Menu Zavrieť

Configuring ntopng as a netflow collector


Just to clarify things before we put our hands in the dirt, ntopng is a netflow analyzer with a nice web-interface, that can get the traffic of its own interface. HOWEVER. It cannot work as a netflow collector too. That means that if you have a couple network devices on a WAN Network, and you want to know what kind of flows are going through your network, you will have to install a separate tool, which is also developped by the ntopng guys : nProbe. Sadly, this one is not free, and you will need a license to get it working in production environnement as the default-installation provides a 20K flows limit per nprobe thread, then it stops collecting them.

So to make it short, you will have to :

  • install ntopng and nprobe
  • configure your network devices to send net/sflow packets to ntopng server
  • configure nProbe to collect net/sflow packets and to stream them in JSON to ntopng
  • configure ntopng to listen for nProbe JSON streams


Ntopng is a…  , howevcer it cannot porcess netflow expoert directly from asa for examle

ntopng, but older version is directly availble through debian repository, however installing actual version follow next stpes


Installation for debian jessie


select your distribution,

dpkg -i apt-ntop.deb
then run
apt-get clean all
apt-get update
apt-get install nprobe ntopng

or alternatively go to the , find your distro (actually there is "jessie" only, so if you are using other version of debian, you will need to install ntop from the source) and download all individual packages manually using wget and install them throuh dpkg -i package.deb


Accessing ntopng web gui

put the url into your browser


and login using admin/admin


configuring nprobe for ntong collector

Using ntop as a flow collector for nProbe


vim nrpobe.conf


nprobe --collector-port 6343 --zmq tcp:// >> /dev/null &

daj to netop.conf -i….

chod do .etc/nrpobe


How-to – Configuring Ntopng to collect sFlow packets


root@ares:/etc/nprobe# service nprobe start
root@ares:/etc/nprobe# service nprobe status
● nprobe.service – LSB: Start/stop nprobe
   Loaded: loaded (/etc/init.d/nprobe)
   Active: active (running) since Sun 2016-03-20 10:16:17 CET; 2s ago
  Process: 22716 ExecStop=/etc/init.d/nprobe stop (code=exited, status=0/SUCCESS)
  Process: 22755 ExecStart=/etc/init.d/nprobe start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/nprobe.service
           └─22781 /usr/local/bin/nprobe /tmp/nprobe-1@0.conf
Mar 20 10:16:17 ares logger[22756]: nprobe start
Mar 20 10:16:17 ares nprobe[22755]: Starting nProbe 1
Rate this post

Pridaj komentár

Vaša e-mailová adresa nebude zverejnená. Vyžadované polia sú označené *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.