Ntop

From Zanecorpwiki

Jump to: navigation, search

Contents

Overview

Ntop is a nice "flow" monitoring tool. Although you can use ntop to see lots of data about flows, it's most often used as a bandwidth monitor.

Unlike other tools, ntop is all about total information (awareness). Ntop tracks everything about everything, down to the individual packets. For this reason, ntop is relatively expensive to run when compared to other solutions which sacrifice granularity for significantly reduced overhead.

But because ntop "just looks at everything", ntop is in it's way much simpler than other solutions. There's no configuration beyond telling ntop which device to monitor and turning it on. You don't need to set up SNMP or muck around with network topology. You just point ntop and pull the trigger.

Setting Up Ntop

As mentioned, there's very little needed to set up ntop. However, ntop does have it's problems and probably chief among them is it's propensity to crash. (At least, in the versions I've seen.)

It used to be that persistent storage was a problem. Without persistent storage, crashes have a huge cost so, even if very unlikely, are intolerable. With crashes guaranteed (which has been my experience), persistence is a fundamental requirement.

You may see talk about hooking ntop into a database, but ignore this. It was never part of ntop and was seems like it was pretty kludgy. Now, ntop creates rotating log files via a plugin. TODO: get name. On my distribution, it came pre-installed and set up so ntop had persistent storage out of the box (openSuse 11.1).

Your mileage with other distros will vary. TODO: how to set up rlog... or whatever it's called.

Still, solving the persistence problem isn't the challenge. You need to get ntop up and running again. On distros with ntop managerial through the init.d protocol, this simple script will check if ntop is running, and if not, start it: 

#!/bin/bash

if ! /etc/init.d/ntop status > /dev/null 2>&1; then
    #ntop must have stopped
    /etc/init.d/ntop start
fi

You can then add the script to your crontab with the line: 

* * * * * /root/ntop_runner.sh

Other solutions along this theme are of course possible.

Securing Access to Ntop

TODO: describe apache proxy.

Ntop Cookbook

Allocate Bandwidth Responsibility

TODO

Send Alert for Usage Spikes

TODO

Track Offenders in Real Time

TODO

Retrieved from "http://www.zanecorp.com/wiki/index.php/Ntop"
Personal tools
NEW CHANGED