RHEL 5.4 下安装和使用 ntop 全纪录
1. ntop介绍
Ntop是一种监控网络流量工具,用ntop显示网络的使用情况比其他一些网络管理软件更加直观、详细。Ntop甚至可以列出每个节点计算机的网络带宽利用率。他是一个灵活的、功能齐全的,用来监控和解决局域网问题的工具;尤其当ntop与nprobe配合使用,其功能更加显著。它同时提供命令行输入和web页面,可应用于嵌入式web服务。
/Linux/-05/59659.htm 写道 NTOP主要提供以下一些功能:
◆ 自动从网络中识别有用的信息;
◆ 将截获的数据包转换成易于识别的格式;
◆ 对网络环境中通信失败的情况进行分析;
◆ 探测网络环境中的通信瓶颈;
◆ 记录网络通信的时间和过程。
◆ 自动识别客户端正在使用的操作系统;
◆ 可以在命令行和Web两种方式运行。
它可以通过分析网络流量来确定网络上存在的各种问题;也可以用来判断是否有黑客正在攻击网络系统;还可以很方便地显示出特定的网络协议、占用大量带宽的主机、各次通信的目标主机、数据包的发送时间、传递数据包的延时等详细信息。通过了解这些信息,网管员可以对故障做出及时的响应,对网络进行相应的优化调 整,以保证网络运行的效率和安全。 /Linux/-08/40783.htm 写道 ntop 4.1 发布了,这是一个维护版本,删除了一些过时的代码和协议,增加 Facebook 和 Twitter 支持,降低了内存占用,提升了稳定性。
跟 top 监视系统活动状况相似,ntop 是一个用来实时监视网络使用情况的工具。由于 ntop 具有 Web 界面模式,因此无论是配置还是使用都很容易在短时间之内快速上手。
2. ntop安装
2.1. 安装 cairo-devel
因为安装 rrdtool 需要。cairo,埃及首都开罗,向量图形绘图库。
/p/cairo/ 写道 在资讯领域中,cairo 是一个让用于提供向量图形绘图的免费函式库,Cairo 提供在多个背景下做 2-D 的绘图,进阶的更可以使用硬件加速功能。
虽然 Cairo 是使用C语言撰写的,但是当使用 Cairo 时,可以用许多其他种语言来使用,包括有 C++、C#、Java、Python、Perl、Ruby、Scheme、Smalltalk 以及许多种语言,Cairo 在 GPL 与 Mozilla Public License 两个认证下发行。
先将光盘mount到/mnt。
[root@liunx0918 ~]# mount /dev/cdrom /mnt
[root@liunx0918 ~]# cd /mnt
[root@liunx0918 mnt]# ls
Cluster RELEASE-NOTES-de.html RELEASE-NOTES-ml.html RELEASE-NOTES-U4-de.html RELEASE-NOTES-U4-ml.html RELEASE-NOTES-zh_CN.html
ClusterStorage RELEASE-NOTES-en RELEASE-NOTES-mr.html RELEASE-NOTES-U4-en RELEASE-NOTES-U4-mr.html RELEASE-NOTES-zh_TW.html
EULA RELEASE-NOTES-en.html RELEASE-NOTES-or.html RELEASE-NOTES-U4-en.html RELEASE-NOTES-U4-or.html RPM-GPG-KEY-redhat-beta
eula.en_US RELEASE-NOTES-es.html RELEASE-NOTES-pa.html RELEASE-NOTES-U4-es.html RELEASE-NOTES-U4-pa.html RPM-GPG-KEY-redhat-release
GPL RELEASE-NOTES-fr.html RELEASE-NOTES-pt_BR.html RELEASE-NOTES-U4-fr.html RELEASE-NOTES-U4-pt_BR.html Server
images RELEASE-NOTES-gu.html RELEASE-NOTES-ru.html RELEASE-NOTES-U4-gu.html RELEASE-NOTES-U4-ru.html TRANS.TBL
isolinux RELEASE-NOTES-hi.html RELEASE-NOTES-si.html RELEASE-NOTES-U4-hi.html RELEASE-NOTES-U4-si.html VT
README-en RELEASE-NOTES-it.html RELEASE-NOTES-ta.html RELEASE-NOTES-U4-it.html RELEASE-NOTES-U4-ta.html
README-en.html RELEASE-NOTES-ja.html RELEASE-NOTES-te.html RELEASE-NOTES-U4-ja.html RELEASE-NOTES-U4-te.html
RELEASE-NOTES-as.html RELEASE-NOTES-kn.html RELEASE-NOTES-U4-as.html RELEASE-NOTES-U4-kn.html RELEASE-NOTES-U4-zh_CN.html
RELEASE-NOTES-bn.html RELEASE-NOTES-ko.html RELEASE-NOTES-U4-bn.html RELEASE-NOTES-U4-ko.html RELEASE-NOTES-U4-zh_TW.html
[root@liunx0918 mnt]# find . -name "cairo*rpm"
./Server/cairo-1.2.4-5.el5.i386.rpm
./Server/cairo-devel-1.2.4-5.el5.i386.rpm
./Server/cairo-java-1.0.5-3.fc6.i386.rpm
./Server/cairo-java-devel-1.0.5-3.fc6.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm
warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
error: Failed dependencies:
fontconfig-devel >= 2.0 is needed by cairo-devel-1.2.4-5.el5.i386
freetype-devel >= 2.1.3-3 is needed by cairo-devel-1.2.4-5.el5.i386
libXrender-devel is needed by cairo-devel-1.2.4-5.el5.i386
libpng-devel is needed by cairo-devel-1.2.4-5.el5.i386
依赖的rpm包还真多!
[root@liunx0918 mnt]# find . -name "fontconfig-devel*rpm"
./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm
[root@liunx0918 mnt]# find . -name "freetype-devel*rpm"
./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm
[root@liunx0918 mnt]# find . -name "libXrender-devel*rpm"
./Server/libXrender-devel-0.9.1-3.1.i386.rpm
[root@liunx0918 mnt]# find . -name "libpng-devel*rpm"
./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm
warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
error: Failed dependencies:
libX11-devel is needed by libXrender-devel-0.9.1-3.1.i386
xorg-x11-proto-devel is needed by libXrender-devel-0.9.1-3.1.i386
[root@liunx0918 mnt]# find . -name "libX11-devel*rpm"
./Server/libX11-devel-1.0.3-11.el5.i386.rpm
[root@liunx0918 mnt]# find . -name "xorg-x11-proto-devel*rpm"
./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm
warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
error: Failed dependencies:
libXau-devel is needed by libX11-devel-1.0.3-11.el5.i386
libXdmcp-devel is needed by libX11-devel-1.0.3-11.el5.i386
mesa-libGL-devel is needed by xorg-x11-proto-devel-7.1-13.el5.i386
[root@liunx0918 mnt]# find . -name "libXau-devel*rpm"
./Server/libXau-devel-1.0.1-3.1.i386.rpm
[root@liunx0918 mnt]# find . -name "libXdmcp-devel*rpm"
./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm
[root@liunx0918 mnt]# find . -name "mesa-libGL-devel*rpm"
./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm ./Server/libXau-devel-1.0.1-3.1.i386.rpm ./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm ./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm
warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package cairo-1.2.4-5.el5.i386 is already installed
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm ./Server/libXau-devel-1.0.1-3.1.i386.rpm ./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm ./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm
warning: ./Server/cairo-devel-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:freetype-devel ########################################### [ 10%]
2:fontconfig-devel ########################################### [ 20%]
3:libXau-devel ########################################### [ 30%]
4:libpng-devel ########################################### [ 40%]
5:xorg-x11-proto-devel ########################################### [ 50%]
6:libX11-devel ########################################### [ 60%]
7:libXrender-devel ########################################### [ 70%]
8:cairo-devel ########################################### [ 80%]
9:libXdmcp-devel ########################################### [ 90%]
10:mesa-libGL-devel ########################################### [100%]
[root@liunx0918 mnt]#
2.2. 安装 pango-devel
因为安装 rrdtool 需要。pango是一个文字渲染库。
/view/2941612.htm 写道 Pango(Παν语)是一个开放源代码的自由函数库,用于高质量地渲染国际化的文字。Pango可以使用不同的后端字体,并提供了跨平台支持。
Pango已经被整合到多数Linux发行版中,并在Fedora Core 6被用于Firefox网页浏览器和Thunderbird邮件客户端的文字渲染。虽然在Mozilla的源代码里并没有包含Pango,但Fedora Core得到了Mozilla基金会的特别许可[1]。同样,Debian的Iceweasel、IceDove和IceApe也使用了Pango。
在与Cairo融合后,Pango可以完全进行文字处理和图形渲染。
[root@liunx0918 mnt]# find . -name "pango*rpm"
./Server/pango-1.14.9-6.el5.i386.rpm
./Server/pango-devel-1.14.9-6.el5.i386.rpm
[root@liunx0918 mnt]#
[root@liunx0918 mnt]# rpm -ivh ./Server/pango-1.14.9-6.el5.i386.rpm ./Server/pango-devel-1.14.9-6.el5.i386.rpm
warning: ./Server/pango-1.14.9-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
error: Failed dependencies:
libXext-devel is needed by pango-devel-1.14.9-6.el5.i386
libXft-devel is needed by pango-devel-1.14.9-6.el5.i386
[root@liunx0918 mnt]# find . -name "libXext-devel*rpm"
./Server/libXext-devel-1.0.1-2.1.i386.rpm
[root@liunx0918 mnt]# find . -name "libXft-devel*rpm"
./Server/libXft-devel-2.1.10-1.1.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/pango-1.14.9-6.el5.i386.rpm ./Server/pango-devel-1.14.9-6.el5.i386.rpm ./Server/libXext-devel-1.0.1-2.1.i386.rpm
./Server/libXft-devel-2.1.10-1.1.i386.rpm
warning: ./Server/pango-1.14.9-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package pango-1.14.9-6.el5.i386 is already installed
[root@liunx0918 mnt]# rpm -ivh ./Server/pango-devel-1.14.9-6.el5.i386.rpm ./Server/libXext-devel-1.0.1-2.1.i386.rpm ./Server/libXft-devel-2.1.10-1.1.i386.rpm
warning: ./Server/pango-devel-1.14.9-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:libXft-devel ########################################### [ 33%]
2:libXext-devel ########################################### [ 67%]
3:pango-devel ########################################### [100%]
[root@liunx0918 mnt]#
2.3. 安装 rrdtool
rrdtool是一个环状数据库工具。
/view/1867979.htm 写道 RRDtool是由Tobias Oetiker 编写并由全球各地的许多人贡献的工具。RRDtool是指Round Robin Database 工具(环状数据库)。Round robin是一种处理定量数据、以及当前元素指针的技术。想象一个周边标有点的圆环--这些点就是时间存储的位置。从圆心画一条到圆周的某个点的箭头--这就是指针。就像我们在一个圆环上一样,没有起点和终点,你可以一直往下走下去。过来一段时间,所有可用的位置都会被用过,该循环过程会自动重用原来的位置。这样,数据集不会增大,并且不需要维护。RRDtool处理RRD数据库。它用向RRD数据库存储数据、从RRD数据库中提取数据。
简要安装步骤如下:
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.7.tar.gz
tar zxf rrdtool-1.4.7.tar.gz
cd rrdtool-1.4.7
./configure --prefix=/usr
make && make install
下面是安装过程中的一些输出信息:
[root@liunx0918 rrdtool-1.4.7]# ./configure --prefix=/usr
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for gcc... gcc
省略
----------------------------------------------------------------
Config is DONE!
With MMAP IO: yes
Build rrd_getopt: no
Build rrd_graph: yes
Static programs: no
Perl Modules: perl_piped perl_shared
Perl Binary: /usr/bin/perl
Perl Version: 5.8.8
Perl Options: PREFIX=/usr LIB=/usr/lib/perl/5.8.8
Ruby Modules:
Ruby Binary: no
Ruby Options: sitedir=/usr/lib/ruby
Build Lua Bindings: no
Build Tcl Bindings: no
Build Python Bindings: yes
Build rrdcgi: yes
Build librrd MT: yes
Use gettext: yes
With libDBI: no
With libwrap: yes
Libraries: -lxml2 -lglib-2.0 -lcairo -lcairo -lcairo -lm -lwrap -lcairo -lpng12 -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0
Type 'make' to compile the software and use 'make install' to
install everything to: /usr.
... that wishlist is NO JOKE. If you find RRDtool useful
make me happy. Go to http://tobi.oetiker.ch/wish and
place an order.
-- Tobi Oetiker <tobi@oetiker.ch>
----------------------------------------------------------------
[root@liunx0918 rrdtool-1.4.7]#
2.4. 安装 libpcap-devel
libpcap是一个网络数据包捕获函数库。
/view/1319961.htm 写道 libpcap是unix/linux平台下的网络数据包捕获函数包,
大多数网络监控软件都以它为基础。
Libpcap可以在绝大多数类unix平台下工作.
Libpcap应用程序框架
Libpcap提供了系统独立的用户级别网络数据包捕获接口,并充分考虑到应用程序的可移植性。
安装 ntop 时需要,否则报下面的错:
checking for pcap_lookupdev in -lpcap... no
*** FATAL ERROR ***
It looks that you don't have the libpcap distribution installed.
Download, compile and, optionally, install it.
When finished please re-run this program.
You can download the latest source tarball at /
configure: error: The LBL Packet Capture Library, libpcap, was not found!
下面是安装记录:
[root@liunx0918 mnt]# find . -name "libpcap*rpm"
./Server/libpcap-0.9.4-14.el5.i386.rpm
./Server/libpcap-devel-0.9.4-14.el5.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/libpcap-0.9.4-14.el5.i386.rpm ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm
warning: ./Server/libpcap-0.9.4-14.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package libpcap-0.9.4-14.el5.i386 is already installed
[root@liunx0918 mnt]# rpm -ivh ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm
warning: ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:libpcap-devel ########################################### [100%]
[root@liunx0918 mnt]#
2.5. 安装 GeoIP
GeoIP是一个 ip 对应地理信息的数据库。
/liongg/item/4ba0083e224b620fceb9fe81 写道 所谓GeoIP,就是通过来访者的IP,定位他的经纬度,国家/地区,省市,甚至街道等位置信息。这里面的技术不算难题,关键在于有个精准的数据库。有了准确的数据源就奇货可居赚点小钱,可是发扬合作精神,集体贡献众人享用是我们追求的。
如果不安装 GeoIP,那么在安装 ntop 时报错:
checking for GeoIP_record_by_ipnum in -lGeoIP... no
checking for GeoIP_name_by_ipnum_v6 in -lGeoIP... no
Please install GeoIP (/)
下面是简要安装步骤:
wget /download/geoip/api/c/GeoIP.tar.gz
tar zxf GeoIP.tar.gz
cd GeoIP-1.4.8/
./configure --prefix=/usr
make && make install
下面是详细安装记录:
[root@liunx0918 install]# wget /download/geoip/api/c/GeoIP.tar.gz
---05-28 15:00:14-- /download/geoip/api/c/GeoIP.tar.gz
正在解析主机 ... 174.36.207.186
Connecting to |174.36.207.186|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1074829 (1.0M) [application/octet-stream]
Saving to: `GeoIP.tar.gz'
100%[=============================================================================================================================>] 1,074,829 45.6K/s in 20s
-05-28 15:00:35 (53.4 KB/s) - `GeoIP.tar.gz' saved [1074829/1074829]
[root@liunx0918 install]# tar zxf GeoIP.tar.gz
[root@liunx0918 install]# cd GeoIP-1.4.8/
[root@liunx0918 GeoIP-1.4.8]# ls
aclocal.m4 ChangeLog configure depcomp get_ver.awk ltmain.sh Makefile.vc NEWS READMEwin32static.txt
apps conf configure.in geoip.ico INSTALL Makefile.am Makefile.win32 README READMEwin32.txt
AUTHORS config.guess COPYING GeoIP.spec.in install-sh Makefile.in man README.MinGW test
bootstrap config.sub data GeoIPWinDLL.patch libGeoIP ware missing README.OSX TODO
[root@liunx0918 GeoIP-1.4.8]# ./configure --prefix=/usr
checking for gcc... gcc
checking whether the C compiler works... yes
省略
configure: creating ./config.status
config.status: creating Makefile
config.status: creating GeoIP.spec
config.status: creating libGeoIP/Makefile
config.status: creating apps/Makefile
config.status: creating conf/Makefile
config.status: creating data/Makefile
config.status: creating man/Makefile
config.status: creating test/Makefile
config.status: executing depfiles commands
config.status: executing libtool commands
[root@liunx0918 GeoIP-1.4.8]#
2.6. 安装 ntop
终于到这一步了。下面是安装的简要步骤:
wget "/projects/ntop/files/ntop/Stable/ntop-4.1.0.tar.gz/download"
tar zxf ntop-4.1.0.tar.gz
cd ntop-4.1.0
./autogen.sh
make && make install
下面是安装过程中输出的部分信息:
*******************************************************************
*
* NOTE: ./configure is now complete!
*
* All of the obviously FATAL errors would cause you to
* abort before this point, so while you SHOULD scroll
* back and check for error/warning/note messages,
* you probably will not...
*
++
++ If you like ntop, please do not forget to support its
++ development. See SUPPORT_NTOP.txt for more information.
++
++ Thanks for supporting ntop!
++
*
* NEXT STEP(S):
*
* Building ntop requires GNU Make, so to build ntop, type
* 'make' (or on *BSD and Solaris systems, 'gmake')
*
*******************************************************************
.... autogen.sh done
just type make to compile ntop
************************************************************
************************************************************
WARNING: This install created a directory for the ntop
files and databases:
//usr/local/share/ntop
This directory MUST be owned by the user
which you are going to use to run ntop.
The command you must issue is something like:
chown -R ntop.ntop //usr/local/share/ntop
or chown -R ntop:users //usr/local/share/ntop
man chown to check the syntax for YOUR system
************************************************************
************************************************************
echo "Shall you be using SELinux please run:"
Shall you be using SELinux please run:
echo "make install-selinux-policy"
make install-selinux-policy
3. 运行 ntop
3.1. 运行前的准备工作
网上有些资料说需要添加名为 ntop 的用户,我试了,并不需要。
首先来看一下 ntop 的启动参数:
ntop -u user 就可以指定启动程序执行的用户,否则 ntop是以 nobody 用户来运行的。
ntop -h 写道 [-u <user> | --user <user>] Userid/name to run ntop under (see man page)
一般建议以 ntop 用户来运行 ntop 程序。
下面是创建 ntop 用户的步骤:
useradd -s /sbin/nologin ntop
passwd -l ntop
[root@liunx0918 ~]# useradd -s /sbin/nologin ntop
[root@liunx0918 ~]# passwd -l ntop
Locking password for user ntop.
passwd: Success
[root@liunx0918 ~]#
计划将 ntop 的数据库放在 /var/ntop 目录
[root@liunx0918 ~]# mkdir /var/ntop
[root@liunx0918 ~]# chown -R ntop:ntop /var/ntop
[root@liunx0918 ~]#
检查防火墙设置,放开 3000 端口
先执行 service iptables save
再在 /etc/sysconfig/iptables 中添加一行
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
保存
执行 service iptables restart
[root@liunx0918 ~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@liunx0918 ~]# vi /etc/sysconfig/iptables
修改 /etc/sysconfig/iptables 文件,如上所示。
[root@liunx0918 ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
[root@liunx0918 ~]#
注:直接执行下面的命令不能放开 3000 端口
iptables -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3000 -j ACCEPT
ntop其他重要参数
ntop -h 写道 [-P <path> | --db-file-path <path>] Path for ntop internal database files
[-i <name> | --interface <name>] Interface name or names to monitor
[-d | --daemon] Run ntop in daemon mode
[-L] Do logging via syslog
[--skip-version-check] Skip ntop version check
[-A] Ask admin user password and exit
经过这么长时间的准备工作,我准备用下面的方式来启动 ntop,用以监控第一块网卡上的流量:
ntop -P /var/ntop -i eth0 -u ntop
3.2. 设置 ntop 管理密码
首先得使用 ntop -A 设置管理密码。可以设置得复杂些。
ntop startup - waiting for user response!
Please enter the password for the admin user: Mon May 28 15:07:13 THREADMGMT[t3017280400]: DNSAR(3): Address resolution thread running
Password too short (5 characters or more). Please try again.
ntop startup - waiting for user response!
Please enter the password for the admin user:
Please enter the password again:
Mon May 28 15:07:31 Admin user password has been set
3.3. 运行 ntop
[root@liunx0918 ~]# ntop -P /var/ntop -i eth0 -u ntop -d
Tue Jun 5 09:08:22 NOTE: Interface merge enabled by default
Tue Jun 5 09:08:22 Initializing gdbm databases
Tue Jun 5 09:08:22 Setting administrator password...
Tue Jun 5 09:08:22 Admin password set...
Tue Jun 5 09:08:22 ntop v.4.1.0 (32 bit)
Tue Jun 5 09:08:22 Configured on May 28 15:03:47, built on May 28 15:05:09.
Tue Jun 5 09:08:22 Copyright 1998- by Luca Deri <deri@>
Tue Jun 5 09:08:22 Get the freshest ntop from /
Tue Jun 5 09:08:22 NOTE: ntop is running from 'ntop'
Tue Jun 5 09:08:22 NOTE: (but see warning on man page for the --instance parameter)
Tue Jun 5 09:08:22 NOTE: ntop libraries are in '/usr/local/lib'
Tue Jun 5 09:08:22 Initializing ntop
Tue Jun 5 09:08:22 Checking eth0 for additional devices
Tue Jun 5 09:08:22 Added virtual interface: 'eth0:0'
Tue Jun 5 09:08:22 Resetting traffic statistics for device eth0
Tue Jun 5 09:08:22 Initializing device eth0 (0)
Tue Jun 5 09:08:22 DLT: Device 0 [eth0] is 1, mtu 1514, header 14
Tue Jun 5 09:08:22 Initialized events [mask: 0][path: ]
Tue Jun 5 09:08:22 Initializing gdbm databases
Tue Jun 5 09:08:22 VENDOR: Loading MAC address table.
Tue Jun 5 09:08:22 VENDOR: Checking for MAC address table file
Tue Jun 5 09:08:22 VENDOR: File '/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
Tue Jun 5 09:08:22 VENDOR: ntop continues ok
Tue Jun 5 09:08:22 VENDOR: Checking for MAC address table file
Tue Jun 5 09:08:22 VENDOR: File '/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded
Tue Jun 5 09:08:22 VENDOR: ntop continues ok
Tue Jun 5 09:08:22 Fingerprint: Loading signature file
Tue Jun 5 09:08:22 Fingerprint: Checking for Fingerprint file... file
Tue Jun 5 09:08:22 Fingerprint: Loading file '/usr/local/etc/ntop/etter.finger.os.gz'
Tue Jun 5 09:08:22 Fingerprint: ...loaded 1765 records
Tue Jun 5 09:08:22 INIT: Parent process is exiting (this is normal)
Tue Jun 5 09:08:22 INIT: Bye bye: I'm becoming a daemon...
[root@liunx0918 ~]#
现在就可以通过浏览器来访问了,比如使用 Firefox,网址为:
http://your_server_ip:3000/
4. 安装和使用 ntop 的常见问题
4.1. 我用浏览器访问 http://xxx:3000/ 时没有询问用户名和密码(很多资料上说有),为什么?
在查看网络统计信息时不需要,但点 Admin 里面的配置选项时需要。
4.2. 流量的单位
是 bps, 不是 Bps
4.3. ntop 提供了使用 Google Maps 查看访问者地图,但是不灵。
得先申请一个 Google Maps API Key,下面的资料有介绍:
/guanzhouxuezi/article/details/6070015
/android/maps-api-signup.html
/maps/documentation/android/maps-api-signup
不过,怎么试都不灵。最后,看了一下网页源代码,发现 ntop 使用的 Google Maps v2 的API,现在已经作废不能用了。希望 ntop 尽快推出支持 Google Maps v3 的版本。
5. ntop 相关资料
(1) 百度百科:ntop
/view/6340040.htm
(2) 互动百科:NTOP
/wiki/NTOP
(3) 天下网盟:网管经验 用NTOP精确监控网络流量
/wguan/v13826.html
(4) IT专家网:连载:安装配置NTOP监控Linux网络
/400/8873900.shtml
(5) RHEL 5.4 下安装和使用 ntop 全纪录(就是本文)
/blog/1551505
END.
![[2024年]致敬伟大的教师:感恩教师 传递师德——1200字教师节征文](https://1200zi.500zi.com/uploadfile/img/2024/05/28/f21ae7b59f75382ddd968cbfc4fbac4b.jpg)