10 steps to setup NTOP on Centos 5.2

Ntop ialah alat untuk menganalisa trafik dan rangkaian. Ianya menyediakan segala maklumat berkaitan pelbagai host dan protokol. Yang bestnya ianya boleh dicapai menerusi antaramuka laman web.

Berikut adalah langkah yang telah diuji atas versi 32 bit :

- CentOS Linux 5.2

So aku nak setup NTOP ni pada server mysurfguard (proxy+dansguardian) aku. Ini bertujuan untuk aku memantau trafik yang pengguna lalu menggunakan port 80 dari PC masing-masing. Aku boleh kenalpasti pc yang jadi punca masalah dan cuba mengakses laman web dan p2p yang tak dibenarkan di tempat aku.


Anda boleh guna command berikut :
# cd /opt
# wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz

Untar tar ball, dan tekan enter :

# tar -zxvf ntop-3.3.6.tar.gzMembuat konfigurasi dan compile ntop pada CentOS

1) Anda perlu ada RRDTool

STEP 1

Login sebagai root :
# yum install cairo-devel libxml2-devel pango-devel pango libpng-devel freetype freetype-devel libart_lgpl-devel

Sampel result :


Loading "rhnplugin" plugin

Loading "security" plugin
rhel-x86_64-server-vt-5 100% |=========================| 1.4 kB 00:00
rhn-tools-rhel-x86_64-ser 100% |=========================| 1.2 kB 00:00
rhel-x86_64-server-5 100% |=========================| 1.4 kB 00:00
Setting up Install Process
Parsing package install arguments
Package libxml2-devel - 2.6.26-2.1.2.1.x86_64 is already installed.
Package libxml2-devel - 2.6.26-2.1.2.1.i386 is already installed.
Package pango - 1.14.9-3.el5.i386 is already installed.
Package pango - 1.14.9-3.el5.x86_64 is already installed.
Package freetype - 2.2.1-20.el5_2.i386 is already installed.
Package freetype - 2.2.1-20.el5_2.x86_64 is already installed.
Resolving Dependencies
--> Running transaction check
---> Package libart_lgpl-devel.x86_64 0:2.3.17-4 set to be updated
---> Package pango-devel.i386 0:1.14.9-3.el5 set to be updated
--> Processing Dependency: libXft-devel for package: pango-devel
--> Processing Dependency: libXrender-devel for package: pango-devel
--> Processing Dependency: libXext-devel for package: pango-devel
--> Processing Dependency: libX11-devel for package: pango-devel
--> Processing Dependency: fontconfig-devel >= 2.0 for package: pango-devel
---> Package pango-devel.x86_64 0:1.14.9-3.el5 set to be updated
---> Package freetype-devel.x86_64 0:2.2.1-20.el5_2 set to be updated
---> Package libpng-devel.i386 2:1.2.10-7.1.el5_0.1 set to be updated
---> Package cairo-devel.x86_64 0:1.2.4-5.el5 set to be updated
---> Package libpng-devel.x86_64 2:1.2.10-7.1.el5_0.1 set to be updated
---> Package cairo-devel.i386 0:1.2.4-5.el5 set to be updated
---> Package libart_lgpl-devel.i386 0:2.3.17-4 set to be updated
--> Processing Dependency: libart_lgpl_2.so.2 for package: libart_lgpl-devel
---> Package freetype-devel.i386 0:2.2.1-20.el5_2 set to be updated
--> Running transaction check
---> Package libXrender-devel.i386 0:0.9.1-3.1 set to be updated
--> Processing Dependency: xorg-x11-proto-devel for package: libXrender-devel
---> Package libXft-devel.i386 0:2.1.10-1.1 set to be updated
---> Package libX11-devel.i386 0:1.0.3-9.el5 set to be updated
--> Processing Dependency: libXdmcp-devel for package: libX11-devel
--> Processing Dependency: libXau-devel for package: libX11-devel
---> Package fontconfig-devel.i386 0:2.4.1-7.el5 set to be updated
---> Package libart_lgpl.i386 0:2.3.17-4 set to be updated
---> Package libXext-devel.i386 0:1.0.1-2.1 set to be updated
--> Running transaction check
---> Package xorg-x11-proto-devel.i386 0:7.1-9.fc6 set to be updated
--> Processing Dependency: mesa-libGL-devel for package: xorg-x11-proto-devel
---> Package libXdmcp-devel.i386 0:1.0.1-2.1 set to be updated
---> Package libXau-devel.i386 0:1.0.1-3.1 set to be updated
--> Running transaction check
---> Package mesa-libGL-devel.i386 0:6.5.1-7.5.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================
Package Arch Version Repository Size
===================================================================
Installing:
libart_lgpl-devel x86_64 2.3.17-4 rhel-x86_64-server-5 21 k
libart_lgpl-devel i386 2.3.17-4 rhel-x86_64-server-5 21 k
pango-devel i386 1.14.9-3.el5 rhel-x86_64-server-5 280 k
pango-devel x86_64 1.14.9-3.el5 rhel-x86_64-server-5 281 k
Installing for dependencies:
cairo-devel x86_64 1.2.4-5.el5 rhel-x86_64-server-5 131 k
cairo-devel i386 1.2.4-5.el5 rhel-x86_64-server-5 130 k
fontconfig-devel i386 2.4.1-7.el5 rhel-x86_64-server-5 168 k
freetype-devel x86_64 2.2.1-20.el5_2 rhel-x86_64-server-5 151 k
freetype-devel i386 2.2.1-20.el5_2 rhel-x86_64-server-5 151 k
libX11-devel i386 1.0.3-9.el5 rhel-x86_64-server-5 665 k
libXau-devel i386 1.0.1-3.1 rhel-x86_64-server-5 11 k
libXdmcp-devel i386 1.0.1-2.1 rhel-x86_64-server-5 7.6 k
libXext-devel i386 1.0.1-2.1 rhel-x86_64-server-5 57 k
libXft-devel i386 2.1.10-1.1 rhel-x86_64-server-5 16 k
libXrender-devel i386 0.9.1-3.1 rhel-x86_64-server-5 8.9 k
libart_lgpl i386 2.3.17-4 rhel-x86_64-server-5 76 k
libpng-devel i386 2:1.2.10-7.1.el5_0.1 rhel-x86_64-server-5 182 k
libpng-devel x86_64 2:1.2.10-7.1.el5_0.1 rhel-x86_64-server-5 186 k
mesa-libGL-devel i386 6.5.1-7.5.el5 rhel-x86_64-server-5 465 k
xorg-x11-proto-devel i386 7.1-9.fc6 rhel-x86_64-server-5 247 k

Transaction Summary
=====================================================================
Install 20 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 3.2 M
Is this ok [y/N]:

Downloading Packages:
(1/20): libXext-devel-1.0 100% |=========================| 57 kB 00:00
(2/20): freetype-devel-2. 100% |=========================| 151 kB 00:00
(3/20): libXau-devel-1.0. 100% |=========================| 11 kB 00:00
(4/20): libart_lgpl-devel 100% |=========================| 21 kB 00:00
(5/20): libart_lgpl-2.3.1 100% |=========================| 76 kB 00:00
(6/20): cairo-devel-1.2.4 100% |=========================| 130 kB 00:00
(7/20): libpng-devel-1.2. 100% |=========================| 186 kB 00:00
(8/20): cairo-devel-1.2.4 100% |=========================| 131 kB 00:00
(9/20): fontconfig-devel- 100% |=========================| 168 kB 00:00
(10/20): mesa-libGL-devel 100% |=========================| 465 kB 00:01
(11/20): libXdmcp-devel-1 100% |=========================| 7.6 kB 00:00
(12/20): libpng-devel-1.2 100% |=========================| 182 kB 00:00
(13/20): libX11-devel-1.0 100% |=========================| 665 kB 00:02
(14/20): freetype-devel-2 100% |=========================| 151 kB 00:00
(15/20): libXft-devel-2.1 100% |=========================| 16 kB 00:00
(16/20): pango-devel-1.14 100% |=========================| 281 kB 00:01
(17/20): pango-devel-1.14 100% |=========================| 280 kB 00:01
(18/20): libXrender-devel 100% |=========================| 8.9 kB 00:00
(19/20): libart_lgpl-deve 100% |=========================| 21 kB 00:00
(20/20): xorg-x11-proto-d 100% |=========================| 247 kB 00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: libart_lgpl ####################### [ 1/20]
Installing: freetype-devel ####################### [ 2/20]
Installing: fontconfig-devel ####################### [ 3/20]
Installing: libpng-devel ####################### [ 4/20]
Installing: libXau-devel ####################### [ 5/20]
Installing: libart_lgpl-devel ####################### [ 6/20]
Installing: libart_lgpl-devel ####################### [ 7/20]
Installing: libpng-devel ####################### [ 8/20]
Installing: freetype-devel ####################### [ 9/20]
Installing: xorg-x11-proto-devel ####################### [10/20]
Installing: libX11-devel ####################### [11/20]
Installing: libXrender-devel ####################### [12/20]
Installing: libXft-devel ####################### [13/20]
Installing: cairo-devel ####################### [14/20]
Installing: libXext-devel ####################### [15/20]
Installing: pango-devel ####################### [16/20]
Installing: pango-devel ####################### [17/20]
Installing: libXdmcp-devel ####################### [18/20]
Installing: mesa-libGL-devel ####################### [19/20]
Installing: cairo-devel ####################### [20/20]

Installed: libart_lgpl-devel.x86_64 0:2.3.17-4 libart_lgpl-devel.i386 0:2.3.17-4 pango-devel.i386 0:1.14.9-3.el5 pango-devel.x86_64 0:1.14.9-3.el5
Dependency Installed: cairo-devel.x86_64 0:1.2.4-5.el5 cairo-devel.i386 0:1.2.4-5.el5 fontconfig-devel.i386 0:2.4.1-7.el5 freetype-devel.x86_64 0:2.2.1-20.el5_2 freetype-devel.i386 0:2.2.1-20.el5_2 libX11-devel.i386 0:1.0.3-9.el5 libXau-devel.i386 0:1.0.1-3.1 libXdmcp-devel.i386 0:1.0.1-2.1 libXext-devel.i386 0:1.0.1-2.1 libXft-devel.i386 0:2.1.10-1.1 libXrender-devel.i386 0:0.9.1-3.1 libart_lgpl.i386 0:2.3.17-4 libpng-devel.i386 2:1.2.10-7.1.el5_0.1 libpng-devel.x86_64 2:1.2.10-7.1.el5_0.1 mesa-libGL-devel.i386 0:6.5.1-7.5.el5 xorg-x11-proto-devel.i386 0:7.1-9.fc6
Complete!

STEP 2

# cd /opt/
# wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.3.1.tar.gz
# tar -zxvf ntop-3.3.6.tar.gzSTEP 3
# export PKG_CONFIG_PATH=/usr/lib/pkgconfig/
# ./configure

Sampel Result :

config.status: executing default-1 commands
config.status: executing intltool commands
config.status: executing default commands
config.status: executing po/stamp-it commands
checking in... and out again
ordering CD from http://tobi.oetiker.ch/wish .... just kidding

----------------------------------------------------------------
Config is DONE!

With MMAP IO: yes
Static programs: no
Perl Modules: perl_piped perl_shared
Perl Binary: /usr/bin/perl
Perl Version: 5.8.8
Perl Options: PREFIX=/usr/local/rrdtool-1.3.1 LIB=/usr/local/rrdtool-1.3.1/lib/perl/5.8.8
Ruby Modules:
Ruby Binary: no
Ruby Options: sitedir=$(DESTDIR)NONE/lib/ruby
Build Tcl Bindings: no
Build Python Bindings: yes
Build rrdcgi: yes
Build librrd MT: yes
Link with libintl: yes

Libraries: -lxml2 -lcairo -lcairo -lcairo -lm -lcairo -lpng12 -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0

Type 'make' to compile the software and use 'make install' to
install everything to: /usr/local/rrdtool-1.3.1.

... that wishlist is NO JOKE. If you find RRDtool useful
make me happy. Go to http://tobi.oetiker.ch/wish and
place an order.

-- Tobi Oetiker
----------------------------------------------------------------

Compile dan Install :
# make
# make install
# cd /usr/local/
# ln -s rrdtool-1.3.1/ rrdtool/
# cd rrdtool
# ls -l

Cara nak sahkan RRDTool berfungsi :
# cd /usr/local/rrdtool/share/rrdtool/examples/
# ./stripes.pl
# ls -l
# cp stripes.png /var/www/html/

Buka Firefox dan layari link berikut :

http://your-domain.com/stripes.png

* Semasa compile tadi kita boleh tukar default location RRDTool tu ke tempat lain. By default ianya di install di sini : /usr/local/rrdtool-1.3.1/
# ./configure --prefix=/usr/local/rrdtool
# make install

2) Install libpcap :


# yum install libpcap-devel libpcap

# cd ntop
# ./autogen.sh
# make
# make install
# make install-data-as3) Wujudkan user NTOP anda :
# useradd -M -s /sbin/nologin -r ntop

4) Setup directory permission :


# chown ntop:root /usr/local/var/ntop/

# chown ntop:ntop /usr/local/share/ntop/

5) Setup NTOP user admin :


# ntop -A


Sampel result :

Mon Jul 28 03:38:34 2008 NOTE: Interface merge enabled by default
Mon Jul 28 03:38:34 2008 Initializing gdbm databases

ntop startup - waiting for user response!

Please enter the password for the admin user:
Please enter the password again:

Mon Jul 28 03:38:42 2008 Admin user password has been set

6) Start NTOP :

# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon

Sampel result :

Mon Jul 28 03:42:19 2008 NOTE: Interface merge enabled by default
Mon Jul 28 03:42:19 2008 Initializing gdbm databases

Sekiranya anda ada banyak network interface (bagi yang setup NTOP pada gateway network-eth0,eth1,eth2) :
# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon

Maksud singkatan command tu :
  • -i "eth0,eth1" : Tentukan network interface yang akan dibuat monitoring.
  • -d : Run ntop sebagai daemon.
  • -L : Hantar log mesej ke sistem log (/var/log/messages) selain paparan pada screen-u ntop : Start ntop sebagai ntop user
  • -P /usr/local/var/ntop : Tentukan kat mana ntop simpan fail database. Anda mungkin memerlukan database tersebut sebagai sebahagian dari program pemulihan nanti.
  • --skip-version-check : Secara default, ntop akan mencapai remote file secara semakan berkala bagi memastikan versi terkini sedang digunakan. Fungsi ini disablekannya.
  • --use-syslog=daemon : Gunakan syslog daemon.

7) Cara layari NTOP anda :


http://localhost:3000/ ATAU http://server-ip:3000/

8) Jika menggunakan firewall iptables, pastikan enable port 3000 :

# nano /etc/sysconfig/iptables


Masukkan sebelum final REJECT line :

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT

# service iptables restart

Untuk shorewall pastikan filter ip dan port 3000 dimasukkan. Boleh guna Webmin.


Kalau tanak open port 3000, boleh guna cara ssh tunnel :
$ ssh -L 3000:localhost:3000 -N -f user@server.yourcorp.com

Buka browser anda dan layari :

http://localhost:3000/

9) Start NTOP on boot :

# nano /etc/rc.local


Masukkan line berikut :

/usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon

Save dan close

10) Cara nak stop NTOP :

# killall ntop

Yeh! anda dah pun berjaya setup NTOP di Centos anda...ahaks best!
Terima kasih kepada panduan nota cyberciti

~ Be a Creator Not a User ~
http://muzzotechspot.blogspot.com
http://muzzoshah.blogspot.com

Ulasan