Using Ntopng to build a web-based network traffic monitoring system on Linux

Ntopng Introduction:

Ntopng is the original ntop next-generation version for real-time network traffic monitoring display. Ntopng is similar to the RMON Remote network Monitoring agent, with built-in Web service capabilities that use the Redis key value service to store statistics on a time series basis. You can install Ntopng on any designated monitoring server, and you can access the traffic reports on the server in real time using any Web browser.

Ntopng Common Function Description:

The network traffic is sorted according to many protocols;

Display the network traffic and IPV4/V6 active host;

Display the location of the host;

Show the various protocol traffic distribution of IP;

Analysis and sequencing based on source/destination IP traffic;

Display IP traffic subnet matrix;

The report uses IP protocols, sorted by protocol type;

Production of HTML5/AJAX network traffic statistics;

Automatic identification of useful information from the network;

Convert intercepted packets into easy-to-identify formats;

Analyze the situation of communication failure in network environment;

No restart is required at run time;

Real-time Monitoring Tool summary data (5 minutes);

Many new features, including dynamic graphical user interface based on HTML5, classification, DPI, etc.;

Test environment:

os:rhel6.5

eth0:192.168.1.106

eth1:192.168.10.254

1. Turn off firewall and NetworkManager services

# Service Iptables Stop

# chkconfig Iptables off

# Service NetworkManager Stop

# chkconfig NetworkManager off

2. Install dependent packages

# yum-y Install geoip-devel GeoIP sqlite-devel libcurl-devel mysql-devel libxml2 libxml2-devel rrdtool rrdtool-devel Redi s glib2-devel automake autoconf httpd libpcap-devel

# service httpd Start

# chkconfig--add httpd

# Chkconfig httpd on

3, Installing pf_ring

# git clone https://github.com/ntop/PF_RING.git

# CD Pf_ring/kernel

# make

# Insmod./pf_ring.ko

# CD: /userland

# make

4, install ndpi

# git clone https://github.com/ntop/nDPI.git

# CD NDPI

#./autogen.sh

# make

5, install Ntopng

# git clone https://github.com/ntop/ntopng.git

# CD Ntopng

#./autogen.sh

#./configure--prefix=/usr/local/ntopng

#/usr/bin/gmake GeoIP

# Make && make install

6, provide configuration file

# Mkdir/etc/ntopng

# vim/etc/ntopng/ntopng.conf

-g=/var/tmp/ntopng.pid # # #指定运行所用进程号文件

--local-networks "192.168.1.0/24,192.168.10.0/24" # # #指定本地子网段

--interface eth0 # # #指定监听eth0网卡上的流量

--user Ntopng # # #指定运行服务所使用账户

--http-port 3333 # # #指定web展现的服务端口, if you do not specify a default of 3000

7, Start ntopng service

Note that before running ntopng, be sure to start the Redis service first, and Redis provides key value storage for Ntopng

# service Redis Start

#/usr/local/ntopng/bin/ntopng/etc/ntopng/ntopng.conf &

8, Access using Ntopng

http://IP:3333 # # #ntopng默认账户和密码都是admin

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/7F/BA/wKioL1cqy1_B3whrAABQf7MHKcQ496.png "title=" image 001. PNG "alt=" Wkiol1cqy1_b3whraabqf7mhkcq496.png "/>

This article is from "Luo Chen's blog" blog, please be sure to keep this source http://luochen2015.blog.51cto.com/9772274/1770356

Using Ntopng to build a web-based network traffic monitoring system on Linux