“ntop is a network probe that shows the network usage”, this is the brief description of ntop extracted from the official ‘overview’ page of www.ntop.org.
the reason why I like ntop is that it gives us a immediate projection of what is happening in our network NOW! with graphical and table representations of the current, recent and past network statistics.
When the network is stuck, you can know why, and you can know it immediately. You can then take the proper action to ditch the cause
This is not all, there are amazing information you can have from this ‘small’ Italian tool…
In this post I will describe an as-easy-as-possible installation procedure to install ntop in you Mac OS X Server Snow Leopard (I didn’t test this on previous version, but as far as MacPorts is available for older version it shouldn’t be an issue to follow the same steps)
The easiest way ever would be to fire the command
$ sudo port install ntop
but as always happens the easiest way is not the best way, in facts the MacPort version of ntop is 3.3, quite old respect the current stable version 4.0.3.
Also, the installation of ntop through the port tool doesn’t install and configure it as a service but only as a tool to be run occasionally.
One of the reasons I prefer to install ntop 4.0.3 instead of 3.3 is that it gives us the option to visualise the “Hosts World Map” directly in Google Maps and the “Local Network Traffic Map” giving us an idea where our network users and services and clients are connecting to and from. Of course many other improvements are available in the latest version, but these are the coolest according to me
Another reason to manually install ntop and follow the procedure below is to install and configure it as a daemon (LaunchDaemon) launched by ‘launchd’.
What will will do then, is to download, compile and install the ntop 4.0.3 directly from its official website and rely on MacPorts to install it’s compiling and installing dependencies.
- The -latest- sources of ntop.
- Xcode (required by MacPorts), you can install it from Mac OS X Server Snow Leopard installation disk, ‘Optional Installs’ folder.
- Workgroup Manager, it’s part of the Server Admin Tools and needs to be downloaded from Apple support and installed, unless you are running Mac OS X Server.
- MacPorts, you can download and install it from www.macports.org.
- wget, to be installed via MacPorts
Preparation of system
- Make sure you have installed Xcode and MacPorts and Worgroup Manager.
- Create a ‘src’ folder where to store and compile the ntop sources:
$ mkdir ~/src $ cd ~/src
- Install wget:
$ sudo port install wget
- Fetch the latests source archive from www.ntop.org:
$ wget wget http://ignum.dl.sourceforge.net/project/ntop/ntop/Stable/ntop-4.0.3.tgz $ tar xvzf ntop-4.0.3.tgz $ cd ~/src/ntop-4.0.3
- install ntop dependencies from MacPorts needed to compile and run ntop:
$ sudo port install depof:ntop
this command do not istall ntop from MacPorts but only its dependencies.
This step could take several minutes because it will download, compile and install a lot of ports (libraries).
- Creation of the a localuser and local groupntop via ‘Workgroup Manager':
- Create the new local group ntop
- Create the new local user ntop with primary group ntop
Leave the password blank prevent any possibility of login and also do not specify the home folder, of if you really need to specify one choose /usr/local/etc/ntop.
This procedure can be executed in command-line as well using the ‘dscl’ command, but you will have to assign the Primary User ID manually retrieving it from the directory service using other scripts.
The Workgroup Manager calculate the first available User ID automatically.
- install mako (needed for “Host World Map” feature of ntop):
$ sudo easy_install mako
- install of graphviz (contains ‘dot’, needed for “Local Network Traffic Map” feature of ntop):
$ sudo port install graphviz
Make sure to be in ‘~/src/ntop-4.0.3′ folder then
- fire the script that checks the dependencies:
- and proceeds with the compilation:
- Run the script that installs ntop and its libraries in the proper places:
$ sudo make install
- Create the LaunchDaemon scripts to make the service running as a daemon:
$ sudo touch /Library/LaunchDaemons/org.ntop.ntop.plist
- copy and paste the following lines into org.ntop.ntop.plist
#-----BEGIN OF org.ntop.ntop.plist----- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <dict> <key>NetworkState</key> <true/> </dict> <key>Label</key> <string>org.ntop.ntop</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/ntop</string> <string>@/usr/local/etc/ntop/ntop.conf</string> <string>--user</string><string>ntop</string> <string>--db-file-path</string><string>/usr/local/var/ntop</string> <string>--daemon</string> </array> </dict> </plist> #-----END OF org.ntop.ntop.plist-----
- Create the configuration file to pass additional custom parameters
$ sudo touch /usr/local/etc/ntop/ntop.conf
- copy and paste the following lines into ntop.conf
(in this example I put the ‘vital’ paramenteres, you can specify more parameters, but the ones placed in the the LaunchDaemon file will NOT be overloaded by the parameters present on the ntop.conf file)
#-----BEGIN OF ntop.conf----- # interface(s) that ntop will capture on # DEFAULT: The 1st sisernet device, e.g. sis0 --interface en0 # Configures ntop not to trust MAC addrs. # This is used when port mirroring or SPAN #--no-mac # Logging messages to syslog (instead of the console): # NOTE: To log to a specific facility, use --use-syslog=local3 # NOTE: The = is REQUIRED and no spaces are permitted. #--use-syslog -L # Tells ntop to track only local hosts as specified # by the --local-subnets option #--track-local-hosts # Sets the port that the HTTP webserver listens on # NOTE: --http-server 3000 is the default #--http-server 3000 # Sets the port that the optional HTTPS webserver listens on #--https-server 3001 # Sets the networks that ntop should consider as local. # NOTE: Uses dotted decimal and CIDR notation. # Example: 192.168.0.0/24 # The addresses of the interfaces are always # local and don't need to be specified. #--local-subnets 192.168.2.0/24 # Sets the domain. # ntop should be able to determine this automatically. #--domain domain.my #-----END OF ntop.conf-----
- Set the correct file and folder permissions. VERY IMPORTANT!
$ sudo chmod 644 /Library/LaunchDaemons/org.ntop.ntop.plist $ sudo chown -R ntop /usr/local/var/ntop $ sudo chown -R ntop /usr/local/etc/ntop
Set the password for the admin user of ntop database (from the web interface you’ll be able to create other users with different degree of administration)
$ sudo ntop -t o -u ntop -P /usr/local/var/ntop --set-admin-password
Now start the service using the launchctl command and it will run as a daemon:
$ sudo launchctl load /Library/LaunchDaemons/org.ntop.ntop.plist
You will be able to access ntop through port 3000 (by default) of your server:
If you found this how-to useful, please leave a feedback, it will be really appreciated.
Powered by Facebook Comments