Monitoring your server traffic with ntop – Cool! :)

Posted on by

ntop_all_proto
The is a tool, ntop, a tool that will give you statistic of your server. I keep wondering myself how much data have been transfered so far, and how much throughput rate d I get with this current provider. Now, ntop come and I get to install it in my server.

My main reference was this book, Linux Server Hacks, by Oreilly written by Andrew Lockhart, hacks #63 as well and written by Rob Flickenger in Network Security Hacks by Oreilly, hacks #64. Rob Flickenger also discuss about the same thing. The article look indentical, just the ilustration look different. Mr Lockhart refering to Flickenger’s writing actually.

I downloaded Ntop into /usr/port/distfiles/ and extract it to /usr/port/distfiles/ntop-3.2rc1/. Before installing ntop, I just added a user ntop with group ntop.

su-2.05b# ./configure
su-2.05b# make
su-2.05b# gmake clean

Ntop need to use gmake instead of make. I have tried using make install command, and it will show an error.

“You might run it using make, please use gmake instead”
*Somthing like that la…

After installing, it have automatically created /usr/local/etc/ntop/ and all the default ssl sertificate file have been there. These are default certificate, and you can also create a new certificate, sign it your own. Now I just have to initialize ntop database and set an adaministrative password. Ntop use round robin database, which is a good database for storing traffic report and logging. The main advantage of this database is it will not grow and fill up your harddisk. New entry will remove the old entry out.

su-2.05b# ntop -A -u ntop -P /usr/local/etc/ntop
10/Sep/2005 20:30:23 Initializing GDBM...
10/Sep/2005 20:30:23 Started thread (1026) for network packet analyser.
10/Sep/2005 20:30:23 Started thread (2051) for idle hosts detection.
10/Sep/2005 20:30:23 Started thread (3076) for DNS address resolution.
10/Sep/2005 20:30:23 Started thread (4101) for address purge.

Please enter the password for the admin user:
Please enter the password again:
10/Sep/2005 20:30:29 Admin user password has been set.

Then we initialize ntop, with https at port 1234(example) and run it as a daemon:

su-2.05b# ntop -u ntop -P /usr/local/etc/ntop -W1234 -d

The tools just works fine in my FreeBSD 4.11 server. By now it already run for 3 days and 6 hours. At first when my ntop aged around 2 days, the page will load very slow, it take up to 1 hour to load. I dont know what happen. Now, it works just fine, and it can display all the graph nicely.

By the way, you might want to secure your page avoiding other people from viewing your server statistic. The best and simple solutions is using .htaccess and .htpasswd file. Please refer to my next blog entry, on securing folder using .htaccess and .htpasswd file.

Ntop.org
Linux Server Hacks [O’Reilly] – Download here
Network Security Hacks [O’Reilly] – Download here

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.