Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Kelvin on August 17, 2002, 05:53:08 PM
-
To anyone who's interested,
I've finally managed to get ntop 2.1.2 installed and appears to be working but not fully tested as it's really late and frankly, I've had it after being at it for so long and trying all sorts to try and get it to work ! I even tried to compile the darn thing but failed miserably. Although it's been posted that a howto is on the way but as I needed to use it ASAP for something I cannot wait for it. So, for anyone else in the same boat as I am, here's what I did to get it to load and run.
I was working on a fresh install of SME 5.1.2.
I installed (via rpm -Uvh) :
libpcap-0.6.2-11.7.1.0.i386.rpm
openssl-0.9.6b-28.i386.rpm openssl096-0.9.6-6.i386.rpm
ntop-2.1.2-0.i386.rpm
Note that I installed both openssl rpms on the one command line (ie. I typed :-
rpm -Uvh openssl-0.9.6b-28.i386.rpm openssl096-0.9.6-6.i386.rpm
I created a directory called /var/ntop
Then I ran ntop by typing :-
ntop -i eth0 -W 3000 -u admin
and supplied the admin password
That's it.
Anyone want to fine tune this, please do so.
Cheers,
Kelvin
-
You may want to check out nettop, http://www.stickit.nu/nettop is the newest variant, it supports file redirection to a single file (not in append mode). This way you always have a current snapshot of your protocol statistics without needing to write additional code to parse an append-mode file.
Hope this helped,
Nathan
-
I just compiled and installed nettop and it's pretty slick. I use a program called "checkinstall" to automatically build RPM files out of source (note: requires development tools).
http://asic-linux.com.mx/~izto/checkinstall/
-
By the way, did you know that you can use nettop with a SSH connection vi PUTTY? It's in full color and everything... it works great.
The only thing is, I wish I could see the IP addresses of who is on my ports.
-
I agree that nettop is a useful tool and I use it on my own servers. However, show the screens / output from ntop and nettop to clients and no prizes for guessing which one they will look at.
Kelvin
-
We already did the whole precess.
http://members.home.nl/timothee/ntop_en.html
Harro
-
Kelvin,
I can imagine that you were in a hurry, but it is a pitty that you couldn't wait for 2 days. Harro and I have been working on this for many hours, but we wanted to test out all possible errors on SME 5.1.2 and SME 5.5, to make sure it's working on every SME v5.x system.
As you can see in our howto there are significant differences between 5.1.2 and 5.5 and it's quite easily to wreck your installation by not issueing to right command-sequence.
We were also testing the mySQL-interface, but gave up on this one, because we can't get it to operate bugfree on all installations.
This takes a lot of time and since we still have jobs ;-) it takes a couple of days to produce something error-free and tested.
Dillard.
-
Hi Dillard,
> I can imagine that you were in a hurry, but it is a pitty that you couldn't
> wait for 2 days.
> This takes a lot of time and since we still have jobs ;-) it takes a couple of
> days to produce something error-free and tested.
Agreed. However, I needed to get it up and running as PART of my job, hence the urgency -- after all when all else fails, self help is what the majority of linux users have to face at one time or another. My posting my steps for getting ntop to work is purely to help anyone else who could have been in the same boat as I was. As there was no ETA given on your how-tos, I do not have the luxury of sitting back and waiting.
Kelvin
-
I followed Harro's howto at:
http://members.home.nl/timothee/ntop_en.html
Up and working in about ten minutes.
Thanks Harro!
-jeff
-
Aaron, I may have to look at adding that as a feature. The original author has long since abandoned the project and isn't returning emails. I've since adopted it and made some necessary changes to suit my needs. I find issuing:
nettop -i eth1 -d 15 -o /tmp/nettop.log > /dev/null &
Very usful. At any given instant I can 'cat /tmp/nettop.log' and get my current usage without having to have the GUI version open. It's very useful for using other PHP scripts to parse the data. I'm working on a comma-delimited format now.
Be careful with the -t and -s flags, they have been known to cause the program to core-dump after extended run-time. (This is an inherited bug from the original code, I've yet to isolate the cause)
I agree that ntop is much nicer, however, I'm 4.1.2 and was unable to successfully install it. I'm not new to linux and consider myself a pretty schooled admin. The enhancements for nettop were out of necessity.
Thanks guys,
Nathan
-
It wasn't only me who did the job.... Dillard was equal in his contribution, don't forget him :-)..
Harro
-
Hi Nathan,
I just did a clean install of ESSG 4.1.2 just out of curiosity.
I installed the following via rpm -Uvh commands :-
libpcap-0.6.2-11.7.1.0.i386.rpm
openssl096-0.9.6-6.i386.rpm
openssl-0.9.6b-28.i386.rpm
openssl095a-0.9.5a-18.i386.rpm
ntop-2.1.2-0.i386.rpm
(note : all 3 openssl packages were installed on one rpm -Uvh command line)
Then, I created the /var/ntop directory.
I then started ntop using (choose your own parameters if you like):-
ntop -i eth0 -W 3000 -u admin
and supplied the admin password (followed by confirmation).
I used the admin accound as this was a clean install and did not have any other users on the system yet. Also, I am the first to admit that I do not know whether or not the openssl compatibility layer packages installed will break any existing packages required by E-Smith (being still fairly new to linux), so test it first before trying it on a production server. All I know is the compatibility layer packages addresses the depency issues from the older packages in 4.1.2 (like needing libcrypto.so.0 and so on) without needing to force installing the packages.
ntop appears to be working fine on my test installation of ESSG 4.1.2. I subscribe to the belief that being a server, it should not run anything more than it really should, therefore did not try to script it to run automatically upon bootup. I prefer to start it manually as and when I need to perform any diagnostics and monitoring. If you need it so start automatically, follow the relevant sections from Harro and Dillard's How-To.
Hope you find this useful (even if just for fun).
Cheers,
Kelvin
-
Hello.... just a small question about ntop
I installed it using the howto. All seems to work fine, except for an intermittant error message in my browser saying there is a runtime error in line 1 ';' was expected. Does anyone have a clue what is causing this and how to fix it?
Would apreciate any help you may be able to give.
regards,
Jan
-
Same error here...
-
Hi all,
I mentioned a problem with the page Ntop creates. As I was planning to reinstall my client software anyway I thought maybe it was M$'s fault..... sorry can't blame it on them every time ;-) (btw I use XP with IE6)
I got the browser not to display the error message but the problem is still there. Has anyone tracked down what the cause of this ';' error is?
Anyway love the program but do think if the '';" error could be removed the program is perfect!
regards,
Jan
-
I have installed this on two sme5.12 servers
* one with many addons
* one completely virgin + Portforwarding and standard blades
ntop runs very well for a while on both machines and then stops responding this happens within an hour of starting
if i do a service ntop restart the stop line gets a fail and then starts ok
if i look at processes usually there are none
if i look in the logs/messages I can find entries for it starting but none for the it stopping
any ideas?
-Rob
Aug 25 14:59:52 sme ntop: Wait please: ntop is coming up...
Aug 25 14:59:52 sme ntop: 25/Aug/2002 14:59:52 Initializing IP services...
Aug 25 14:59:52 sme ntop: sh: nmap: command not found
Aug 25 14:59:52 sme ntop: SSL is present but https is disabled: use -W <https port> for enabling it
Aug 25 14:59:52 sme ntop: 25/Aug/2002 14:59:52 Initializing GDBM...
Aug 25 14:59:52 sme ntop: 25/Aug/2002 14:59:52 Bye bye: I'm becoming a daemon...
Aug 25 14:59:52 sme ntop: ntop startup succeeded
Aug 25 14:59:52 sme ntop[23330]: Initializing network devices...
Aug 25 14:59:52 sme ntop[23330]: ntop v.2.1.2 SourceForge rpm MT (SSL) [i686-pc-linux-gnu] (07/26/02 12:16:12 AM build)
Aug 25 14:59:52 sme ntop[23330]: Listening on [eth0]
Aug 25 14:59:52 sme ntop[23330]: Copyright 1998-2002 by Luca Deri <deri@ntop.org>
Aug 25 14:59:52 sme ntop[23330]: Get the freshest ntop from http://www.ntop.org/
Aug 25 14:59:52 sme ntop[23330]: Initializing...
Aug 25 14:59:52 sme ntop[23330]: Truncated network size to 1024 hosts (real netmask 255.255.255.0)
Aug 25 14:59:52 sme ntop[23330]: Loading plugins (if any)...
Aug 25 14:59:52 sme ntop[23330]: Searching plugins in /usr/lib/ntop/plugins
Aug 25 14:59:52 sme ntop[23330]: Welcome to icmpWatchPlugin. (C) 1999 by Luca Deri.
Aug 25 14:59:52 sme ntop[23330]: Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni.
Aug 25 14:59:52 sme ntop[23330]: Welcome to NetFlow. (C) 2002 by Luca Deri.
Aug 25 14:59:52 sme ntop[23330]: Welcome to nfsWatchPlugin. (C) 1999 by Luca Deri.
Aug 25 14:59:52 sme ntop[23330]: Welcome to PDAPlugin. (C) 2001-2002 by L.Deri and W.Brock
Aug 25 14:59:52 sme ntop[23330]: Welcome to sFlowPlugin. (C) 2002 by Luca Deri.
Aug 25 14:59:52 sme ntop[23330]: Resetting traffic statistics...
Aug 25 14:59:52 sme ntop[23330]: Started thread (1026) for network packet analyser.
Aug 25 14:59:52 sme ntop[23330]: Started thread (2051) for idle hosts detection.
Aug 25 14:59:52 sme ntop[23330]: Started thread (3076) for DNS address resolution.
Aug 25 14:59:52 sme ntop[23330]: Started thread (4101) for address purge.
Aug 25 14:59:52 sme ntop[23330]: Initializing plugins (if any)...
Aug 25 14:59:52 sme ntop[23330]: NetFlow export disabled
Aug 25 14:59:52 sme ntop[23330]: Waiting for HTTP connections on port 3000...
Aug 25 14:59:52 sme ntop[23330]: Started thread (5126) for web server.
Aug 25 14:59:52 sme ntop[23330]: Sniffying...
Aug 25 14:59:52 sme ntop[23330]: Started thread (6151) for network packet sniffing on eth0.