What is ntop
ntop is a linux service which monitors network traffic and nework devices on your LAN. However the best explanation cabe had be visting ntop’s website.
So how you install and set it up then? Well, that’s when the fun begins, though by the end of it you might not think of it as “fun”.
Installing ntop
I am using CentOS 5.6 so the version of ntop which comes with it is the older 3.3.9. The latest version being 4.1.0 and can be downloaded from ntop.org and compiled and setup if you wish. However, I stuck with the version in the repositories of CentOS.
One thing about the install on CentOS is that it is entirely broken. You’ll see why later.
To download ntop, simply perform
sudo yum install ntop
Now you’d be tempted to just go ahead and do
sudo service ntop start
However that is not going to work, for several reasons. Firstly, you need to set a admin password and second, the path which contains the various files is in the wrong place. For the first simply run
sudo ntop -A
But! do not do that until you have fixed the config file. The config file is set to put the files in the folder /var/lib/ntop which causes permissions problems. The “correct” or rather, usable, folder you want to use is /etc/ntop which already contains some of the files.
So really the first thing you need to do is modify the config file /etc/ntop.conf.
Change the following line
... # sets the directory that ntop runs from --db-file-path /var/lib/ntop ...
to
--db-file-path /etc/ntop
Now you can set the admin password and start the service. One item you will notice is that ntop will spit out the errors.
Error Opening file ./GeoLiteCity.dat Error Opening file ./GeoIPASNum.dat
If you check the /etc/ntop folder you will see those files are there. The issue is not with the files, but with the contents. ntop runs fine however and you can access the web interface at http://localhost:3000
Conclusion
This gets the ntop started and going and access to ntop on the web host. In my next post I will show how to connect ntop to the reverse proxy so you can monitor the server remotely.
That will also be even more “fun”.