Installing ntop on Red Hat Enterprise Linux 5.3
As Linux is widely used, a large number of network servers use the Linux operating system. To comprehensively measure the network running status, you must be able to perform more detailed and accurate measurements on the network status. The total data traffic of the network server and the packet transfer rate (or traffic) of TCP and UDP are important for network administrators, because when the traffic is too high, find the network bottleneck. Therefore, in terms of network management, it is necessary to understand the status of various network services for each host in the network, and limit or increase bandwidth based on traffic. We will introduce the next complete GUI network detection tool ntop in Linux. Ntop provides the following functions: ① automatically identifies useful information from the network; ② converts intercepted data packets into easy-to-recognize formats; ③ analyzes communication failures in the network environment; ④ detect the communication bottleneck in the network environment; ⑤ record the network communication time and process; ⑥ automatically identify the operating system in use by the client; 7. You can run it in command line or web.
Next we will start to prepare for ntop installation. (Note that we use the source code package to compile and install ntop. Pay attention to first install the development environment) # cd/OPT # wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz#tar-zxvf ntop-3.3.6.tar.gz attention we must have installed rrdtool before this, you also need to install libpcap # Yum install libpcap-devel libpcap and enter the following command to compile and install ntop # cd ntop #. /autoten. sh # Make insatll # make install-data-as create ntop user # useradd-m-S/sbin/nologin-r ntop Set directory permissions # chown ntop: root/usr/local/var/ntop/
# Chown ntop: ntop/usr/local/share/ntop/set your ntop user administrator password # ntop-a start your ntop #/usr/local/bin/ntop-D-l-u ntop-P/usr/local/var/ntop -- skip-version-check -- use-syslog = daemon if you have multiple Nic interfaces, run the following command to start #/usr/local/bin/ntop-I "eth0, eth1 "-D-l-u ntop-P/usr/local/var/ntop -- skip-version-check -- use-syslog = daemon where-I specifies the network to be monitored by ntop interface, here we monitor eth0 and eth1. -D sends all the log information of the NTOP-L to the system log with a daemon (/var/log/messages ), not displayed on the screen-u ntop starts the ntop service-P/usr/local/var/ntop as the ntop user to specify where your ntop database file is stored. You may need to back up your database as part of your disaster recovery plan. -- Skip-version-check by default, ntop for Remote File Access regularly checks whether the latest version is running. Disable this option and select. -- Use-syslog = daemon: when using the system log daemon, you can enter http: // localhost: 3000 or http: // server-IP: in the browser: 3000/to access our ntop. If you have enabled iptables, open port 3000 # vi/etc/sysconfig/iptables and add the following line to it: -A RH-Firewall-1-INPUT-M state -- state new-m tcp-p tcp -- dport 3000-J accept # service iptables restart (restart your iptables) you do not need to open port 3000 to view the ntop status. Method: use SSL to set up a simple tunnel, enter your local Unix/Linux Desktop: $ ssh-l 3000: localhost: 3000-n-F email@example.com now open your browser, then, run the following command: http: // localhost: 3000. How can I set the ntop to start at startup? # Vim/etc/rc. append a row with the loacl:/usr/local/bin/ntop-I "eth0, eth1 "-D-l-u ntop-P/usr/local/var/ntop -- skip-version-check -- use-syslog = daemon save the file and exit. How can I stop your ntop? You can use the web page to disable ntop, or use the kill or killall command to disable or use the killed: # killall ntop main interface with a total of 8 large pages and 33 options. It mainly includes the following content. ① About: online manual. ② Summary: Overall Network overview. Traffic: traffic. Hosts: overview of all hosts. Network load: network load for each time period. Netflows: Network Traffic diagram. ③ IP Summary: traffic status and ranking details of each host. Traffic: Traffic details of all hosts. Multicast: multi-point transmission. Domain: domain name. Distribution: traffic status. Local> Local: local traffic. Local> remote: external details of all hosts. Remote> Local: traffic from the remote host to the local host. Remote> remote: traffic from the remote host to the remote host. ④ All protocols: view the bandwidth occupied by each host and network user details for each time period. Traffic: traffic. Throughput: The bandwidth usage list (click a host to view the detailed information and usage of the host ). Activity: traffic status of all hosts in each time period (click a host to view the detailed information and Usage Status of the host ). ⑤ Local IP Address: the usage of each host in the local network. Routers: vro status. Ports used: port usage. Active TCP sessions: currently online. Host fingerprint: Host snapshot information. Host characterization: Host description. Local matrix: Traffic details between hosts in the local network. ⑥ FC: optical network condition. 7. scsi: SCSI device status. Administrative admin: adds ntop users or restarts to stop ntop.