Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Ntop GEO MAP

    Scheduled Pinned Locked Moved Traffic Monitoring
    49 Posts 17 Posters 16.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      feerab
      last edited by

      Thanks a lot @dragoangel

      1 Reply Last reply Reply Quote 0
      • H
        Hans from Berlin
        last edited by

        Thank you very much dragoangel!

        1 Reply Last reply Reply Quote 0
        • R
          robvanhooren @gacpac
          last edited by robvanhooren

          @gacpac said in [SOLVED] Ntop GEO MAP:

          Omg This was awesomeee.

          Also, my plex server is getting flows categorized as unknown application. Is there a way to create my category for Plex?

          There's some automated ones like netflix and that kind of stuff.

          yes.

          plex should actually be recognized by ntopng (as of v3.9) but the pfS pkg is 3.8 at the moment.

          for now you have to do custom protocols by hand.

          see redmine #9912 for a bit of a howto.

          (that will get the protocols 'known'; afterwards, you can set them to an appropriate category in the ntop gui).

          G 1 Reply Last reply Reply Quote 0
          • G
            gacpac @robvanhooren
            last edited by

            @robvanhooren sorry but redmine #9912 where?

            1 Reply Last reply Reply Quote 0
            • R
              robvanhooren
              last edited by

              the bugtracker is in the pfSense menu (top right corner of the GUI)

              it opens the redmine site

              or, you can go directly to request #9912 here

              hope that helps?

              R.

              1 Reply Last reply Reply Quote 0
              • gnitingG
                gniting @dragoangel
                last edited by gniting

                @dragoangel After applying this patch, I am seeing a flood of msgs in the system log with the following text:
                As of two days ago, I am seeing a ton of entries in the system log with the following msg:

                Attack from "192.168.7.1" on service 100 with danger 10.
                Did not receive identification string from 192.168.7.1 port 3736
                

                192.168.7.1 the IP of the pfsense box itself. If I turn off ntopng, the msgs go away. Any ideas?

                dragoangelD 1 Reply Last reply Reply Quote 0
                • dragoangelD
                  dragoangel @gniting
                  last edited by dragoangel

                  @ibbetsion this logs not related to patch. They logged without it too if you enable ntopng and do not configure it. Disable alerts in ntopng itself, and please look to all setting).

                  Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                  Unifi AP-AC-LR with EAP RADIUS, US-24

                  1 Reply Last reply Reply Quote 0
                  • dragoangelD
                    dragoangel
                    last edited by dragoangel

                    This now broken again due MaxMind require LicenseKeys usage now https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/

                    Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                    Unifi AP-AC-LR with EAP RADIUS, US-24

                    manjotscM 2 Replies Last reply Reply Quote 0
                    • manjotscM
                      manjotsc @dragoangel
                      last edited by manjotsc

                      @dragoangel

                      alt text

                      Vendor: HP
                      Version: P01 Ver. 02.50
                      Release Date: Wed Jul 17 2024
                      Boot Method: UEFI
                      24.11-RELEASE (amd64)
                      FreeBSD 15.0-CURRENT
                      CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                      Current: 3606 MHz, Max: 3400 MHz
                      4 CPUs : 1 package(s) x 4 core(s)

                      1 Reply Last reply Reply Quote 0
                      • manjotscM
                        manjotsc @dragoangel
                        last edited by manjotsc

                        @dragoangel As temporary solution I uploaded latest files on web server, and It seems to be working fine again.

                        ntopng.inc.txt

                        Vendor: HP
                        Version: P01 Ver. 02.50
                        Release Date: Wed Jul 17 2024
                        Boot Method: UEFI
                        24.11-RELEASE (amd64)
                        FreeBSD 15.0-CURRENT
                        CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                        Current: 3606 MHz, Max: 3400 MHz
                        4 CPUs : 1 package(s) x 4 core(s)

                        dragoangelD 1 Reply Last reply Reply Quote 0
                        • dragoangelD
                          dragoangel @manjotsc
                          last edited by dragoangel

                          @manjotsc I understand that I can simply put files even on pfsense with geoip. Question about that this plugins must already be officially fixed by netgate to support new API with authorization

                          Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                          Unifi AP-AC-LR with EAP RADIUS, US-24

                          manjotscM 2 Replies Last reply Reply Quote 0
                          • manjotscM
                            manjotsc @dragoangel
                            last edited by

                            @dragoangel I think they are waiting for PfSense 2.5 release, because I tried installing Ntopng 3.8 manually, but ntopng 3.8 needs some package dependencies that only supported in FreeBSD12.

                            Vendor: HP
                            Version: P01 Ver. 02.50
                            Release Date: Wed Jul 17 2024
                            Boot Method: UEFI
                            24.11-RELEASE (amd64)
                            FreeBSD 15.0-CURRENT
                            CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                            Current: 3606 MHz, Max: 3400 MHz
                            4 CPUs : 1 package(s) x 4 core(s)

                            dragoangelD 1 Reply Last reply Reply Quote 0
                            • manjotscM
                              manjotsc @dragoangel
                              last edited by manjotsc

                              @dragoangel Problem Solved Working Now

                              https://www.youtube.com/watch?v=GkPA4kb3Xoo

                              alt text

                              Vendor: HP
                              Version: P01 Ver. 02.50
                              Release Date: Wed Jul 17 2024
                              Boot Method: UEFI
                              24.11-RELEASE (amd64)
                              FreeBSD 15.0-CURRENT
                              CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                              Current: 3606 MHz, Max: 3400 MHz
                              4 CPUs : 1 package(s) x 4 core(s)

                              1 Reply Last reply Reply Quote 0
                              • dragoangelD
                                dragoangel @manjotsc
                                last edited by dragoangel

                                @manjotsc devel version of pfsense 2.5 has same ntopng. Thanks for video.

                                Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                                Unifi AP-AC-LR with EAP RADIUS, US-24

                                manjotscM 1 Reply Last reply Reply Quote 0
                                • manjotscM
                                  manjotsc @dragoangel
                                  last edited by

                                  @dragoangel hmmm, sorry maybe I am confused.

                                  Vendor: HP
                                  Version: P01 Ver. 02.50
                                  Release Date: Wed Jul 17 2024
                                  Boot Method: UEFI
                                  24.11-RELEASE (amd64)
                                  FreeBSD 15.0-CURRENT
                                  CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                                  Current: 3606 MHz, Max: 3400 MHz
                                  4 CPUs : 1 package(s) x 4 core(s)

                                  1 Reply Last reply Reply Quote 0
                                  • dragoangelD
                                    dragoangel
                                    last edited by dragoangel

                                    @manjotsc yep, I doesn't know, but looks like pkg maintainer simply lost.
                                    Direct link by simple parameters works so I updated https://forum.netgate.com/topic/141150/solved-ntop-geo-map/6 as well

                                    Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                                    Unifi AP-AC-LR with EAP RADIUS, US-24

                                    manjotscM 1 Reply Last reply Reply Quote 0
                                    • manjotscM
                                      manjotsc @dragoangel
                                      last edited by

                                      @dragoangel Atleast this time it got solved quickly as compared to before, which was broken for months.

                                      Vendor: HP
                                      Version: P01 Ver. 02.50
                                      Release Date: Wed Jul 17 2024
                                      Boot Method: UEFI
                                      24.11-RELEASE (amd64)
                                      FreeBSD 15.0-CURRENT
                                      CPU Type: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
                                      Current: 3606 MHz, Max: 3400 MHz
                                      4 CPUs : 1 package(s) x 4 core(s)

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        Sigsegv
                                        last edited by

                                        I'm not sure if anyone else is running into issues with the above patch and the new access key requirement from maxmind, but mine still wouldn't update the GeoIP database..

                                        It seems like fetch has an issue with the new URL, so changed the /usr/local/pkg/ntopng.inc file to use curl.. These changes are made after applying the above mentioned patch:

                                        function ntopng_update_geoip() {
                                        global $config;
                                        $curlcmd = "/usr/local/bin/curl";

                                            $geolite_city = "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=YOURKEYHERE&suffix=tar.gz";
                                            $geoip_asnum = "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=YOURKEYHERE&suffix=tar.gz";
                                        
                                            $output_dir_city = "/usr/local/share/ntopng/GeoCity.tar.gz";
                                            $output_dir_asn = "/usr/local/share/ntopng/GeoASN.tar.gz";
                                        
                                            mwexec("{$curlcmd} --output {$output_dir_city} \"{$geolite_city}\"");
                                            mwexec("{$curlcmd} --output {$output_dir_asn} \"{$geoip_asnum}\"");
                                        
                                            ntopng_fixup_geoip();
                                        
                                            /* Do not (re)start services on package (re)install, only on manual GeoIP updates via the GUI */
                                            if ($_POST['Submit'] == "Update GeoIP Data") {
                                                    init_config_arr(array('installedpackages', 'ntopng', 'config', 0));
                                                    $ntopng_config = $config['installedpackages']['ntopng']['config'][0];
                                                    ntopng_services_stop();
                                                    if ($ntopng_config['enable'] == "on") {
                                                            start_service("ntopng");
                                                    }
                                            }
                                        

                                        }

                                        P 1 Reply Last reply Reply Quote 0
                                        • P
                                          pponce @Sigsegv
                                          last edited by

                                          @Sigsegv Fetch still works. you just need to modify the execution of the command and put quotes around the url to fetch.

                                          I made the same changes as mentioned above but these two lines were edited in the following way:

                                                  mwexec("{$fetchcmd} -o {$output_dir}/GeoLite2-City.tar.gz -T 5 \"{$geolite_city}\"");
                                                  mwexec("{$fetchcmd} -o {$output_dir}/GeoLite2-ASN.tar.gz -T 5 \"{$geoip_asnum}\"");
                                          

                                          then it should work.

                                          S 1 Reply Last reply Reply Quote 0
                                          • S
                                            Sigsegv @pponce
                                            last edited by

                                            @pponce said in [SOLVED] Ntop GEO MAP:

                                            @Sigsegv Fetch still works. you just need to modify the execution of the command and put quotes around the url to fetch.

                                            I made the same changes as mentioned above but these two lines were edited in the following way:

                                                    mwexec("{$fetchcmd} -o {$output_dir}/GeoLite2-City.tar.gz -T 5 \"{$geolite_city}\"");
                                                    mwexec("{$fetchcmd} -o {$output_dir}/GeoLite2-ASN.tar.gz -T 5 \"{$geoip_asnum}\"");
                                            

                                            then it should work.

                                            OK cool. Really, my point of posting was that the patch provided no longer works, therefore, I came up with a workaround using curl.

                                            I'm happy to modify the patch to fix the escape sequence.

                                            P 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.