Moving ntopng DB to non-standard directory

jimmy_1969

Hi,

Below is applicable for pfsense ntopng package release 0.5.

I love the ntopng package. It's a really useful application for understanding traffic utilisation.
But what I don't like is the hard-coded implementation putting the database at /var/db/ntopng.

Once thing to be mindful of that this application has the ability to really drive your storage requirements through the roof. In my case I only have 4 GB of available root SSD storage, and that was filled up in no-time when activating ntopng. This application creates a lot of small files filling up your inode space. Utilisation of storage and inodes can be checked with:

df -hi

So what to do? Well before doing anything "under the hood", it is a good idea to make a log entry of exactly what you are adapting as all changes to standard packages will be lost when you re-install or upgrade. In the event of

I decided to attach a 32 GB USB memory stick to the motherboard and move the ntopng database to a this. After updating file /etc/fstab with the new device and mounting point I had 30 GB of unused USB storage at /mnt/usb_internal.

ntopng uses '-d' parameter to define database path. The path used can be determined by checking the active process:

ps -aux | grep ntopng
root    80641   1.3  2.2 236588  92424  -  Ss    9:52AM      6:15.68 /usr/local/bin/ntopng -d /mnt/usb_internal/var/db/ntopng -G /var/run/ntopng.pid -s -e -H -i em2 -i em0 --dns-mode 0

Before doing anything, disable the ntopng service if not already done.

My search started with trying to figure out where the ntopng command line parameters where configured in this package. My first port of call was file /usr/local/pkg/ntopng.xml which contains configuration parameters for the package. I modified the five lines that refer to database path to reflect my USB storage, but to no avail.

I realized that the database path is actually hard-coded in the service start/top script. Before changing this file you might want to backup the original:

cp /usr/local/etc/rc.d/ntopng.sh /usr/local/etc/rc.d/ntopng.sh.backup

Edit file /usr/local/etc/rc.d/ntopng.sh. This script includes the database path both for redis server and ngtop service. Edit '–dir /mnt/usb_internal/var/db/ntopng/' and '-d /mnt/usb_internal/var/db/ntopng' paths to point to desired location.

rc_start() {
        ldconfig -m /usr/pbi/ntopng-amd64/lib
        /usr/pbi/ntopng-amd64/local/bin/redis-server --dir /mnt/usb_internal/var/db/ntopng/ --dbfilename ntopng.rdb &
        /usr/local/bin/ntopng -d /mnt/usb_internal/var/db/ntopng -G /var/run/ntopng.pid -s -e -H   -i 'em2' -i 'em0' --dns-mode '0'  --local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8' &
}

However, this bash script is overwritten every time you change configuration using web GUI, which would revert our adaptation.
So to prevent that from happening we will make the file immutable.

chflags schg /usr/local/etc/rc.d/ntopng.sh

In the future, before making any changes to the web GUI, this file needs to be 'unimmuted' using:

chflags noschg /usr/local/etc/rc.d/ntopng.sh

Next, create the directory structure on the external USB.

mkdir -p /mnt/usb_internal/var/db/ntopng

In my case i tried starting the ntopng service here but it failed, and I could not login to ngtopng web interface. But after going to 'Diagnostics', 'ntopng Settings' and saving the configuration again and starting ntopng service, the 2nd login attempt was successful.

Verify that the service is up and running:```
ps -aux | grep ntopng

Verify that database and logs are created:```
ls -la /mnt/usb_internal/var/db/ntopng

Once you are confident your change is successful, go ahead and delete the original database files:

rm -rf /var/db/ntopng

Now you can continue to the next storage hogging application…

//Jimmy

Updated 22 Jun-15: added instructions for making file /usr/local/etc/rc.d/ntopng.sh immutable.