Skip to content
Mar 22 / Greg

Install NTOP On Your CactiEZ Server

NTOP is a netflow collector, or it can be used to promiscuously sniff on a port.

I do prefer flow viewer, but for those of you that prefer an easier, friendlier interface, here’s how you install NTOP.

Set your repository up for dag:

1
rpm -Uhv http://apt.sw.be/redhat/el4/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el4.rf.i386.rpm

Then install ntop:

1
yum install ntop

You will need to setup an admin password:

1
/usr/bin/ntop

It will prompt you for the admin password, go ahead and assign it.

Then make an allowance in your firewall for port 3000:

Using webmin add tcp 3000


Be sure to apply those firewall changes.

Edit /etc/init.d/ntop as follows:
Change

1
    daemon $prog -d -L @/etc/ntop.conf

to

1
    daemon $prog @/etc/ntop.conf -d -L

Issue the below to start ntop:

1
service ntop start

Browse to http://cactiIP:3000. Then configure your startup settings using username admin and whatever password you set above.

I’m dumping netflow, so I went to plugins -> netflow and enabled it.
I then configured a netflow interface.
I then switched the listening NIC to that netflow interface.

Following this I set my router to dump the netflow to my server:

1
2
3
4
5
6
7
8
router-(config)#interface FastEthernet 0/1
router-(config-if)#ip route-cache flow
router-(config-if)#exit
router-(config)#ip flow-export destination 192.168.0.2 2055
router-(config)#ip flow-export source FastEthernet 0/1
router-(config)#ip flow-export version 5
router-(config)#ip flow-cache timeout active 5
router-(config)#ip flow-cache timeout inactive 300

Be sure to add the cache flow command to all interfaces that data moves in and out on. The netflow info is only generated incoming into the interface.

Done.

5 Comments

leave a comment
  1. Jimmy / Mar 22 2010

    And watch your Cacti server die under the memory strain of NTop.

  2. Greg / Mar 22 2010

    You are so optimistic 😉

  3. Sophie / Mar 23 2010

    Thanks! Very informative post. Personally, I’ve been using Scrutinizer (www.plixer.com) on a separate machine for monitoring my NetFlow traffic and it has been working great. But it is nice to know there are other options out there.

  4. Hamed Kazemian / Jun 9 2010

    Are you using CactiEZ ? Is the performance good? I always try it on FreeBSD and it’s bloody stable.

  5. Greg / Jun 9 2010

    Indeed I do run CactiEZ, and it runs smooth as silk my friend. 🙂

Leave a Comment

*