiredis-devel instead of hiredis-level, that will solve the problem. Thanks for the news about updates I’ll check them to test the stable version again. Keep me informed if you succeed installing ntop. Cheers

      Like

  6. Abi says:

    Hello N40LAB,
    Finally the installation part is over. The last one was my typo mistake; apologies for that. The ntopng service is up and running on the server computer, but unable to access the web page on a computer on the same network (either hostname:3000 or IP Address:3000 doesn’t open the NTOP page). Matter of fact I have added the firewall rule-
    “firewall-cmd –direct –add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp –dport 3000 -s Server_IP -j ACCEPT”
    other than that still trying to configure, have no clue where to start :(. Basic configuration showing some netflow and traffic.
    Your help and support is really great and highly appreciated.

    Like

    • n40lab says:

      Glad you got it! Yes, the firewall rule is needed (don’t forget to use –permanent so it survives a reboot). Though I’ve intentions on publishing a post about using ntop, I’m having problems to find time, I’d suggest you to read the official ntopng user’s manual from Luca Deri (https://github.com/ntop/ntopng/blob/dev/doc/UserGuide.pdf), anyway you’ll quickly learn how to use it properly. If you need any help or want to comment anything please contact me. Cheers!

      Like

  7. guebre ismael says:

    Hello N40LAB.

    I was able to install the ntopng but the concern is that I can not enter my browser. the server ip address is: 192.168.1.100 for the firewall so I did: [root @ localhost serverntop] # firewall-cmd –direct –add-rule ipv4 filter IN_public_allow -m tcp -p tcp 0 – dport 3000 -s 192.168.1.100 -j ACCEPT
    success.

    [root@localhost serverntop]# systemctl status ntopng
    ntopng.service – Start/stop ntopng program
    Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
    Active: active (running) since jeu. 2015-10-29 01:25:12 GMT; 8s ago
    Process: 29723 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
    Process: 29769 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, status=0/SUCCESS)
    Main PID: 29775 (ntopng)
    CGroup: /system.slice/ntopng.service
    └─29775 /usr/bin/ntopng /etc/ntopng/ntopng.conf

    oct. 29 01:25:12 localhost.localdomain ntopng[29769]: Starting ntopng: [ OK ]
    oct. 29 01:25:12 localhost.localdomain systemd[1]: Started Start/stop ntopng program.

    what should I do? thank you in advance!!!

    Like

    • n40lab says:

      Hi there! You’ve a problem in the firewall rule. After the -s flag you should enter the ip of the machine where you are using the browser (source), the ip you’ve entered is the server’s address so it does not work. Alternatively remove -s ip_address if you don’t want to restrict who is accesing ntop. And don’t forget to add –permanent at the end of the command if you want the rule to be applied anytime your server is booted. If you need more help please contact me! Thanks for your feedback.

      Like

    • GUEBRE ISMAEL says:

      it’s good, I can connect now but making: [root @ localhost serverntop] # firewall-cmd –direct –add-rule ipv4 filter IN_public_allow -m tcp -p tcp 0 3000 –dport -s j ACCEPT 192.168.1.101 with adreese IP of the machine with the browser. the other when I do anything it to errors. many limit if I want connceter me with another machine. the other will be better but I get errors when I do [root @ localhost serverntop] # firewall-cmd –direct –add-rule ipv4 filter IN_public_allow -m tcp -p tcp 0 3000 –dport j ACCEPT – -permanent. what should I do? thank you in advance!!!

      Excuse me if you have messages that are repeated, There are connection problems in armament delivered slowly.

      Like

  8. GUEBRE ISMAEL says:

    thank you for your response makes me feel good. that’s right, I used the IP address of the server. so if I do then I have to include:
       [root @ localhost serverntop] # firewall-cmd –direct –add-rule ipv4 filter IN_public_allow -m tcp -p tcp 0 3000 –dport j ACCEPT –permanent

    thank you for all your help.

    Like

  9. Anonymous says:

    Hi…

    I got an error to start ntopng…after install

    [root@ICSIN04NTOP01 ~]# systemctl status ntopng
    ntopng.service – Start/stop ntopng program
    Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
    Active: activating (auto-restart) since Mon 2015-11-09 10:24:51 SGT; 891ms ag o
    Process: 14373 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status= 0/SUCCESS)
    Process: 14370 ExecStart=/etc/systemd/scripts/ntopng start (code=exited, statu s=0/SUCCESS)

    Like

    • n40lab says:

      Hi there!,
      I can’t find the error in your output, is the service starting but not finishing?. Have you looked /var/log/messages to find more information about the possible failure. This evening I’ll check again the installation steps and let you know if they still work for me.

      Thanks!

      Like

  10. n40lab says:

    Hi, I’ve rechecked the steps and there was a typo (–community and not –community= ) however if your ntopng is in state activating check that you’ve already started the Redis server first (systemctl start redis.service). If you need help, let me know.

    Like

  11. Brad says:

    Hi, not having much luck getting ntop started…

    25/Nov/2015 13:15:03 [Ntop.cpp:1152] Registered interface eth0 [id: 0]
    25/Nov/2015 13:15:03 [Ntop.cpp:1165] Registered interface view eth0 [id: 0]
    25/Nov/2015 13:15:03 [Utils.cpp:304] User changed to nobody
    25/Nov/2015 13:15:03 [main.cpp:240] PID stored in file /var/tmp/ntopng.pid
    25/Nov/2015 13:15:03 [HTTPserver.cpp:451] Found SSL certificate /usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem
    25/Nov/2015 13:15:03 [HTTPserver.cpp:495] ERROR: Unable to start HTTP server (IPv4) on ports 3000,3001s: No such file or directory

    This only happens when I enable HTTPS (I followed the guide on Github). If I disable HTTPS and use only HTTP, it automatically redirects to HTTPS and thus fails to connect.

    Like

    • n40lab says:

      Hi Brad,
      I’ve succeded. Please run: yum install openssl openssl-devel so you have the openssl libraries needed by the mongoose webserver used in ntopng. I’ve created a new post explaining the full steps I’ve followed if you need more help.

      Cheers

      Like

  12. clarksson says:

    i did read your post about you dident have time, tho i have to ask, i followed your updated guide, my firewalld is turned off, i have good hardware FW on my LAN and ntopng will only be used on this fiberoptic LAN for privet use.

    my redis.service having problem to get it running. 😦

    [root@FileServer bin]# systemctl start redis.service
    [root@FileServer bin]# systemctl status redis.service
    redis.service – Redis persistent key-value database
    Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled)
    Drop-In: /etc/systemd/system/redis.service.d
    └─limit.conf
    Active: failed (Result: exit-code) since Sun 2015-11-29 01:36:15 CET; 13s ago
    Process: 6674 ExecStop=/usr/bin/redis-shutdown (code=exited, status=127)
    Process: 6672 ExecStart=/usr/bin/redis-server /etc/redis.conf –daemonize no (code=exited, status=127)
    Main PID: 6672 (code=exited, status=127)
    CGroup: /system.slice/redis.service

    Nov 29 01:36:15 FileServer.lan systemd[1]: Started Redis persistent key-value database.
    Nov 29 01:36:15 FileServer.lan redis-server[6672]: /usr/bin/redis-server: error while loading shared libraries: libjemalloc.so.1: cannot open shared object file: No such file or directory
    Nov 29 01:36:15 FileServer.lan systemd[1]: redis.service: main process exited, code=exited, status=127/n/a
    Nov 29 01:36:15 FileServer.lan redis-shutdown[6674]: /usr/bin/redis-cli: error while loading shared libraries: libjemalloc.so.1: cannot open shared object file: No such file or directory
    Nov 29 01:36:15 FileServer.lan systemd[1]: redis.service: control process exited, code=exited status=127
    Nov 29 01:36:15 FileServer.lan systemd[1]: Unit redis.service entered failed state.

    #############################

    [root@FileServer bin]# systemctl stop ntopng
    [root@FileServer bin]# systemctl stop redis
    [root@FileServer bin]# systemctl start redis
    [root@FileServer bin]# systemctl start ntopng
    [root@FileServer bin]# systemctl status ntopng
    ntopng.service – Start/stop ntopng program
    Loaded: loaded (/etc/systemd/system/ntopng.service; enabled)
    Active: activating (start) since Sun 2015-11-29 01:45:52 CET; 3s ago
    Process: 9662 ExecStop=/etc/systemd/scripts/ntopng stop (code=exited, status=0/SUCCESS)
    Control: 9669 (ntopng)
    CGroup: /system.slice/ntopng.service
    ├─9669 /bin/bash /etc/systemd/scripts/ntopng start
    └─9703 sleep 1

    Nov 29 01:45:52 FileServer.lan ntopng[9675]: [Redis.cpp:93] ERROR: ntopng requires redis server to be up and running
    Nov 29 01:45:52 FileServer.lan ntopng[9675]: [Redis.cpp:94] ERROR: Please start it and try again or use -r

    Like

    • n40lab says:

      Hi, thanks for your feedback.
      As you say there’s a problem with the redis server not starting. According to the output maybe the jemalloc package is missing, can you try: yum install jemalloc and check if the redis server can be started afterwards? If not tell me and I’ll re-check the installation steps.

      Cheers!

      Like

  13. RCE says:

    N40LAB,
    Excellent procedure.
    I found it was necessary to run:
    /usr/sbin/ldconfig
    in order for suricata-2.0.11 to load libsnf.so.0.

    One question: Is there a way to force http://:3000 to use IPV4 rather than IPV6?
    Netstat(8) on the ntopng server shows:
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 44 gw:ssh t540p-e:41448 ESTABLISHED
    tcp 0 0 localhost:6379 localhost:54389 ESTABLISHED
    tcp 0 0 localhos:x11-ssh-offset localhost:49585 ESTABLISHED
    tcp 0 0 localhost:49585 localhos:x11-ssh-offset ESTABLISHED
    tcp 0 0 localhost:54389 localhost:6379 ESTABLISHED
    tcp6 0 0 gw:hbci t540p-e:57812 TIME_WAIT
    tcp6 0 0 gw:hbci t540p-e:57796 TIME_WAIT
    .
    .
    .
    tcp6 0 0 gw:hbci t540p-e:57748 TIME_WAIT

    I’m running CentOS7 3.10.0-327.4.4.el7.x86_64.

    Thanks for publishing the CentOS ntopng procedure.
    Take Care

    Like

  14. RCE says:

    N40lab,

    Re: my earlier comment.
    Running /usr/sbin/ldconfig to get suricata to work is not sufficient. Setting:
    LD_LIBRARY_PATH=”/usr/lib64:/usr/lib:/usr/local/lib”; export LD_LIBRARY_PATH
    does appear to work. However, I really need to compile suricata, tcpdump, and possibly others with pf_ring support.

    I’m still interested in thoughts on how to establish an IPV4 web link with ntopng.

    Thanks, again

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s