RHEL 5.4 下安装和使用 ntop 全纪录(ntop:Linux下可通过Web访问的网络流量监控工具)...
RHEL 5.4 下安裝和使用 ntop 全紀錄
1. ntop介紹
Ntop是一種監控網絡流量工具,用ntop顯示網絡的使用情況比其他一些網絡管理軟件更加直觀、詳細。Ntop甚至可以列出每個節點計算機的網絡帶寬利用率。他是一個靈活的、功能齊全的,用來監控和解決局域網問題的工具;尤其當ntop與nprobe配合使用,其功能更加顯著。它同時提供命令行輸入和web頁面,可應用于嵌入式web服務。
http://www.linuxidc.com/Linux/2012-05/59659.htm 寫道 NTOP主要提供以下一些功能:◆ 自動從網絡中識別有用的信息;
◆ 將截獲的數據包轉換成易于識別的格式;
◆ 對網絡環境中通信失敗的情況進行分析;
◆ 探測網絡環境中的通信瓶頸;
◆ 記錄網絡通信的時間和過程。
◆ 自動識別客戶端正在使用的操作系統;
◆ 可以在命令行和Web兩種方式運行。
它可以通過分析網絡流量來確定網絡上存在的各種問題;也可以用來判斷是否有黑客正在攻擊網絡系統;還可以很方便地顯示出特定的網絡協議、占用大量帶寬的主機、各次通信的目標主機、數據包的發送時間、傳遞數據包的延時等詳細信息。通過了解這些信息,網管員可以對故障做出及時的響應,對網絡進行相應的優化調 整,以保證網絡運行的效率和安全。 ? http://www.linuxidc.com/Linux/2011-08/40783.htm 寫道 ntop 4.1 發布了,這是一個維護版本,刪除了一些過時的代碼和協議,增加 Facebook 和 Twitter 支持,降低了內存占用,提升了穩定性。
跟 top 監視系統活動狀況相似,ntop 是一個用來實時監視網絡使用情況的工具。由于 ntop 具有 Web 界面模式,因此無論是配置還是使用都很容易在短時間之內快速上手。
?
2. ntop安裝
2.1. 安裝 cairo-devel
因為安裝 rrdtool 需要。cairo,埃及首都開羅,向量圖形繪圖庫。
http://www.oschina.net/p/cairo/ 寫道 在資訊領域中,cairo 是一個讓用于提供向量圖形繪圖的免費函式庫,Cairo 提供在多個背景下做 2-D 的繪圖,進階的更可以使用硬件加速功能。雖然 Cairo 是使用C語言撰寫的,但是當使用 Cairo 時,可以用許多其他種語言來使用,包括有 C++、C#、Java、Python、Perl、Ruby、Scheme、Smalltalk 以及許多種語言,Cairo 在 GPL 與 Mozilla Public License 兩個認證下發行。 ?
先將光盤mount到/mnt。
[root@liunx0918 ~]# mount /dev/cdrom /mnt
[root@liunx0918 ~]# cd /mnt
[root@liunx0918 mnt]# ls
Cluster??????????????? RELEASE-NOTES-de.html? RELEASE-NOTES-ml.html???? RELEASE-NOTES-U4-de.html? RELEASE-NOTES-U4-ml.html???? RELEASE-NOTES-zh_CN.html
ClusterStorage???????? RELEASE-NOTES-en?????? RELEASE-NOTES-mr.html???? RELEASE-NOTES-U4-en?????? RELEASE-NOTES-U4-mr.html???? RELEASE-NOTES-zh_TW.html
EULA?????????????????? RELEASE-NOTES-en.html? RELEASE-NOTES-or.html???? RELEASE-NOTES-U4-en.html? RELEASE-NOTES-U4-or.html???? RPM-GPG-KEY-redhat-beta
eula.en_US???????????? RELEASE-NOTES-es.html? RELEASE-NOTES-pa.html???? RELEASE-NOTES-U4-es.html? RELEASE-NOTES-U4-pa.html???? RPM-GPG-KEY-redhat-release
GPL??????????????????? RELEASE-NOTES-fr.html? RELEASE-NOTES-pt_BR.html? RELEASE-NOTES-U4-fr.html? RELEASE-NOTES-U4-pt_BR.html? Server
images???????????????? RELEASE-NOTES-gu.html? RELEASE-NOTES-ru.html???? RELEASE-NOTES-U4-gu.html? RELEASE-NOTES-U4-ru.html???? TRANS.TBL
isolinux?????????????? RELEASE-NOTES-hi.html? RELEASE-NOTES-si.html???? RELEASE-NOTES-U4-hi.html? RELEASE-NOTES-U4-si.html???? VT
README-en????????????? RELEASE-NOTES-it.html? RELEASE-NOTES-ta.html???? RELEASE-NOTES-U4-it.html? RELEASE-NOTES-U4-ta.html
README-en.html???????? RELEASE-NOTES-ja.html? RELEASE-NOTES-te.html???? RELEASE-NOTES-U4-ja.html? RELEASE-NOTES-U4-te.html
RELEASE-NOTES-as.html? RELEASE-NOTES-kn.html? RELEASE-NOTES-U4-as.html? RELEASE-NOTES-U4-kn.html? RELEASE-NOTES-U4-zh_CN.html
RELEASE-NOTES-bn.html? RELEASE-NOTES-ko.html? RELEASE-NOTES-U4-bn.html? RELEASE-NOTES-U4-ko.html? RELEASE-NOTES-U4-zh_TW.html
[root@liunx0918 mnt]# find . -name "cairo*rpm"
./Server/cairo-1.2.4-5.el5.i386.rpm
./Server/cairo-devel-1.2.4-5.el5.i386.rpm
./Server/cairo-java-1.0.5-3.fc6.i386.rpm
./Server/cairo-java-devel-1.0.5-3.fc6.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm
warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
error: Failed dependencies:
??????? fontconfig-devel >= 2.0 is needed by cairo-devel-1.2.4-5.el5.i386
??????? freetype-devel >= 2.1.3-3 is needed by cairo-devel-1.2.4-5.el5.i386
??????? libXrender-devel is needed by cairo-devel-1.2.4-5.el5.i386
??????? libpng-devel is needed by cairo-devel-1.2.4-5.el5.i386
依賴的rpm包還真多!
[root@liunx0918 mnt]# find . -name "fontconfig-devel*rpm"
./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm
[root@liunx0918 mnt]# find . -name "freetype-devel*rpm"
./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm
[root@liunx0918 mnt]# find . -name "libXrender-devel*rpm"
./Server/libXrender-devel-0.9.1-3.1.i386.rpm
[root@liunx0918 mnt]# find . -name "libpng-devel*rpm"
./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm
warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
error: Failed dependencies:
??????? libX11-devel is needed by libXrender-devel-0.9.1-3.1.i386
??????? xorg-x11-proto-devel is needed by libXrender-devel-0.9.1-3.1.i386
[root@liunx0918 mnt]# find . -name "libX11-devel*rpm"
./Server/libX11-devel-1.0.3-11.el5.i386.rpm
[root@liunx0918 mnt]# find . -name "xorg-x11-proto-devel*rpm"
./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm
warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
error: Failed dependencies:
??????? libXau-devel is needed by libX11-devel-1.0.3-11.el5.i386
??????? libXdmcp-devel is needed by libX11-devel-1.0.3-11.el5.i386
??????? mesa-libGL-devel is needed by xorg-x11-proto-devel-7.1-13.el5.i386
[root@liunx0918 mnt]# find . -name "libXau-devel*rpm"
./Server/libXau-devel-1.0.1-3.1.i386.rpm
[root@liunx0918 mnt]# find . -name "libXdmcp-devel*rpm"
./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm
[root@liunx0918 mnt]# find . -name "mesa-libGL-devel*rpm"
./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm ./Server/libXau-devel-1.0.1-3.1.i386.rpm ./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm ./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm
warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...??????????????? ########################################### [100%]
??????? package cairo-1.2.4-5.el5.i386 is already installed
[root@liunx0918 mnt]# rpm -ivh ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm ./Server/libXau-devel-1.0.1-3.1.i386.rpm ./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm ./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm ?????????
? warning: ./Server/cairo-devel-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...??????????????? ########################################### [100%]
?? 1:freetype-devel???????? ########################################### [ 10%]
?? 2:fontconfig-devel?????? ########################################### [ 20%]
?? 3:libXau-devel?????????? ########################################### [ 30%]
?? 4:libpng-devel?????????? ########################################### [ 40%]
?? 5:xorg-x11-proto-devel?? ########################################### [ 50%]
?? 6:libX11-devel?????????? ########################################### [ 60%]
?? 7:libXrender-devel?????? ########################################### [ 70%]
?? 8:cairo-devel??????????? ########################################### [ 80%]
?? 9:libXdmcp-devel???????? ########################################### [ 90%]
? 10:mesa-libGL-devel?????? ########################################### [100%]
[root@liunx0918 mnt]#
?
2.2. 安裝 pango-devel
因為安裝 rrdtool 需要。pango是一個文字渲染庫。
http://baike.baidu.com/view/2941612.htm 寫道 Pango(Παν語)是一個開放源代碼的自由函數庫,用于高質量地渲染國際化的文字。Pango可以使用不同的后端字體,并提供了跨平臺支持。Pango已經被整合到多數Linux發行版中,并在Fedora Core 6被用于Firefox網頁瀏覽器和Thunderbird郵件客戶端的文字渲染。雖然在Mozilla的源代碼里并沒有包含Pango,但Fedora Core得到了Mozilla基金會的特別許可[1]。同樣,Debian的Iceweasel、IceDove和IceApe也使用了Pango。
在與Cairo融合后,Pango可以完全進行文字處理和圖形渲染。
?
[root@liunx0918 mnt]# find . -name "pango*rpm"
./Server/pango-1.14.9-6.el5.i386.rpm
./Server/pango-devel-1.14.9-6.el5.i386.rpm
[root@liunx0918 mnt]#
[root@liunx0918 mnt]# rpm -ivh ./Server/pango-1.14.9-6.el5.i386.rpm ./Server/pango-devel-1.14.9-6.el5.i386.rpm
warning: ./Server/pango-1.14.9-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
error: Failed dependencies:
??????? libXext-devel is needed by pango-devel-1.14.9-6.el5.i386
??????? libXft-devel is needed by pango-devel-1.14.9-6.el5.i386
[root@liunx0918 mnt]# find . -name "libXext-devel*rpm"
./Server/libXext-devel-1.0.1-2.1.i386.rpm
[root@liunx0918 mnt]# find . -name "libXft-devel*rpm"
./Server/libXft-devel-2.1.10-1.1.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/pango-1.14.9-6.el5.i386.rpm ./Server/pango-devel-1.14.9-6.el5.i386.rpm ./Server/libXext-devel-1.0.1-2.1.i386.rpm
./Server/libXft-devel-2.1.10-1.1.i386.rpm
warning: ./Server/pango-1.14.9-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...??????????????? ########################################### [100%]
??????? package pango-1.14.9-6.el5.i386 is already installed
[root@liunx0918 mnt]# rpm -ivh ./Server/pango-devel-1.14.9-6.el5.i386.rpm ./Server/libXext-devel-1.0.1-2.1.i386.rpm ./Server/libXft-devel-2.1.10-1.1.i386.rpm?????????
warning: ./Server/pango-devel-1.14.9-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...??????????????? ########################################### [100%]
?? 1:libXft-devel?????????? ########################################### [ 33%]
?? 2:libXext-devel????????? ########################################### [ 67%]
?? 3:pango-devel??????????? ########################################### [100%]
[root@liunx0918 mnt]#
?
2.3. 安裝 rrdtool
rrdtool是一個環狀數據庫工具。
http://baike.baidu.com/view/1867979.htm 寫道 RRDtool是由Tobias Oetiker 編寫并由全球各地的許多人貢獻的工具。RRDtool是指Round Robin Database 工具(環狀數據庫)。Round robin是一種處理定量數據、以及當前元素指針的技術。想象一個周邊標有點的圓環--這些點就是時間存儲的位置。從圓心畫一條到圓周的某個點的箭頭--這就是指針。就像我們在一個圓環上一樣,沒有起點和終點,你可以一直往下走下去。過來一段時間,所有可用的位置都會被用過,該循環過程會自動重用原來的位置。這樣,數據集不會增大,并且不需要維護。RRDtool處理RRD數據庫。它用向RRD數據庫存儲數據、從RRD數據庫中提取數據。?
簡要安裝步驟如下:
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.7.tar.gz
tar zxf rrdtool-1.4.7.tar.gz
cd rrdtool-1.4.7
./configure --prefix=/usr
make && make install
下面是安裝過程中的一些輸出信息:
[root@liunx0918 rrdtool-1.4.7]# ./configure --prefix=/usr
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for gcc... gcc
省略
----------------------------------------------------------------
Config is DONE!
????????? With MMAP IO: yes
????? Build rrd_getopt: no
?????? Build rrd_graph: yes
?????? Static programs: no
????????? Perl Modules: perl_piped perl_shared
?????????? Perl Binary: /usr/bin/perl
????????? Perl Version: 5.8.8
????????? Perl Options: PREFIX=/usr LIB=/usr/lib/perl/5.8.8
????????? Ruby Modules:
?????????? Ruby Binary: no
????????? Ruby Options: sitedir=/usr/lib/ruby
??? Build Lua Bindings: no
??? Build Tcl Bindings: no
?Build Python Bindings: yes
????????? Build rrdcgi: yes
?????? Build librrd MT: yes
?????????? Use gettext: yes
?????????? With libDBI: no
????????? With libwrap: yes
???????????? Libraries: -lxml2 -lglib-2.0 -lcairo -lcairo -lcairo -lm? -lwrap -lcairo -lpng12?? -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0?
Type 'make' to compile the software and use 'make install' to
install everything to: /usr.
?????? ... that wishlist is NO JOKE. If you find RRDtool useful
make me happy. Go to http://tobi.oetiker.ch/wish and
place an order.
?????????????????????????????? -- Tobi Oetiker <tobi@oetiker.ch>
----------------------------------------------------------------
[root@liunx0918 rrdtool-1.4.7]#
?
?
2.4. 安裝 libpcap-devel
libpcap是一個網絡數據包捕獲函數庫。
http://baike.baidu.com/view/1319961.htm 寫道 libpcap是unix/linux平臺下的網絡數據包捕獲函數包,大多數網絡監控軟件都以它為基礎。
Libpcap可以在絕大多數類unix平臺下工作.
Libpcap應用程序框架
Libpcap提供了系統獨立的用戶級別網絡數據包捕獲接口,并充分考慮到應用程序的可移植性。 ?
安裝 ntop 時需要,否則報下面的錯:
checking for pcap_lookupdev in -lpcap... no
???????????? *** FATAL ERROR ***????????????
?It looks that you don't have the libpcap distribution installed.
?Download, compile and, optionally, install it.
?When finished please re-run this program.
?You can download the latest source tarball at http://www.tcpdump.org/
configure: error:? The LBL Packet Capture Library, libpcap, was not found!
下面是安裝記錄:
[root@liunx0918 mnt]# find . -name "libpcap*rpm"
./Server/libpcap-0.9.4-14.el5.i386.rpm
./Server/libpcap-devel-0.9.4-14.el5.i386.rpm
[root@liunx0918 mnt]# rpm -ivh ./Server/libpcap-0.9.4-14.el5.i386.rpm ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm
warning: ./Server/libpcap-0.9.4-14.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...??????????????? ########################################### [100%]
??????? package libpcap-0.9.4-14.el5.i386 is already installed
[root@liunx0918 mnt]# rpm -ivh ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm ??????????????????????????????????????
warning: ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...??????????????? ########################################### [100%]
?? 1:libpcap-devel????????? ########################################### [100%]
[root@liunx0918 mnt]#
?
?
2.5. 安裝 GeoIP
GeoIP是一個 ip 對應地理信息的數據庫。
http://hi.baidu.com/liongg/item/4ba0083e224b620fceb9fe81 寫道 所謂GeoIP,就是通過來訪者的IP,定位他的經緯度,國家/地區,省市,甚至街道等位置信息。這里面的技術不算難題,關鍵在于有個精準的數據庫。有了準確的數據源就奇貨可居賺點小錢,可是發揚合作精神,集體貢獻眾人享用是我們追求的。 ?如果不安裝 GeoIP,那么在安裝 ntop 時報錯:
checking for GeoIP_record_by_ipnum in -lGeoIP... no
checking for GeoIP_name_by_ipnum_v6 in -lGeoIP... no
Please install GeoIP (http://www.maxmind.com/)
?
下面是簡要安裝步驟:
wget http://www.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
tar zxf GeoIP.tar.gz
cd GeoIP-1.4.8/
./configure --prefix=/usr
make && make install
?
下面是詳細安裝記錄:
[root@liunx0918 install]# wget http://www.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
--2012-05-28 15:00:14--? http://www.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
正在解析主機 www.maxmind.com... 174.36.207.186
Connecting to www.maxmind.com|174.36.207.186|:80... 已連接。
已發出 HTTP 請求,正在等待回應... 200 OK
長度:1074829 (1.0M) [application/octet-stream]
Saving to: `GeoIP.tar.gz'
100%[=============================================================================================================================>] 1,074,829?? 45.6K/s?? in 20s????
2012-05-28 15:00:35 (53.4 KB/s) - `GeoIP.tar.gz' saved [1074829/1074829]
[root@liunx0918 install]# tar zxf GeoIP.tar.gz
[root@liunx0918 install]# cd GeoIP-1.4.8/
[root@liunx0918 GeoIP-1.4.8]# ls
aclocal.m4? ChangeLog???? configure???? depcomp??????????? get_ver.awk? ltmain.sh???????? Makefile.vc???? NEWS????????? READMEwin32static.txt
apps??????? conf????????? configure.in? geoip.ico????????? INSTALL????? Makefile.am?????? Makefile.win32? README??????? READMEwin32.txt
AUTHORS???? config.guess? COPYING?????? GeoIP.spec.in????? install-sh?? Makefile.in?????? man???????????? README.MinGW? test
bootstrap?? config.sub??? data????????? GeoIPWinDLL.patch? libGeoIP???? Makefile.netware? missing???????? README.OSX??? TODO
[root@liunx0918 GeoIP-1.4.8]# ./configure --prefix=/usr
checking for gcc... gcc
checking whether the C compiler works... yes
省略
configure: creating ./config.status
config.status: creating Makefile
config.status: creating GeoIP.spec
config.status: creating libGeoIP/Makefile
config.status: creating apps/Makefile
config.status: creating conf/Makefile
config.status: creating data/Makefile
config.status: creating man/Makefile
config.status: creating test/Makefile
config.status: executing depfiles commands
config.status: executing libtool commands
[root@liunx0918 GeoIP-1.4.8]#
?
2.6. 安裝 ntop
終于到這一步了。下面是安裝的簡要步驟:
wget "http://sourceforge.net/projects/ntop/files/ntop/Stable/ntop-4.1.0.tar.gz/download"
tar zxf ntop-4.1.0.tar.gz
cd ntop-4.1.0
./autogen.sh
make && make install
?
下面是安裝過程中輸出的部分信息:
*******************************************************************
*
* NOTE: ./configure is now complete!
*
*?????? All of the obviously FATAL errors would cause you to
*?????? abort before this point, so while you SHOULD scroll
*?????? back and check for error/warning/note messages,
*?????? you probably will not...
*
++
++??? If you like ntop, please do not forget to support its
++??? development. See SUPPORT_NTOP.txt for more information.
++
++????????????? Thanks for supporting ntop!
++
*
* NEXT STEP(S):
*
*??? Building ntop requires GNU Make, so to build ntop, type
*??? 'make' (or on *BSD and Solaris systems, 'gmake')
*
*******************************************************************
??????? .... autogen.sh done
just type make to compile ntop
************************************************************
************************************************************
? WARNING: This install created a directory for the ntop
?????????? files and databases:
???????????? //usr/local/share/ntop
?????????? This directory MUST be owned by the user
?????????? which you are going to use to run ntop.
?????????? The command you must issue is something like:
?????????? chown -R ntop.ntop //usr/local/share/ntop
???? or??? chown -R ntop:users //usr/local/share/ntop
?????????? man chown to check the syntax for YOUR system
************************************************************
************************************************************
echo "Shall you be using SELinux please run:"
Shall you be using SELinux please run:
echo "make install-selinux-policy"
make install-selinux-policy
?
3. 運行 ntop
3.1. 運行前的準備工作
網上有些資料說需要添加名為 ntop 的用戶,我試了,并不需要。
首先來看一下 ntop 的啟動參數:
ntop -u user 就可以指定啟動程序執行的用戶,否則 ntop是以 nobody 用戶來運行的。
?
一般建議以 ntop 用戶來運行 ntop 程序。
下面是創建 ntop 用戶的步驟:
useradd -s /sbin/nologin ntop
passwd -l ntop
[root@liunx0918 ~]# useradd -s /sbin/nologin ntop
[root@liunx0918 ~]# passwd -l ntop
Locking password for user ntop.
passwd: Success
[root@liunx0918 ~]#
計劃將 ntop 的數據庫放在 /var/ntop 目錄
[root@liunx0918 ~]# mkdir /var/ntop
[root@liunx0918 ~]# chown -R ntop:ntop /var/ntop
[root@liunx0918 ~]#
檢查防火墻設置,放開 3000 端口
先執行 service iptables save
再在 /etc/sysconfig/iptables 中添加一行
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
保存
執行 service iptables restart
[root@liunx0918 ~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables:????????? [? OK? ]
[root@liunx0918 ~]# vi /etc/sysconfig/iptables
修改 /etc/sysconfig/iptables 文件,如上所示。
[root@liunx0918 ~]# service iptables restart
Flushing firewall rules:?????????????????????????????????? [? OK? ]
Setting chains to policy ACCEPT: filter??????????????????? [? OK? ]
Unloading iptables modules:??????????????????????????????? [? OK? ]
Applying iptables firewall rules:????????????????????????? [? OK? ]
Loading additional iptables modules: ip_conntrack_netbios_n[? OK? ]
[root@liunx0918 ~]#
注:直接執行下面的命令不能放開 3000 端口
iptables -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3000 -j ACCEPT
ntop其他重要參數
[-i <name> | --interface <name>] Interface name or names to monitor
[-d | --daemon] Run ntop in daemon mode
[-L] Do logging via syslog
[--skip-version-check] Skip ntop version check
[-A] Ask admin user password and exit ?
經過這么長時間的準備工作,我準備用下面的方式來啟動 ntop,用以監控第一塊網卡上的流量:
ntop -P /var/ntop -i eth0 -u ntop
?
3.2. 設置 ntop 管理密碼
首先得使用 ntop -A 設置管理密碼。可以設置得復雜些。
?
ntop startup - waiting for user response!
Please enter the password for the admin user: Mon May 28 15:07:13 2012? THREADMGMT[t3017280400]: DNSAR(3): Address resolution thread running
Password too short (5 characters or more). Please try again.
ntop startup - waiting for user response!
Please enter the password for the admin user:
Please enter the password again:
Mon May 28 15:07:31 2012? Admin user password has been set
?
3.3. 運行 ntop
[root@liunx0918 ~]# ntop -P /var/ntop -i eth0 -u ntop -d
Tue Jun? 5 09:08:22 2012? NOTE: Interface merge enabled by default
Tue Jun? 5 09:08:22 2012? Initializing gdbm databases
Tue Jun? 5 09:08:22 2012? Setting administrator password...
Tue Jun? 5 09:08:22 2012? Admin password set...
Tue Jun? 5 09:08:22 2012? ntop v.4.1.0 (32 bit)
Tue Jun? 5 09:08:22 2012? Configured on May 28 2012 15:03:47, built on May 28 2012 15:05:09.
Tue Jun? 5 09:08:22 2012? Copyright 1998-2011 by Luca Deri <deri@ntop.org>
Tue Jun? 5 09:08:22 2012? Get the freshest ntop from http://www.ntop.org/
Tue Jun? 5 09:08:22 2012? NOTE: ntop is running from 'ntop'
Tue Jun? 5 09:08:22 2012? NOTE: (but see warning on man page for the --instance parameter)
Tue Jun? 5 09:08:22 2012? NOTE: ntop libraries are in '/usr/local/lib'
Tue Jun? 5 09:08:22 2012? Initializing ntop
Tue Jun? 5 09:08:22 2012? Checking eth0 for additional devices
Tue Jun? 5 09:08:22 2012? Added virtual interface: 'eth0:0'
Tue Jun? 5 09:08:22 2012? Resetting traffic statistics for device eth0
Tue Jun? 5 09:08:22 2012? Initializing device eth0 (0)
Tue Jun? 5 09:08:22 2012? DLT: Device 0 [eth0] is 1, mtu 1514, header 14
Tue Jun? 5 09:08:22 2012? Initialized events [mask: 0][path: ]
Tue Jun? 5 09:08:22 2012? Initializing gdbm databases
Tue Jun? 5 09:08:22 2012? VENDOR: Loading MAC address table.
Tue Jun? 5 09:08:22 2012? VENDOR: Checking for MAC address table file
Tue Jun? 5 09:08:22 2012? VENDOR: File '/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
Tue Jun? 5 09:08:22 2012? VENDOR: ntop continues ok
Tue Jun? 5 09:08:22 2012? VENDOR: Checking for MAC address table file
Tue Jun? 5 09:08:22 2012? VENDOR: File '/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded
Tue Jun? 5 09:08:22 2012? VENDOR: ntop continues ok
Tue Jun? 5 09:08:22 2012? Fingerprint: Loading signature file
Tue Jun? 5 09:08:22 2012? Fingerprint: Checking for Fingerprint file... file
Tue Jun? 5 09:08:22 2012? Fingerprint: Loading file '/usr/local/etc/ntop/etter.finger.os.gz'
Tue Jun? 5 09:08:22 2012? Fingerprint: ...loaded 1765 records
Tue Jun? 5 09:08:22 2012? INIT: Parent process is exiting (this is normal)
Tue Jun? 5 09:08:22 2012? INIT: Bye bye: I'm becoming a daemon...
[root@liunx0918 ~]#
?
現在就可以通過瀏覽器來訪問了,比如使用 Firefox,網址為:
http://your_server_ip:3000/
?
4. 安裝和使用 ntop 的常見問題
4.1. 我用瀏覽器訪問 http://xxx:3000/ 時沒有詢問用戶名和密碼(很多資料上說有),為什么?
在查看網絡統計信息時不需要,但點 Admin 里面的配置選項時需要。
?
4.2. 流量的單位
是 bps, 不是 Bps
?
4.3. ntop 提供了使用 Google Maps 查看訪問者地圖,但是不靈。
得先申請一個 Google Maps API Key,下面的資料有介紹:
http://blog.csdn.net/guanzhouxuezi/article/details/6070015
http://code.google.com/android/maps-api-signup.html
https://developers.google.com/maps/documentation/android/maps-api-signup
不過,怎么試都不靈。最后,看了一下網頁源代碼,發現 ntop 使用的 Google Maps v2 的API,現在已經作廢不能用了。希望 ntop 盡快推出支持 Google Maps v3 的版本。
5. ntop 相關資料
(1) 百度百科:ntop
http://baike.baidu.com/view/6340040.htm
(2) 互動百科:NTOP
http://www.hudong.com/wiki/NTOP
(3) 天下網盟:網管經驗 用NTOP精確監控網絡流量
http://netbar.txwm.com/wguan/v13826.html
(4) IT專家網:連載:安裝配置NTOP監控Linux網絡
http://linux.ctocio.com.cn/400/8873900.shtml
(5) RHEL 5.4 下安裝和使用 ntop 全紀錄(就是本文)
http://codingstandards.iteye.com/blog/1551505
?
END.
?
?
?
總結
以上是生活随笔為你收集整理的RHEL 5.4 下安装和使用 ntop 全纪录(ntop:Linux下可通过Web访问的网络流量监控工具)...的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 格式工厂 – 万能视频/音频/图片多媒体
- 下一篇: java 线程管理_Java提供的线程池