Menu Zavrieť

Configuring ntopng as a netflow collector

Presentation

Just to clarify things before we put our hands in the dirt, ntopng is a netflow analyzer with a nice web-interface, that can get the traffic of its own interface. HOWEVER. It cannot work as a netflow collector too. That means that if you have a couple network devices on a WAN Network, and you want to know what kind of flows are going through your network, you will have to install a separate tool, which is also developped by the ntopng guys : nProbe. Sadly, this one is not free, and you will need a license to get it working in production environnement as the default-installation provides a 20K flows limit per nprobe thread, then it stops collecting them.

So to make it short, you will have to :

  • install ntopng and nprobe
  • configure your network devices to send net/sflow packets to ntopng server
  • configure nProbe to collect net/sflow packets and to stream them in JSON to ntopng
  • configure ntopng to listen for nProbe JSON streams
  •  

 

Ntopng is a…  , howevcer it cannot porcess netflow expoert directly from asa for examle

ntopng, but older version is directly availble through debian repository, however installing actual version follow next stpes

 

Installation for debian jessie

 

select your distribution,

 wget http://packages.ntop.org/debian/jessie/all/apt-ntop/apt-ntop.deb
dpkg -i apt-ntop.deb
then run
 
apt-get clean all
apt-get update
apt-get install nprobe ntopng

or alternatively go to the http://packages.ntop.org/debian/ , find your distro (actually there is "jessie" only, so if you are using other version of debian, you will need to install ntop from the source) and download all individual packages manually using wget and install them throuh dpkg -i package.deb

 

Accessing ntopng web gui

put the url into your browser

http://<IP-ADDRESS>:3000/

and login using admin/admin

 

configuring nprobe for ntong collector

Using ntop as a flow collector for nProbe

 

vim nrpobe.conf

paste

nprobe --collector-port 6343 --zmq tcp://127.0.0.1:5556 >> /dev/null &

daj to netop.conf -i….

chod do .etc/nrpobe

 

How-to – Configuring Ntopng to collect sFlow packets

 

root@ares:/etc/nprobe# service nprobe start
root@ares:/etc/nprobe# service nprobe status
● nprobe.service – LSB: Start/stop nprobe
   Loaded: loaded (/etc/init.d/nprobe)
   Active: active (running) since Sun 2016-03-20 10:16:17 CET; 2s ago
  Process: 22716 ExecStop=/etc/init.d/nprobe stop (code=exited, status=0/SUCCESS)
  Process: 22755 ExecStart=/etc/init.d/nprobe start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/nprobe.service
           └─22781 /usr/local/bin/nprobe /tmp/nprobe-1@0.conf
 
Mar 20 10:16:17 ares logger[22756]: nprobe start
Mar 20 10:16:17 ares nprobe[22755]: Starting nProbe 1
 
 
 
https://www.utwente.nl/ewi/dacs/assignments/completed/bachelor/reports/B-assignment_Michiel-Vincent_2.pdf
 

Pridaj komentár

Vaša e-mailová adresa nebude zverejnená. Vyžadované polia sú označené *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.