Installing ntop on CentOS 6 with NetFlow

MikroTik can handle dispatching NetFlow visitors data via /ip traffic-flow, which can be read using no cost or paid software.This guide reveals you how to create ntop (a no cost option) on a fresh CentOS 6 (or RedHat) set up and represents you have installation a CentOS 6 hosting server that has a internet relationship.



Installing ntop:

Install prerequisite packages via yum.
yum install cairo-devel libxml2-devel pango-devel pango libpng-devel -y
yum install freetype freetype-devel libart_lgpl-devel wget gcc make -y
yum install perl-ExtUtils-MakeMaker -y
yum install graphviz -y

Now we grab rrdtool (round-robin-database) and configure then install.
Check the final paragraph of info after the configure line, this should confirm build settings and shouldn’t have any error messages. If everything looks good, continue on.
cd /opt
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.5.tar.gz
tar -zxvf rrdtool-1.4.5.tar.gz
cd rrdtool-1.4.5
./configure –prefix=/usr/local/rrdtool
make && make install

Now some more prerequisite packages and the maxmind GeoIP API plugin (for showing country listings next to IP addresses).
Once again check after the ./configure line and ensure there’s been no error before attempting to continue.
yum install libpcap libpcap-devel gdbm gdbm-devel -y
yum install libevent libevent-devel -y
cd /opt
wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.8.tar.gz
tar -zxvf GeoIP-1.4.8.tar.gz cd GeoIP-1.4.8
./configure
make && make install

Lastly install some final pre-reqs and then make ntop itself.
This time stop after the ./autogen and read the last paragraph, the final 2 lines (provided everything checked out ok) should read “…. autogen.sh done <br> just type make to compile ntop”
yum install libtool automake autoconf -y
cd /opt
wget http://downloads.sourceforge.net/project/ntop/ntop/Stable/ntop-4.1.0.tar.gz
tar zxvf ntop-4.1.0.tar.gz
cd ntop-4.1.0
./autogen.sh -prefix=/usr/local/ntop
make && make install

If you’re running SELinux on a number of the machines, it’s a good idea to complete the SELinux policy installation for ntop now.
make install-selinux-policy
Now we add the user for ntop, and give it ownership of the required directories.
useradd -M -s /sbin/nologin -r ntop
chown ntop:root /usr/local/ntop
chown ntop:ntop /usr/local/ntop/share/ntop

Now change to to ntop directory, and choose a password for the ntop admin user when prompted
cd /usr/local/ntop/
rm ntop_pw.db
cd /usr/local/ntop/bin/
./ntop -u ntop -P /usr/local/ntop -A

Adding iptables rules:

Open the iptables file
vi /etc/sysconfig/iptables
Append the following rules before the final INPUT – REJECT line:
(note we’re running the webpage on port 3000 and receiving netflow traffic on port 9996)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3000 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 9996 -j ACCEPT

Then restart iptables
service iptables restart

Starting ntop (and starting on boot):

Now start ntop with the following options
Modify “-w 3000″ to determine http port to start on for testing.
cd /usr/local/ntop/bin
./ntop -d -L -u ntop -P /usr/local/ntop -w 3000 –interface none –skip-version-check yes

More command line flag details here:  http://www.ntop.org/wp-content/uploads/2011/09/ntop-man.html
To have ntop start on boot, open rc.local:
vi /etc/rc.local
and add this startup line (modify the values in the startup commands if you changed them above)
/usr/local/ntop/bin/ntop -d -L -u ntop -P /usr/local/ntop -w 3000 –interface none –skip-version-check yes

Setting web options:

The first time you open the ntop web interface you’ll need to do the following:
1. head to plugins -> netflow -> activate
This will activate netflow, don’t click the “yes” option as this will toggle it off again.
2. head to plugins -> netflow -> view/configure
3. Create a new collector named “eth#-collector” where # is the eth interface number you’re sending data to.
4. Edit this collector and ensure the following settings are in place:
- local collector udp port: 9996
- flow aggregation: none
- enable session handling: no
- assume ftp: no
- debug: off
5. Head to Admin -> Configure -> Preferences
6. change dot.path value to “/usr/bin/dot” (hit set when done)
7. head to http://code.google.com/apis/console and get a google maps API key (turn on Google maps API v2 and create a new browser-referrer key)
8. head back to Admin -> Configure -> Preferences
9. change google_maps.key value to your copied key (hit set when done)
10. stop ntop (killall ntop)
11. reboot server and confirm ntop starts upon boot.
Shutdown ntop:
To shutdown ntop:
killall ntop

Adding routers:

On a MikroTik:
/ip traffic-flow set active-flow-timeout=1m cache-entries=512k enabled=yes inactive-flow-timeout=15s interfaces=all
/ip traffic-flow target add address=<ntop ip address>:9996 disabled=no v9-template-refresh=20 v9-template-timeout=30m version=9

On a Cisco:
http://www.cisco.com/en/US/tech/tk812/tech_configuration_guides_list.html
Ensure port 9996 is the port you export the netflow traffic to.
Please feel free to post any comments or questions you have!
Title : Installing ntop on CentOS 6 with NetFlow
Description : MikroTik can handle dispatching NetFlow visitors data via /ip traffic-flow, which can be read using no cost or paid software.This guide reve...

0 Response to "Installing ntop on CentOS 6 with NetFlow"

Posting Komentar