Install ntop on RedHat Linux/Centos

ntop is a network and traffic analyzer that provides a wealth of information on various networking hosts and protocols. ntop is primarily accessed via a built-in web interface.
Following instructions are tested on 32/64 bit versions only:
a) RHEL Linux 5.x
b) CentOS Linux 5.x

Download latest ntop

Visit ntop project to grab latest version. You can use wget to grab the same, enter:
#cd /opt
#wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz

Untar tar ball, enter:
#tar -zxvf ntop-3.3.6.tar.gz

Configure and Compile ntop under RHEL

You must have RRDTool installed. You also need to install libpcap, enter:
# yum install libpcap-devel libpcap


Type the following commands to compile and install ntop:
#cd ntop
#./autogen.sh

Just type make to compile ntop:
#make

Just type make install to install ntop:
#make install
#make install-data-as

Create ntop user

Type the following command to run ntop as ntop user, enter:
#useradd -M -s /sbin/nologin -r ntop

Setup directory permissions

Next, you need to setup directory permissions, enter:
#chown ntop:root /usr/local/var/ntop/
#chown ntop:ntop /usr/local/share/ntop/

Setup ntop user admin password

Type the following command to set ntop admin password, enter:
#ntop -A

Sample output:

Mon Jul 28 03:38:34 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:38:34 2008  Initializing gdbm databases
ntop startup - waiting for user response!
Please enter the password for the admin user:
Please enter the password again:
Mon Jul 28 03:38:42 2008  Admin user password has been set

Start ntop

Type the following command to start ntop:
# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Sample output:

Mon Jul 28 03:42:19 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:42:19 2008  Initializing gdbm databases

If you have multiple interface (eth0, eth1 and so on), start ntop as follows:
# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Where,

• -i "eth0,eth1" : Specifies the network interface or interfaces to be used by ntop for network monitoring. Here you are monitoring eth0 and eth1.


• -d : Run ntop as a daemon.


• -L : Send all log messages to the system log (/var/log/messages) instead of screen.


• -u ntop : Start ntop as ntop user


• -P /usr/local/var/ntop : Specify where ntop stores database files. You may need to backup database as part of your disaster recovery program.


• --skip-version-check : By default, ntop accesses a remote file to periodically check if the most current version is running. This option disables that check.


• --use-syslog=daemon : Use syslog daemon.

How do I view ntop stats?

By default ntop listen on 3000 port. You can view ntop stats by visiting following url:
http://localhost:3000/
OR
http://server-ip:3000/

Screenshot: ntop Global TCP/UDP Protocol Distribution Graphs

 

Open port 3000 using iptables

Open /etc/sysconfig/iptables file, enter:
# vi /etc/sysconfig/iptables
Append following code before final REJECT line:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
Save and close the file. Restart firewall:
# service iptables restart

How do I view ntop stats without opening port 3000?

Setup simple tunnel using ssh, enter the following on your local UNIX / Linux desktop system:
$ ssh -L 3000:localhost:3000 -N -f user@server.yourcorp.com
Now open browser and type the following command:
http://localhost:3000/

How do I start ntop on boot?

Open /etc/rc.local file, enter:
# vi /etc/rc.local
Append the following line:
/usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Save and close the file.

How do I stop ntop?

Use web interface to shutdown ntop, or use normal kill / killall command:
# killall ntop

 

Cheers!!!

Configuring Host Grapher

What is Host Grapher?
Host Grapher is a very light and effective program to gather Host Statistics like CPU, Memory and Processes. It has been written to be light and fast. One of the changes toward other programs is that instead of the server doing all the work of asking the clients for the information, its the client task to tell the server its own info. There will be clients for Linux, freeBSD , solaris ,Windows and Tru64. There will also a gateway program to include routers. Here is a Screenshot.

How does it work?
First install the server in one machine, install the client on the clients. On unix the client uses the crontab facility , on windows it will be installed as a service. Security has not been an issue yet , so there is a simple general password authentication. Before the records are kept the client has to issue an registration request.

For installing in Windows platform please download Server & Client Software from the site:

http://software.foxlink.org/hostgrapher2/main.html

• Configure the Host Grapher Server

1) After downloading the .zip file, extract it to C:\ (e.g. C :\GrapherServer)

2) Go to C:\GrapherServer\etc

     You have to edit the following two files:

          - apache.txt

          - password.txt

3) apache.txt contains the main data to put apache to work define the Port ServerAdmin Email and ServerName. Please note that if you are already running a http server on the machine then you can not reuse port 80. Chose another port like 8080.

4) Password.txt contains a simple form text password for client authentication. Put a password for the clients to authenticate.

5) Now change back to c:\GrapherServer and double click on install.bat. The script will install following two services :

     -inetd

-hg2apache

 

6) If everything worked fine then you should be able to reach the following URL:http://localhost/ or
http://localhost:port/      (port number you have mentioned in apache.txt)

• Configure the Clients

1) Uncompress downloaded files to C:\Grapher2

2) Edit the file C:\grapher2\grapher.conf

3) Save and Exit the file.

4) R un info.bat to find out which network cards you have on your machine.

5) Run install.bat

6) Run register.bat

N.B:

// register.bat -> will reset all information and register the client on the server, this has to be run at least one time.

// upgrade.bat  -> you should run this when you change anything in the config file

// info.bat     -> will give you information about the program.

Cheers!!!

How to Configure MRTG Server

What is MRTG:
The Multi Router Traffic Grapher (MRTG) is a powerful open source tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic. MRTG is written in perl and works on Unix/Linux as well as Windows and even Netware systems. MRTG is free software licensed under the Gnu GPL.
Go to http://oss.oetiker.ch/mrtg for all the details about MRTG and download.



Step # 1 : Make sure snmp server installed
==========================================
Please note that snmpd configuration does not require using mrtg with remote network devices such as Routers and switches. If you just want mrtg graphs for router or switch then please refer to step# 4 (as all these devices comes preconfigured with snmpd software).

Run rpm command query option to find out whether snmp service is installed or not:

# rpm -qa | grep snmp

If snmp installed then please refer step # 2; otherwise snmp server and utils were not present and your need to install them using following steps (login as a root user):

(a) Visit rpmfind.net to get snmp server and utility rpms's. If you are a fedora, centos user then use yum command as follows to install it:

# yum install net-snmp-utils net-snmp

(b) If you are RHEL subscriber then use up2date command as follows to install:

#up2date -v -i net-snmp-utils net-snmp

Step # 2 : Determine if snmp server is running or not
=====================================================
Run 'ps' command to see if snmp server is running or not:

# ps -aux | grep snmp
Output:
root 5512 0.0 2.3 5872 3012 pts/0 S 22:04 0:00 /usr/sbin/snmpd

Alternatively, you can try any of the following two commands as well:

# lsof -i :199
Output:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
snmpd 5512 root 4u IPv4 34432 TCP *:smux (LISTEN)

OR try out netstat command:

# netstat -natv | grep ':199'
Output:
tcp 0 0 0.0.0.0:199 0.0.0.0:* LISTEN

If you found service is running or listing on port 199 then please see step #3; otherwise start service using following command:
# service snmpd start

Make sure snmpd service starts automatically if the system reboots (add snmpd service):
# chkconfig --add snmpd

Open snmpd.conf file to add/edit community string:
#vi /etc/snmp/snmpd.conf

Add the below line in the file, save and exit:
ROCOMMUNITY didar

Step3: Making snmp to walk :)
=============================
Before doing smnpwalk, login to the device you want to monitor e.g. switch, router, linux box, windows2003 server and add the same community string that you have entered few minutes ago in snmpd.conf file.

# snmpwalk -v 1 -c didar(community name) a.b.c.d(device ip e.g. router, switch)

Step4: Making document root to store mrtg graphs/html pages
============================================================
#cd /var/www/html/
#mkdir -p cat (just a folder name)

#Step5: Creating config file
============================
#cfgmaker --global ‘Workdir: /var/www/html/cat’ --global ‘Options[_] : bits,growright’ --output /etc/mrtg/cat.cfg didar@A.B.C.D

syntax: cfgmaker --global ‘Workdir: ’ --global ‘Options[_] : bits,growright’ --output @

#Step6: Creating index file
===========================
#indexmaker --output= /var/www/html/cat/index.html /etc/mrtg/cat.cfg

#Step7:
==================================================
##env LANG=C /usr/bin/mrtg /etc/mrtg/cat.cfg

#Step8: Adding a cron job to update the graph in every five minute
=================================================================
#crontab -e (Add the following line at the end of the file)
*/5 **** /usr/bin/mrtg /etc/mrtg/cat.cfg --logging /var/log/mrtg.log

Cheers!!