I installed ntopng and it's pretty neat.
Wasn't able to find much documentation, but finally figured out how to get it to work.
Using their repo and the clearos-epel repo, it installed and worked fairly easily.
Struggled for a while to get it to monitor different interfaces, but finally got it.
Info
http://www.ntop.org/products/ntop/
Install
http://www.nmon.net/packages/
My /etc/ntopng/ntopng.conf just looks like this.
-G=/var/tmp/ntopng.gid
-i eth0
-i eth1
-m "192.168.22.0/24"
Still figuring it out though.
Don't really know what I'm doing.
FIXED - Haven't got geoip stuff working just right, unless all my traffic looks like it goes through Rome?
For some reason, Rome is very popular.
And, I only installed ntopng ntopng-data.
Worth a look see.
Someone that knows what they are doing may find this useful.
---Edit: -i can be iterated multiple times to monitor multiple interfaces. And some googling leads me to thing the default location is Italy
-- Edit: To fix geomap, open /usr/local/share/ntopng/httpdocs/js/googleMapJson.js Search for Rome. Fix Long and Lat to your location. I'm guessing this will be fixed in a future release. Geomap info will only work on interfaces with public IPs. Data with private addresses will not map (in my case, eth0 (WAN) maps, eth1 (LAN) does not map, which makes sense.)
Wasn't able to find much documentation, but finally figured out how to get it to work.
Using their repo and the clearos-epel repo, it installed and worked fairly easily.
Struggled for a while to get it to monitor different interfaces, but finally got it.
Info
http://www.ntop.org/products/ntop/
Install
http://www.nmon.net/packages/
My /etc/ntopng/ntopng.conf just looks like this.
-G=/var/tmp/ntopng.gid
-i eth0
-i eth1
-m "192.168.22.0/24"
Still figuring it out though.
Don't really know what I'm doing.
FIXED - Haven't got geoip stuff working just right, unless all my traffic looks like it goes through Rome?
For some reason, Rome is very popular.
And, I only installed ntopng ntopng-data.
Worth a look see.
Someone that knows what they are doing may find this useful.
---Edit: -i can be iterated multiple times to monitor multiple interfaces. And some googling leads me to thing the default location is Italy
-- Edit: To fix geomap, open /usr/local/share/ntopng/httpdocs/js/googleMapJson.js Search for Rome. Fix Long and Lat to your location. I'm guessing this will be fixed in a future release. Geomap info will only work on interfaces with public IPs. Data with private addresses will not map (in my case, eth0 (WAN) maps, eth1 (LAN) does not map, which makes sense.)
Share this post:
Responses (3)
-
Accepted Answer
I am also trying to get this installed. Any chance you could give a few more specifics on how you managed to install it? I tried the basics but several packages couldn't be found. Also adding the ntop repository seemed to "break" the ability to install apps from the marketplace.
Any details you can remember would be great.
Thanks. -
Accepted Answer
My internal eth shows the users as I'd expect, but I do see a good bit of broadcast traffic at times too.
I'm hoping at some point they offer options to hide broadcast traffic from the web interface.
I'm guessing there are situations where you would want to see this traffic, but in my case, I do not.
What's been interesting for me is the volume of youtube videos my children appear to be watching.
The protocol breakdown is really interesting. -
Accepted Answer
I got this on my gateway some time ago. I have created the files indicated in http://www.nmon.net/centos/ so if they update any package I can update them directly from yum.
The only weird thing that's happening to me is that If I choose the internal eth it shows a bunch of broadcasting IPs and other stuff but not my users, I have to choose the external one to see them and the hosts they are connecting mixed (this is a little messy, but nothing important).
I was using "ye olde" ntop and I have noticed that with the new one I can see more people from my network. In example my IPs are 10.10.X.X and with ntopng I have spotted a couple of rogue APs that had their DHCP doing dirty stuff on the network and giving 192.168.X.X IPs to some users.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »