Build Ntopng network traffic real-time monitoring system in CentOS

Build Ntopng network traffic real-time monitoring system in CentOS

Install the Ntopng rpm package
About the use of the source package is also very simple, mainly CentOS to configure the EPEL-RELEASE in advance to facilitate the installation of dependency packages,
Compile the source code package.

 

 

Ntopng introduction:

Ntopng is the next-generation ntop version. It monitors and displays network traffic in real time. Ntopng is similar to RMON remote network monitoring proxy and has built-in Web service capabilities. It uses the redis key value service to store statistics in a time series. You can install ntopng on any specified Monitoring Server. You only need to use any web browser to access traffic reports on the server in real time.
Ntopng users can use a Web browser to browse NTOP (that is, as a Web server) traffic information and get a network status dump. In the latter case, we can see that ntop has an embedded network interface as a simple remote monitoring agent.

Usage:

• A network interface.
• Limited configuration and management through the Web interface.
• Reduce CPU and memory usage (depending on the network size and traffic ).

Ntopng basic functions:

• Automatically identifies useful information from the network;
• Converts intercepted data packets into a format that is easy to recognize;
• Analyzes communication failures in the network environment;
• Measure the test taker's knowledge about the time and process of network communication.
• Monitoring Engine for clean Separation
• Reporting Facility.
• Sturdy, collision engine (NTOP is not true ).
• Platform extension or script writing
• You do not need to restart the instance during running.
• The Real-time Monitoring Tool collects data (5 minutes) and submits the data when it is too late.
• Many new features, including HTML5-based dynamic graphic user interfaces, classification, DPI.

I. System Environment

System: Centos 6.3 64-bit
Kernel version: 2.6.32-279. el6.x86 _ 64
Disable iptables

Disable selinux
Disable NetworkManager

2. Add a new third-party network yum Source
Add third-party yum sources. Centos and 163 do not have the following packages
# Wget http://ftp.sjtu.edu.cn/Fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
# Ls/etc/yum. repos. d
CentOS-6-Base-163.repo CentOS-Media.repo.back
# Rpm-ivh epel-release-6-8.noarch.rpm
# Ls/etc/yum. repos. d
CentOS-6-Base-163.repo CentOS-Media.repo.back epel. repo epel-testing.repo
# Yum makecache // generate Cache

3. Install the Ntopng dependency package
# Yum install-y redis GeoIP-devel GeoIP
# Yum install-y rrdtool * // plot

4. Install Ntopng
Note: The libzmq3-3.2.2-5.1.x86_64.rpm package needs to be installed in advance and Ntopng will depend on it.
If this parameter is not installed, an error is returned:
Error: Failed dependencies:
Libzmq. so.3 () (64bit) is needed by ntopng-1.1.4_7922-7922.x86_64
# Wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/openSUSE/repositories/home:/jblunck:/messaging/CentOS_CentOS-6/x86_64/libzmq3-3.2.2-5.1.x86_64.rpm
# Wget http://www.nmon.net/centos/6/x86_64/Packages/ntopng-1.1.4_7922-7922.x86_64.rpm
# Wget http://www.nmon.net/centos/6/x86_64/Packages/ntopng-data-1.1.4_7922-7922.x86_64.rpm

# Rpm-ivh libzmq3-3.2.2-5.1.x86_64.rpm
# Rpm-ivh ntopng-1.1.4_7922-7922.x86_64.rpm
# Rpm-ivh ntopng-data-1.1.4_7922-7922.x86_64.rpm

5. Configure Ntopng to start

# Cd/etc/ntopng // ntopng Startup File and configuration template file are stored here
# Ls
Ntopng. conf. sample ntopng. start // the front side is the configuration template file, followed by the Startup File
# Cp ntopng. conf. sample ntopng. conf // copy a configuration file.
# Vim ntopng. conf
-G =/var/tmp/ntopng. pid
-- Local-networks "192.168.2.0/24,192.168 .3.0/24" // specify the monitored CIDR Block
-- Interface eth0 // specifies the Monitoring interface
-- Interface eth1
-- Interface eth2
-- User ntopng // specifies the account to run
-- Http-port 3333 // specify the port of the Web service. If this parameter is not specified, the default port is port 3000.

Parameter description:
-G: Specifies the process number file used for running.
-- Local-network: Specifies the local subnet
-- Interface eth2 specifies to listen to the traffic on the eth2 Nic
-- User ntopng specifies the account used to run the service
-- Http-port 3333: Specify the service port displayed on the web. If this parameter is not specified, the default value is 3000.

#/Etc/init. d/redis restart // start redis first, and ntopng uses redis to store statistics
#/Etc/init. d/ntopng restart

6. Access Ntopng
1) http: // 127.0.0.1: 3333 Ntopng default account and password are admin

2) view all online host traffic

3) view IP addresses of all online hosts

4) monitored Nic Interfaces

5) Account Management

6) set the refresh frequency

Click --> Interfaces --> set the refresh time at the bottom of the NIC Interface

There are still many applications. For more information, please study other functions on your own !!!