分类: LINUX
2010-01-29 17:32:25
Ntop的安装与配置
环境:redhat5.3
ntop-3.2.tgz
准备:
# rpm -qa |grep php
# rpm -qa |grep gd
#rpm -qa |grep libpng
#rpm -qa |grep libxml
# rpm -qa | grep cgilib
# rpm –qa |grep rrdtool
[root@kaka ~]# rpm -qa | grep libpcap
libpcap-devel-0.9.4-14.el5
libpcap-0.9.4-14.el5
[root@kaka ~]# rpm -qa | grep gdbm
gdbm-devel-1.8.0-26.2.1
gdbm-1.8.0-26.2.1
这里要注意,如果没有装libpcap-devel,在./configure时会出现以下错误:
checking for strerror... yes
checking for __FUNCTION__... yes
checking for floor in -lm... yes
checking for pcap_datalink in -lpcap... no
ERROR! Libpcap library/headers not found, go get it from
or use the --with-libpcap-* options, if you have it installed
in unusual place
安装:
ntop
# tar zxvf ntop-3.2.tgz
# cd /ntop-3.2
# ./configure –prefix=/usr/local/ntop
# make
# make install
建立一个用户ntop,登录ntop进会此用户
# useradd ntop
#passwd ntop
改变文件所有者为ntop
# chown –R ntop:ntop /usr/local/var/ntop
# chown –R ntop:ntop /usr/local/share/ntop
配置:
设置管理密码
# /usr/local/bin/ntop -P /usr/local/share/ntop/ -u ntop -A
将ntop的模板配置文件放到/usr/local/etc/ntop/ntop.conf
# cp /usr/local/ntop/packages/RedHat/ntop.conf.sample /usr/local/etc/ntop/ntop.conf
[root@kaka ~]# sed -n '/^[^#]/p' /usr/local/etc/ntop/ntop.conf
--user ntop
--daemon
--db-file-path /usr/local/share/ntop/
--interface eth0
--trace-level 3 # Which is the default
--http-server 3000
--disable-schedyield
启动:
[root@kaka ~]# /usr/local/bin/ntop -P /usr/local/share/ntop/ -u ntop -c -d -i eth0
Wed Jan 27 20:55:04 2010 NOTE: Interface merge enabled by default
Wed Jan 27 20:55:04 2010 **WARNING** Trailing slash removed from argument for option -P | --db-file-path
Wed Jan 27 20:55:04 2010 Initializing gdbm databases
Wed Jan 27 20:55:04 2010 ntop v.3.2 SourceForge .tgz
Wed Jan 27 20:55:04 2010 Configured on Jan 27 2010 17:48:21, built on Jan 27 2010 17:54:15.
Wed Jan 27 20:55:04 2010 Copyright 1998-2005 by Luca Deri
Wed Jan 27 20:55:04 2010 Get the freshest ntop from
Wed Jan 27 20:55:04 2010 NOTE: ntop is running from '/usr/local/bin'
Wed Jan 27 20:55:04 2010 NOTE: (but see warning on man page for the --instance parameter)
Wed Jan 27 20:55:04 2010 NOTE: ntop libraries are in '/usr/local/lib'
Wed Jan 27 20:55:04 2010 Initializing ntop
Wed Jan 27 20:55:04 2010 Checking eth0 for additional devices
Wed Jan 27 20:55:04 2010 Resetting traffic statistics for device eth0
Wed Jan 27 20:55:04 2010 DLT: Device 0 [eth0] is 1, mtu 1514, header 14
Wed Jan 27 20:55:04 2010 Initializing gdbm databases
Wed Jan 27 20:55:04 2010 VENDOR: Loading MAC address table.
Wed Jan 27 20:55:04 2010 VENDOR: Checking for MAC address table file
Wed Jan 27 20:55:04 2010 VENDOR: File '/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
Wed Jan 27 20:55:04 2010 VENDOR: ntop continues ok
Wed Jan 27 20:55:04 2010 VENDOR: Checking for MAC address table file
Wed Jan 27 20:55:04 2010 VENDOR: File '/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded
Wed Jan 27 20:55:04 2010 VENDOR: ntop continues ok
Wed Jan 27 20:55:04 2010 Fingeprint: Loading signature file.
Wed Jan 27 20:55:04 2010 Fingeprint: ...loaded 1697 records
Wed Jan 27 20:55:04 2010 INIT: Parent process is exiting (this is normal)
Wed Jan 27 20:55:04 2010 INIT: Bye bye: I'm becoming a daemon...
-P指定目录,-u指定用户,-I 指定网卡接口
[root@kaka ~]# nmap 192.168.3.193
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-01-27 20:55 CST
Interesting ports on localhost (192.168.3.193):
Not shown: 1673 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
852/tcp open unknown
3000/tcp open ppp
3306/tcp open mysql
发现3000端口开启
在浏览器中输入:3000/
则会看到监控界面