Ntopng development
-
How are people accessing the ntopng dashboard? I get an SSL error every I try to access it. I'm pretty sure it's because pfsense is using HSTS, and thus my browser always wants to connect via HTTPS instead of HTTP, but I'm not really sure how to work around this problem.
-
Use HTTPS for the GUI and ntopng
-
HTTPS for ntopng isn't working for me. I receive a SSL protocol error when attempting to access. I haven't tracked it down yet. HTTP via IP address works fine.
Use HTTPS for the GUI and ntopng
-
Wasn't too hard to find. HTTPS is disabled because there is no certificate installed. From ntopng.log:
27/Jul/2016 21:45:14 [HTTPserver.cpp:464] HTTPS Disabled: missing SSL certificate /usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem 27/Jul/2016 21:45:14 [HTTPserver.cpp:466] Please read https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable SSL. 27/Jul/2016 21:45:14 [HTTPserver.cpp:509] Web server dirs [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] 27/Jul/2016 21:45:14 [HTTPserver.cpp:512] HTTP server listening on port 3000
-
Thanks Jimp
Using an external MySQL instance would be a great option.
For now though, if we enable the historical usage, where is it going to store the data?
If its in daily files I could just add a cronjob to wipe the older files after x days. Just a thoughtThe screen shown on that page is for a MySQL database. That isn't what is in use on pfSense. Eventually the package could grow the ability to export to an external MySQL server, but it wouldn't ever be using a MySQL database on the firewall itself.
-
Wasn't too hard to find. HTTPS is disabled because there is no certificate installed. From ntopng.log:
27/Jul/2016 21:45:14 [HTTPserver.cpp:464] HTTPS Disabled: missing SSL certificate /usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem 27/Jul/2016 21:45:14 [HTTPserver.cpp:466] Please read https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable SSL. 27/Jul/2016 21:45:14 [HTTPserver.cpp:509] Web server dirs [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] 27/Jul/2016 21:45:14 [HTTPserver.cpp:512] HTTP server listening on port 3000
Have the same problem. Is there an easy fix (like symlink the real certificate)? Should/can this be fixed by the package maintainer?
-
I was getting my packages mixed up there. The ntopng package doesn't have an HTTPS option yet. It will need to be added to the package. I can look into it, but I have no idea when I'll be able to get around to adding that as a feature. If someone wants to make a pull request, have a look at the lightsquid package which has a cert selection for HTTPS that would be very similar.
-
Have they managed to get application filtering/control working in nTopng with pfsense?
That was what my original discussions with Luca Deri were about.
It's great to have nTopng working again from an analysis/reporting fashion, but the real power of the application is to be able to control applications instead of trying to do a half arsed job with Snort….
-
I don't think certificate selection code is necessary. The ntopng service is another port on the firewall itself. The certificate for ntopng would need to have the same common name and alternate names as the firewall itself. In other words, the certificate for ntopng is the same certificate used by the pfSense webgui.
I'll have a look at it when time permits.
-
Here you go:
https://github.com/pfsense/FreeBSD-ports/pull/172
Note that if you change between http and https for the webgui, either the ntopng settings will need to be re-saved or the system rebooted. Given how rare the switch is, I don't think this will be too much of an issue.
-
@Tram:
Thanks Jimp
Using an external MySQL instance would be a great option.
For now though, if we enable the historical usage, where is it going to store the data?
If its in daily files I could just add a cronjob to wipe the older files after x days. Just a thoughtThe screen shown on that page is for a MySQL database. That isn't what is in use on pfSense. Eventually the package could grow the ability to export to an external MySQL server, but it wouldn't ever be using a MySQL database on the firewall itself.
I haven't used ntopng in the last few months and looking over the doc, looks like sqlite support isn't there anymore for historical data. Looks like mysql or es flow-dumps are the only option now.
There is an error when 'Historical Data Storage' is enabled Im going to change the syntax to use the mySQL i have running
18/Aug/2016 08:49:31 [Prefs.cpp:792] WARNING: Discarding -F -i: value out of range
http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng/
-
I was able to get mysql historical data to work.
I changed file /usr/local/pkg/ntopng.inc line 123 to something like this
/* Historical Data Storage, Dump expired flows */ if ($ntopng_config['dump_flows'] == "on") { $dump_flows = "-F 'mysql;mysql.server;ntopng;flows;ntopng;password'"; }
'mysql;mysql.server;ntopng;flows;ntopng;password'
mysql - letting it know you are using a mysql db
mysql.server - mysql server ip or hosename
ntopng - mysql DB name, you have to create a DB so i used ntopng for its name
flows - tablename prefix, it will create flowsv4 and flowsv6
ntopng - mysql username that needs write access to the db it will be inserting data into
password - password to the mysql user you are using to access you mysql serverI also swapped the syntax order on line 139. I put the interfaces before the historical data option
$start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -e {$disable_alerts} {$ifaces} {$dump_flows} {$dns_mode} {$aggregations} {$local_networks} &\n";
Only LAN is keeping historical data. Not sure why but my other interfaces are vlans so that may have something to do with it. Needs more testing to confirm.
I noticed the 'Local Networks' option hasn't been updated to grab IPv6 addresses from interfaces. I manually updated line 117 to include my IPv6 subnet and also some of the multicast subnets to keep them local instead of remote within ntopng
PS What happen to the preference menu item?
-
Version 0.8.4_1 with HTTPS support is rolling out now.
-
Version 0.8.4_1 with HTTPS support is rolling out now.
Is this package update version 2.4 of ntopng, or still the previous version?
-
It's the same version of ntopng, with the addition of support for HTTPS in the pfSense package.
-
I found bug with the ssl version. You may want to remove "\n" from the new code.
if ($config['system']['webgui']['protocol'] == "https") { $cert =& lookup_cert($config['system']['webgui']['ssl-certref']); ntopng_write_cert_file("/usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem", $cert); $http_args = "-w 0 -W 3000\n"; } else { unlink_if_exists("/usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem"); $http_args = "-w 3000\n"; }
It created the the startup file incorrectly
rc_start() { /usr/local/bin/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb & /usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e -w 0 -W 3000 -i 'em2' --dns-mode '0' --local-networks 'fe80::/10,192.168.0.0/24,2000:0000:0000:2400::/64' &
-
I found bug with the ssl version. You may want to remove "\n" from the new code.
You are quite correct. Not sure how I missed that in testing.
PR created.
Thanks
-
dennypage, is there some trick to getting someone to accept pull requests? I submitted one a couple weeks ago to add ipv6 addresses to "local-networks" in the ntopng command line, but it's gone idle as far as I can see…
(I'm just trying to figure out if I missed a step in the submission or not.)
Thanks
Gary -
dennypage, is there some trick to getting someone to accept pull requests? I submitted one a couple weeks ago to add ipv6 addresses to "local-networks" in the ntopng command line, but it's gone idle as far as I can see…
No special trick, but I went to look for your PR and couldn't find it. What is the PR number?
-
No special trick, but I went to look for your PR and couldn't find it. What is the PR number?
https://github.com/pfsense/pfsense-packages/pull/1262