New Package: ntopng
-
I'm trying to get it to compile in various ways but no success yet.
-
Thanks jimp! I appreciate your efforts!
Can't use v2.1.4 on my Shuttle DS437 because nics are not supported.
At least there's some hope :D -
Great an thank you
hope squid3-dev become supported by pfsense and more stable
-
It's live now on 2.2. Works fine on my test VM anyhow. Give it a spin.
-
It does not see my lan nic
-
Interesting. I installed this on a test machine with two physical NICs and the menu options for NTOPNG appeared under my Diagnostics menu. It showed traffic flowing from my internal NIC without any problem. I then installed it on my production system and can't see the ntopng men item under the Diagnostics menu at all! Both machines are running pfSense 2.1.4. The only real difference between both boxes is that my production system is operating a captive portal and my two internal NICs on the production system are set as VLANs sharing the same physical network card. So my first question is why isn't the Diagnostics menu showing the ntopng items? My second query is whether ntopng will work with a VLAN-tagged NIC bound to a physical NIC? I can get the ntopng page to load (port 3000), but it's monitoring only the outside network card and no other NICs are available as options.
I appreciate this is an alpha release, so I won't set my hopes too high that this might be resolved soon.
-
The package work great ,,, the problem was from me
Thanks again
-
In deed this a 800lb Gorilla!
It works and I love it. Only one thing that does not work is a GeoMap it looks like it needs to be compalied with geolocation but that's not a big deal._NOTE
Browser reported home map location [Latitude: xx.3581782, Longitude: -xxx.03674879999998]
In order to visualize maps you must:
Have a working Internet connection.
Have compiled ntopng with geolocation and started with it.
Have active flows between peers with public IP addresses.
HTML browser geolocation is used to place on map hosts based on unknown locations._ -
My geolocation seems to work. It shows everything coming from my city and shows the routes to the major feeds.
this new ntop is visually a complete rewrite and way over the top of what I expected.
-
My geolocation seems to work. It shows everything coming from my city and shows the routes to the major feeds.
this new ntop is visually a complete rewrite and way over the top of what I expected.
I'm assuming for geolocation you didn't need to change anything?
-
I've now re-installed the updated version (1.1v0.1 to 1.1v0.2) on my test machine to see if the problem was with the update. It seems it is! The latest version of this package fails to update the Diagnostics menu on the 64-bit pfsense system I'm running and also breaks the uninstall process as well. I'm going to try to see if I can do a manual uninstallation of the package and see whether I can get the older version of ntop to work any better.
From what I could tell, ntopng looks very good and has huge potential. The package installation needs a bit of tweaking, though.
-
The menu works fine on my 32 and 64-bit installs. I tested install and uninstall and they all worked cleanly. I tried 2.1.4, 2.1.5 (coming soon), and 2.2 and I had no issues here.
If the menu failed then the install probably never completed properly. Try it again but watch the messages very carefully when installing.
The only difference between the new version of the pkg was a change on startup to allow 2.2 to function since it had a different path for one program.
-
We can't take direct donations anymore. It's not quite enough for a Gold subscription or I'd say just get one of those. But you can pick up some stuff from the pfSense store with that and you'll get some swag out of it on top of us getting a cut. :-)
Jimp
This is working great for me . . thanks. Because you can't take the bounty, I donated the money to ALS with a thanks to pfSense forum. (I am already a gold membership holder)
-
Recently I've installed ntopng in my pfsense firewalls and It's really a good tool, thank for the package.
I am reading and investigation to learn more about this tool and I would like to know if it is possible to upgrade the ntopng's version to 1.2. By the way, when I access to the dashboard it showing the attached message.
-
@jimp thanks again for taking the time to create this package…
couple of things,
1 Should we have to worry about this error in the system log?
ntopng: [Prefs.cpp:408] ERROR: Unable to create log C:\Windows\Temp/ntopng.log
2 I should read the manaul but there isn't much under the admin menu as far as configuration. I was hoping to re-name the interfaces to laymen names.
2.1.4-RELEASE (i386)
built on Fri Jun 20 12:59:29 EDT 2014
FreeBSD 8.3-RELEASE-p16 -
We can't take direct donations anymore. It's not quite enough for a Gold subscription or I'd say just get one of those. But you can pick up some stuff from the pfSense store with that and you'll get some swag out of it on top of us getting a cut. :-)
Could I ask, Jim: why can't people donate anymore? I know I did last year, and suddenly it was gone. I bought a Gold to support (and buy you all a beer ;D ) but I kept on wondering: why did you remove the donations? It is people wanting to show their appreciation, and some money seems better than no money (but then again, this is the stupid economist speaking here: if there is anything we don't understand, it is money ;D ;D ;D ).
-
Eeehm, sorry for the mildly intelligent question, but: on my nano 2.1.4 boxes there is no ntop or ntopng package available in the list… What's wrong here? :o
-
I am reading and investigation to learn more about this tool and I would like to know if it is possible to upgrade the ntopng's version to 1.2. By the way, when I access to the dashboard it showing the attached message.
Not until 1.2 shows up in FreeBSD ports. I'm told it's being worked on.
1 Should we have to worry about this error in the system log?
ntopng: [Prefs.cpp:408] ERROR: Unable to create log C:\Windows\Temp/ntopng.log
I don't think it's worth worrying about
@Hollander:
Could I ask, Jim: why can't people donate anymore? I know I did last year, and suddenly it was gone. I bought a Gold to support (and buy you all a beer ;D ) but I kept on wondering: why did you remove the donations? It is people wanting to show their appreciation, and some money seems better than no money (but then again, this is the stupid economist speaking here: if there is anything we don't understand, it is money ;D ;D ;D ).
I don't know the nitty gritty details, but since we're not a non-profit organization, taking donations in that way has some weird tax/legal issues. The beancounters said it caused more trouble than it was worth.
@chemlud:
Eeehm, sorry for the mildly intelligent question, but: on my nano 2.1.4 boxes there is no ntop or ntopng package available in the list… What's wrong here? :o
ntop isn't compatible with NanoBSD installs, only full installs.
-
Too bad!!
btw: If I had the choice between paying an invoice (including VAT) and giving a donation, I knew which option I would choose… :-D
-
@Hollander:
Could I ask, Jim: why can't people donate anymore? I know I did last year, and suddenly it was gone. I bought a Gold to support (and buy you all a beer ;D ) but I kept on wondering: why did you remove the donations? It is people wanting to show their appreciation, and some money seems better than no money (but then again, this is the stupid economist speaking here: if there is anything we don't understand, it is money ;D ;D ;D ).
I don't know the nitty gritty details, but since we're not a non-profit organization, taking donations in that way has some weird tax/legal issues. The beancounters said it caused more trouble than it was worth.
Right :P
Well it so happens I am a post-academic bean counter ( ;D ), and the thing is:
1. I don't know the specifics of US GAAP (Generally Accepted Accounting Principles), theree might be a twist in there, but:
2. (Donation/1+ VAT-percentage) (so: 50/1,06 assuming VAT 6%) should do it, at least under IFRS (International Financial Reporting Standards).Of course, neglecting the 'twist' mentioned before.
But, to my knowledge, there is no country in the world that forbids companies receiving money that can be taxed both VAT and profit tax.
The offset is the paypal fee. Which I believe is 3-5%.
Which I would assume would make it worthwile: 50 dollars from me, minnus the VAT, minus the corporate tax, still leaves nett money even when offset against the paypal fee.
Sincerely,
Sr. Beancounter ;D
-
Hi,
For the record, I think I found out what the problem was with my pfSense installation and this package. I did a bit of digging and found that there had been a previous installation of NRPE on this firewall which had somehow or another failed or been aborted, which must have corrupted the config. When I examined the /cf/conf/config.xml file, I discovered that this installation was still showing in the the 'installedpackages' section. The description for NtopNG was below, but the xml for the associated menu items was completely missing. Editing the config.xml, inserting the relevant xml for Ntop, resolved the problem completely.
Thanks for a very useful contribution to the pfSense community!
-
Is it possible to have this program display the bandwidth used per time period?
-
Is it possible to have this program display the bandwidth used per time period?
It's possible to get historical views for individual hosts for a predefined date/time range. You'll have to enable historical data storage:
1. open a terminal and log in with root account
2. open the launch script with an editor:vi /usr/local/etc/rc.d/ntopng.sh
3. add "-F" to the last command in the "rc_start()" block, so it should look like this:
rc_start() { ldconfig -m /usr/pbi/ntopng-amd64/lib /usr/pbi/ntopng-amd64/local/bin/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb & /usr/local/bin/ntopng -s -e -F --dns-mode '0' --local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8' & }
4. stop and start ntopng:
/usr/bin/killall ntopng /usr/local/bin/ntopng -s -e -F --dns-mode '0' --local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8' &
I haven't been able to get the aggregate on an interface - is that available somewhere? edit: The total data throughput is available at 'Overview'.
-
You could edit '/usr/local/pkg/ntopng.xml' so you dont have to edit /usr/local/etc/rc.d/ntopng.sh when you reboot or resave ntopng options in the gui
-
That is ONE sexy package :P :P :P
(I don't really know what I am looking at, but I am like that bird that likes anything that blinks (Dutch: ekster): this is some interesting 'bling-bling' to study ;D
(On another note: how comes no site shows up normally in IE, you would have expected MS to understand something now after 35 years and an army of 150.000 employees. Firefox is getting more bloated by the second (2 gigs of RAM currently, for-a-browser?), Chrome is NSA, and Opera apprently has decided to come a 'living dead').
-
You could edit '/usr/local/pkg/ntopng.xml' so you dont have to edit /usr/local/etc/rc.d/ntopng.sh when you reboot or resave ntopng options in the gui
Adding a new checkbox option to enable that should be simple. I don't have time at the moment but I'll keep it in mind next time I poke at the package.
Or someone could add it and submit a pull request.
-
You could edit '/usr/local/pkg/ntopng.xml' so you dont have to edit /usr/local/etc/rc.d/ntopng.sh when you reboot or resave ntopng options in the gui
Adding a new checkbox option to enable that should be simple. I don't have time at the moment but I'll keep it in mind next time I poke at the package.
Or someone could add it and submit a pull request.
funny you brought this up… i'm already on it :-) might be ugly since i'm not a programmer but sure can copy and paste... hehehehe
edit: https://github.com/pfsense/pfsense-packages/pull/771
-
Pull request has been accepted and merged. You should see an update for ntopng in Package Manager
-
I uninstalled it to see if this package perhaps made my box crash. After that, my log is flooded with this:
ntopng: [PeriodicActivities.cpp:83] ERROR: Missing script /usr/local/share/ntopng/scripts/callbacks/second.lua
Literally thousands of these lines, 1 per second it seems.
But it isn't installed anymore ;D
How might I perhaps fix this?
Thank you :)
-
The process must not have stopped. Try
killall -9 ntopng
-
Worked marvelously, Jim: thank you ;D
-
Errors from system log
This below occurred after I installed and then deinstalled ntopng…
Jan 14 20:33:32 ntopng: [PeriodicActivities.cpp:83] ERROR: Missing script /usr/local/share/ntopng/scripts/callbacks/second.lua
Jan 14 20:33:31 ntopng: [PeriodicActivities.cpp:83] ERROR: Missing script /usr/local/share/ntopng/scripts/callbacks/second.luaAFTER I installed/deinstalled/installed ntopng, I then go the below in the system log.
Jan 14 20:34:26 ntopng: [Prefs.cpp:408] ERROR: Unable to create log C:\Windows\Temp/ntopng.log
Jan 14 20:34:02 ntopng: [HTTPserver.cpp:332] ERROR: Unable to start HTTP server (IPv4) on port 3000
Jan 14 20:34:01 ntopng: [NetworkInterface.cpp:75] WARNING: No capture interface specified
Jan 14 20:34:01 ntopng: [Prefs.cpp:408] ERROR: Unable to create log C:\Windows\Temp/ntopng.log
Jan 14 20:33:33 ntopng: [Lua.cpp:1461] WARNING: Script failure [/usr/local/share/ntopng/scripts/callbacks/second.lua][/usr/local/share/ntopng/scripts/callbacks/second.lua:8: module 'lua_utils' not found: no field package.preload['lua_utils'] no file '/usr/local/share/ntopng/scripts/lua/modules/lua_utils.lua' no file './lua_utils.lua' no file '/usr/pbi/ntopng-i386/share/luajit-2.0.2/lua_utils.lua' no file '/usr/local/share/lua/5.1/lua_utils.lua' no file '/usr/local/share/lua/5.1/lua_utils/init.lua' no file '/usr/pbi/ntopng-i386/share/lua/5.1/lua_utils.lua' no file '/usr/pbi/ntopng-i386/share/lua/5.1/lua_utils/init.lua' no file './lua_utils.so' no file '/usr/local/lib/lua/5.1/lua_utils.so' no file '/usr/pbi/ntopng-i386/lib/lua/5.1/lua_utils.so' no file '/usr/local/lib/lua/5.1/loadall.so'] -
Hello,
i can't use the historical feature. when i try to load historical data after setting interface and time interval i see this error message on the logntopng: [Lua.cpp:72] ERROR: ntop_find_interface : expected string, got number
i'm using 2.2-RC x64 release with Intel interfaces.
Has anyone tried this feature? -
What interface is it best to listen on, just LAN interfaces or LAN + WAN?
-
What interface is it best to listen on, just LAN interfaces or LAN + WAN?
LAN should be good. Or you can select both
-
If you are interested in identifying which local user is sending out specific traffic, then listening on LAN is best. LAN+WAN may catch some additional traffic that originates to/from the firewall that doesn't hit LAN.
If you are routing traffic (no NAT) then WAN alone works, too.
-
Wondering if anyone is experiencing readability issue for ntop? I am running it on pfsense 2.2 and seeing garbled texts on the RRD graphs.
-
@packeteer I haven't… Maybe stop it and wipe the DB? /var/db/ntopng and start fresh?
I have to say going from 2.1.5 to 2.2, what a difference with ntopng... I thought sqlite wasn't compile in 2.1.5 because I didn't see any historical data. With 2.2, everything is there. And I can rename interfaces and such
I've been messing with other options and thinking about adding the following options if there is a need:
--enable-aggregations (only works using -A, core dump if I use --enable-aggregations) --dump-timeline --dump-hosts --dump-aggregations
https://svn.ntop.org/svn/ntop/trunk/ntopng/doc/UserGuide.pdf
Has anyone renamed an interface or stop a flow alert then stop/start ntopng or rebooted and noticed all customize you did is gone? I'll have to research but I'm wondering if it has somthing to do with redis-server
-
I installed ntopng in new install pfsense 2.2 with LAN,WAN (inactive),OPT1 (active), other packages: darkstat, squid3, squidguardian, sarg.
DHCP (31 static leases), DNS resolver (registering DHCP leases).
ntopng settings: capturing LAN, Decode DNS responses and resolve local numeric IPs only (default),
Turn historical data storages on tickedto solve locating scripts problem:
ln -s /usr/pbi/ntopng-amd64/local/share/ntopng /usr/local/share/ntopng
To solve GeoIP problem: [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat
Downloaded geoIP in /usr/pbi/ntopng-amd64/local/share/GeoIP
cd /usr/pbi/ntopng-amd64/local/share/ntopng/httpdocs/
ln -s /usr/pbi/ntopng-amd64/local/share/GeoIP geoipNow, my problem:
notpng show LAN hostnames based on network traffic such LAN hostnames, example:- ntopng db cleared
- ntopng displays the LAN hostnames correctly
- As for traffic, the LAN hostnames changed :
192.168.20.1 (LAN gateway, ntopng capture) hostname: zpf22.domain.local, ntopng show www.google.es, then clients1.google.com, then vl.ff.avast.com, etc.
You could avoid change LAN hostnames based in traffic?
Thanks in advanced, this amazing product!!
-
I split several unrelated issues off into separate threads, and I'm locking this one. Please start a new thread for each new issue rather than using a single thread.
Thanks!