New Package: ntopng
-
Is it possible to have this program display the bandwidth used per time period?
It's possible to get historical views for individual hosts for a predefined date/time range. You'll have to enable historical data storage:
1. open a terminal and log in with root account
2. open the launch script with an editor:vi /usr/local/etc/rc.d/ntopng.sh
3. add "-F" to the last command in the "rc_start()" block, so it should look like this:
rc_start() { ldconfig -m /usr/pbi/ntopng-amd64/lib /usr/pbi/ntopng-amd64/local/bin/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb & /usr/local/bin/ntopng -s -e -F --dns-mode '0' --local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8' & }
4. stop and start ntopng:
/usr/bin/killall ntopng /usr/local/bin/ntopng -s -e -F --dns-mode '0' --local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8' &
I haven't been able to get the aggregate on an interface - is that available somewhere? edit: The total data throughput is available at 'Overview'.
-
You could edit '/usr/local/pkg/ntopng.xml' so you dont have to edit /usr/local/etc/rc.d/ntopng.sh when you reboot or resave ntopng options in the gui
-
That is ONE sexy package :P :P :P
(I don't really know what I am looking at, but I am like that bird that likes anything that blinks (Dutch: ekster): this is some interesting 'bling-bling' to study ;D
(On another note: how comes no site shows up normally in IE, you would have expected MS to understand something now after 35 years and an army of 150.000 employees. Firefox is getting more bloated by the second (2 gigs of RAM currently, for-a-browser?), Chrome is NSA, and Opera apprently has decided to come a 'living dead').
-
You could edit '/usr/local/pkg/ntopng.xml' so you dont have to edit /usr/local/etc/rc.d/ntopng.sh when you reboot or resave ntopng options in the gui
Adding a new checkbox option to enable that should be simple. I don't have time at the moment but I'll keep it in mind next time I poke at the package.
Or someone could add it and submit a pull request.
-
You could edit '/usr/local/pkg/ntopng.xml' so you dont have to edit /usr/local/etc/rc.d/ntopng.sh when you reboot or resave ntopng options in the gui
Adding a new checkbox option to enable that should be simple. I don't have time at the moment but I'll keep it in mind next time I poke at the package.
Or someone could add it and submit a pull request.
funny you brought this up… i'm already on it :-) might be ugly since i'm not a programmer but sure can copy and paste... hehehehe
edit: https://github.com/pfsense/pfsense-packages/pull/771
-
Pull request has been accepted and merged. You should see an update for ntopng in Package Manager
-
I uninstalled it to see if this package perhaps made my box crash. After that, my log is flooded with this:
ntopng: [PeriodicActivities.cpp:83] ERROR: Missing script /usr/local/share/ntopng/scripts/callbacks/second.lua
Literally thousands of these lines, 1 per second it seems.
But it isn't installed anymore ;D
How might I perhaps fix this?
Thank you :)
-
The process must not have stopped. Try
killall -9 ntopng
-
Worked marvelously, Jim: thank you ;D
-
Errors from system log
This below occurred after I installed and then deinstalled ntopng…
Jan 14 20:33:32 ntopng: [PeriodicActivities.cpp:83] ERROR: Missing script /usr/local/share/ntopng/scripts/callbacks/second.lua
Jan 14 20:33:31 ntopng: [PeriodicActivities.cpp:83] ERROR: Missing script /usr/local/share/ntopng/scripts/callbacks/second.luaAFTER I installed/deinstalled/installed ntopng, I then go the below in the system log.
Jan 14 20:34:26 ntopng: [Prefs.cpp:408] ERROR: Unable to create log C:\Windows\Temp/ntopng.log
Jan 14 20:34:02 ntopng: [HTTPserver.cpp:332] ERROR: Unable to start HTTP server (IPv4) on port 3000
Jan 14 20:34:01 ntopng: [NetworkInterface.cpp:75] WARNING: No capture interface specified
Jan 14 20:34:01 ntopng: [Prefs.cpp:408] ERROR: Unable to create log C:\Windows\Temp/ntopng.log
Jan 14 20:33:33 ntopng: [Lua.cpp:1461] WARNING: Script failure [/usr/local/share/ntopng/scripts/callbacks/second.lua][/usr/local/share/ntopng/scripts/callbacks/second.lua:8: module 'lua_utils' not found: no field package.preload['lua_utils'] no file '/usr/local/share/ntopng/scripts/lua/modules/lua_utils.lua' no file './lua_utils.lua' no file '/usr/pbi/ntopng-i386/share/luajit-2.0.2/lua_utils.lua' no file '/usr/local/share/lua/5.1/lua_utils.lua' no file '/usr/local/share/lua/5.1/lua_utils/init.lua' no file '/usr/pbi/ntopng-i386/share/lua/5.1/lua_utils.lua' no file '/usr/pbi/ntopng-i386/share/lua/5.1/lua_utils/init.lua' no file './lua_utils.so' no file '/usr/local/lib/lua/5.1/lua_utils.so' no file '/usr/pbi/ntopng-i386/lib/lua/5.1/lua_utils.so' no file '/usr/local/lib/lua/5.1/loadall.so'] -
Hello,
i can't use the historical feature. when i try to load historical data after setting interface and time interval i see this error message on the logntopng: [Lua.cpp:72] ERROR: ntop_find_interface : expected string, got number
i'm using 2.2-RC x64 release with Intel interfaces.
Has anyone tried this feature? -
What interface is it best to listen on, just LAN interfaces or LAN + WAN?
-
What interface is it best to listen on, just LAN interfaces or LAN + WAN?
LAN should be good. Or you can select both
-
If you are interested in identifying which local user is sending out specific traffic, then listening on LAN is best. LAN+WAN may catch some additional traffic that originates to/from the firewall that doesn't hit LAN.
If you are routing traffic (no NAT) then WAN alone works, too.
-
Wondering if anyone is experiencing readability issue for ntop? I am running it on pfsense 2.2 and seeing garbled texts on the RRD graphs.
-
@packeteer I haven't… Maybe stop it and wipe the DB? /var/db/ntopng and start fresh?
I have to say going from 2.1.5 to 2.2, what a difference with ntopng... I thought sqlite wasn't compile in 2.1.5 because I didn't see any historical data. With 2.2, everything is there. And I can rename interfaces and such
I've been messing with other options and thinking about adding the following options if there is a need:
--enable-aggregations (only works using -A, core dump if I use --enable-aggregations) --dump-timeline --dump-hosts --dump-aggregations
https://svn.ntop.org/svn/ntop/trunk/ntopng/doc/UserGuide.pdf
Has anyone renamed an interface or stop a flow alert then stop/start ntopng or rebooted and noticed all customize you did is gone? I'll have to research but I'm wondering if it has somthing to do with redis-server
-
I installed ntopng in new install pfsense 2.2 with LAN,WAN (inactive),OPT1 (active), other packages: darkstat, squid3, squidguardian, sarg.
DHCP (31 static leases), DNS resolver (registering DHCP leases).
ntopng settings: capturing LAN, Decode DNS responses and resolve local numeric IPs only (default),
Turn historical data storages on tickedto solve locating scripts problem:
ln -s /usr/pbi/ntopng-amd64/local/share/ntopng /usr/local/share/ntopng
To solve GeoIP problem: [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat
Downloaded geoIP in /usr/pbi/ntopng-amd64/local/share/GeoIP
cd /usr/pbi/ntopng-amd64/local/share/ntopng/httpdocs/
ln -s /usr/pbi/ntopng-amd64/local/share/GeoIP geoipNow, my problem:
notpng show LAN hostnames based on network traffic such LAN hostnames, example:- ntopng db cleared
- ntopng displays the LAN hostnames correctly
- As for traffic, the LAN hostnames changed :
192.168.20.1 (LAN gateway, ntopng capture) hostname: zpf22.domain.local, ntopng show www.google.es, then clients1.google.com, then vl.ff.avast.com, etc.
You could avoid change LAN hostnames based in traffic?
Thanks in advanced, this amazing product!!
-
I split several unrelated issues off into separate threads, and I'm locking this one. Please start a new thread for each new issue rather than using a single thread.
Thanks!