I've been using Cacti (CactiEZ release 0.6 to be accurate, so the OS is a CentOS 4) for some time now, and everything works fine.
But, then I wished to install Ntop on it so I could have a better view of my network traffic.
Then came trouble.
I can't connect to Ntop at SERVERIP:3000 after installing it, thought I didn't configure anything yet.
This is what I did :
- Configure my virtual Cacti ok (shouldn't be of any problem).
- As per http://www.howtoforge.com/network_monitoring_with_ntop , install G-Lib and Ntop via Rpms (rpm -ivh glib-1.2.10-16.i386.rpm and rpm -ivh ntop-3.3.8-2.el4.rf.i386.rpm)
- ran the command "ntop" to first initialize it. An admin password is asked and typed.
Then, this is what I get when I run "service ntop start" :
/var/ntop exists and isn't empty.Starting ntop: Processing file /etc/ntop.conf for parameters...
Wed Oct 20 14:23:28 2010 NOTE: Interface merge enabled by default
Wed Oct 20 14:23:28 2010 Initializing gdbm databases
FATAL ERROR: Unrecognized/unprocessed ntop options...
, --user ntop, , --db-file-path /var/ntop, , , , --use-syslog, , , , , , ,
run ntop --help for usage information
Common problems:
-B "filter expressions" (quotes are required)
--use-syslog=facilty (the = is required)
[60G[[0;31mFAILED[0;39m]
User ntop is not created via install and does not exists, so I decided to launch it as the root user.
Running ntop -i eth0 -u root -w 3000 give me this :
Then, try to connect to 192.168.x.x:3000, but nothing shows up.Wed Oct 20 14:21:20 2010 NOTE: Interface merge enabled by default
Wed Oct 20 14:21:20 2010 Initializing gdbm databases
Wed Oct 20 14:21:20 2010 ntop v.3.3.8 (Dag Apt RPM Repository)
Wed Oct 20 14:21:20 2010 Configured on Jul 12 2009 3:36:02, built on Jul 12 2009 03:36:23.
Wed Oct 20 14:21:20 2010 Copyright 1998-2007 by Luca Deri <deri@ntop.org>
Wed Oct 20 14:21:20 2010 Get the freshest ntop from http://www.ntop.org/
Wed Oct 20 14:21:20 2010 NOTE: ntop is running from 'ntop'
Wed Oct 20 14:21:20 2010 NOTE: (but see warning on man page for the --instance parameter)
Wed Oct 20 14:21:20 2010 NOTE: ntop libraries are in '/usr/lib'
Wed Oct 20 14:21:20 2010 Initializing ntop
Wed Oct 20 14:21:20 2010 Checking eth0 for additional devices
Wed Oct 20 14:21:20 2010 Resetting traffic statistics for device eth0
Wed Oct 20 14:21:20 2010 Initializing device eth0 (0)
Wed Oct 20 14:21:20 2010 DLT: Device 0 [eth0] is 1, mtu 1514, header 14
Wed Oct 20 14:21:20 2010 Initializing gdbm databases
Wed Oct 20 14:21:20 2010 VENDOR: Loading MAC address table.
Wed Oct 20 14:21:20 2010 VENDOR: Checking for MAC address table file
Wed Oct 20 14:21:20 2010 VENDOR: File '/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
Wed Oct 20 14:21:20 2010 VENDOR: ntop continues ok
Wed Oct 20 14:21:20 2010 VENDOR: Checking for MAC address table file
Wed Oct 20 14:21:20 2010 VENDOR: File '/etc/ntop/oui.txt.gz' does not need to be reloaded
Wed Oct 20 14:21:20 2010 VENDOR: ntop continues ok
Wed Oct 20 14:21:20 2010 Fingerprint: Loading signature file
Wed Oct 20 14:21:20 2010 Fingerprint: Checking for Fingerprint file... file
Wed Oct 20 14:21:20 2010 Fingerprint: Loading file '/etc/ntop/etter.finger.os.gz'
Wed Oct 20 14:21:20 2010 Fingerprint: ...loaded 0 records
Wed Oct 20 14:21:20 2010 ASN: Checking for Autonomous System Number table file
Wed Oct 20 14:21:20 2010 **WARNING** ASN: Unable to open file 'AS-list.txt'
Wed Oct 20 14:21:20 2010 IP2CC: Checking for IP address <-> Country Code mapping file
Wed Oct 20 14:21:20 2010 IP2CC: Loading file '/etc/ntop/p2c.opt.table.gz'
Wed Oct 20 14:21:20 2010 IP2CC: ...found 52395 lines
Wed Oct 20 14:21:20 2010 Database support not compiled into ntop
Wed Oct 20 14:21:20 2010 Initializing external applications
Wed Oct 20 14:21:20 2010 THREADMGMT[t3057810336]: SFP: Started thread for fingerprinting
Wed Oct 20 14:21:20 2010 THREADMGMT[t3047320480]: SIH: Started thread for idle hosts detection
Wed Oct 20 14:21:20 2010 THREADMGMT[t3036830624]: DNSAR(1): Started thread for DNS address resolution
Wed Oct 20 14:21:20 2010 THREADMGMT[t3026340768]: DNSAR(2): Started thread for DNS address resolution
Wed Oct 20 14:21:20 2010 THREADMGMT[t3015850912]: DNSAR(3): Started thread for DNS address resolution
Wed Oct 20 14:21:20 2010 Calling plugin start functions (if any)
Wed Oct 20 14:21:20 2010 THREADMGMT[t3057810336]: SFP: Fingerprint scan thread starting [p5409]
Wed Oct 20 14:21:20 2010 THREADMGMT[t3047320480]: SIH: Idle host scan thread starting [p5409]
Wed Oct 20 14:21:20 2010 THREADMGMT[t3036830624]: DNSAR(1): Address resolution thread running
Wed Oct 20 14:21:20 2010 THREADMGMT[t3026340768]: DNSAR(2): Address resolution thread running
Wed Oct 20 14:21:20 2010 THREADMGMT[t3015850912]: DNSAR(3): Address resolution thread running
Wed Oct 20 14:21:20 2010 SSL is present but https is disabled: use -W <https port> for enabling it
Wed Oct 20 14:21:20 2010 INITWEB: Initializing web server
Wed Oct 20 14:21:20 2010 INITWEB: Initializing TCP/IP socket connections for web server
Wed Oct 20 14:21:20 2010 INITWEB: Initialized socket, port 3000, address (any)
Wed Oct 20 14:21:20 2010 INITWEB: Waiting for HTTP connections on port 3000
Wed Oct 20 14:21:20 2010 INITWEB: Starting web server
Wed Oct 20 14:21:20 2010 THREADMGMT[t3005361056]: INITWEB: Started thread for web server
Wed Oct 20 14:21:20 2010 Listening on [eth0]
Wed Oct 20 14:21:20 2010 Loading Plugins
Wed Oct 20 14:21:20 2010 THREADMGMT[t3005361056]: WEB: Server connection thread starting [p5409]
Wed Oct 20 14:21:20 2010 Note: SIGPIPE handler set (ignore)
Wed Oct 20 14:21:20 2010 THREADMGMT[t3005361056]: WEB: Server connection thread running [p5409]
Wed Oct 20 14:21:20 2010 WEB: ntop's web server is now processing requests
Wed Oct 20 14:21:20 2010 Searching for plugins in /usr/lib/ntop/plugins
Wed Oct 20 14:21:20 2010 SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
Wed Oct 20 14:21:20 2010 ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri
Wed Oct 20 14:21:20 2010 LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni
Wed Oct 20 14:21:20 2010 CPACKET: Welcome to cPacket.(C) 2008 by Luca Deri
Wed Oct 20 14:21:20 2010 Remote: Welcome to Remote. (C) 2006-07 by L.Deri
Wed Oct 20 14:21:20 2010 RRD: Welcome to Round-Robin Databases. (C) 2002-07 by Luca Deri.
Wed Oct 20 14:21:20 2010 NETFLOW: Welcome to NetFlow.(C) 2002-08 by Luca Deri
Wed Oct 20 14:21:20 2010 PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock
Wed Oct 20 14:21:20 2010 Calling plugin start functions (if any)
Wed Oct 20 14:21:20 2010 RRD: Welcome to the RRD plugin
Wed Oct 20 14:21:20 2010 RRD: Mask for new directories is 0700
Wed Oct 20 14:21:20 2010 RRD: Mask for new files is 0066
Wed Oct 20 14:21:20 2010 RRD_DEBUG: Parameters:
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpInterval 300 seconds
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpShortInterval 10 seconds
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpHours 72 hours by 300 seconds
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpDays 90 days by hour
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpMonths 36 months by day
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpDomains no
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpFlows no
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpSubnets no
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpHosts no
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpInterfaces yes
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpASs no
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpMatrix no
Wed Oct 20 14:21:20 2010 RRD_DEBUG: dumpDetail medium
Wed Oct 20 14:21:20 2010 RRD_DEBUG: hostsFilter
Wed Oct 20 14:21:20 2010 RRD_DEBUG: rrdPath /var/ntop/rrd [normal]
Wed Oct 20 14:21:20 2010 RRD_DEBUG: rrdPath /var/ntop/rrd [dynamic/volatile]
Wed Oct 20 14:21:20 2010 RRD_DEBUG: umask 0066
Wed Oct 20 14:21:20 2010 RRD_DEBUG: DirPerms 0700
Wed Oct 20 14:21:20 2010 THREADMGMT: RRD: Started thread (t2994871200) for data collection
Wed Oct 20 14:21:20 2010 INIT: Created pid file (/var/run/ntop.pid)
Wed Oct 20 14:21:20 2010 THREADMGMT[t2994871200]: RRD: Data collection thread starting [p5409]
Wed Oct 20 14:21:20 2010 Now running as requested user 'root' (0:0)
Wed Oct 20 14:21:20 2010 Note: Reporting device initally set to 0 [eth0] (merged)
Wed Oct 20 14:21:20 2010 THREADMGMT[t3086902976]: ntop RUNSTATE: RUN(4)
Wed Oct 20 14:21:20 2010 THREADMGMT[t2984381344]: NPS(1): Started thread for network packet sniffing [eth0]
Wed Oct 20 14:21:20 2010 THREADMGMT[t2984381344]: NPS(eth0): pcapDispatch thread starting [p5409]
Wed Oct 20 14:21:20 2010 THREADMGMT[t2984381344]: NPS(eth0): pcapDispatch thread running [p5409]
Wed Oct 20 14:21:20 2010 THREADMGMT[t3047320480]: SIH: Idle host scan thread running [p5409]
Wed Oct 20 14:21:20 2010 THREADMGMT[t3057810336]: SFP: Fingerprint scan thread running [p5409]
Wed Oct 20 14:21:30 2010 THREADMGMT[t2973891488]: RRD: Started thread for throughput data collection
Wed Oct 20 14:21:30 2010 THREADMGMT[t2994871200]: RRD: Data collection thread running [p5409]
Wed Oct 20 14:21:30 2010 THREADMGMT[t2973891488]: RRD: Throughput data collection: Thread starting [p5409]
Wed Oct 20 14:21:30 2010 THREADMGMT[t2973891488]: RRD: Throughput data collection: Thread running [p5409]
And, I don't know if it's of any importance, but this is what I get when terminating the process started via the command up above, by typing Ctrl+C :
I am under VmWare 2.0.x and tried Yum install with dag's repo (same results).Wed Oct 20 14:22:39 2010 CLEANUP[t3086902976]: ntop caught signal 2 [state=4]
Wed Oct 20 14:22:39 2010 THREADMGMT[t3086902976]: ntop RUNSTATE: SHUTDOWN(7)
Wed Oct 20 14:22:39 2010 CLEANUP[t3086902976] catching thread is unknown
Wed Oct 20 14:22:39 2010 CLEANUP: Running threads SFP SIH WEB DNSAR1 DNSAR2 DNSAR3 NPS(eth0)
Wed Oct 20 14:22:39 2010 Joining thread DNSAR1
Wed Oct 20 14:22:39 2010 THREADMGMT[t3036830624]: DNSAR(1): Address resolution thread terminated [p5409]
Wed Oct 20 14:22:39 2010 THREADMGMT[t3026340768]: DNSAR(2): Address resolution thread terminated [p5409]
Wed Oct 20 14:22:39 2010 Joining thread DNSAR2
Wed Oct 20 14:22:39 2010 THREADMGMT[t3015850912]: DNSAR(3): Address resolution thread terminated [p5409]
Wed Oct 20 14:22:39 2010 Joining thread DNSAR3
Wed Oct 20 14:22:39 2010 STATS: 731 packets received by filter on eth0
Wed Oct 20 14:22:39 2010 STATS: 0 packets dropped (according to libpcap)
Wed Oct 20 14:22:39 2010 STATS: 0 packets dropped (by ntop)
Wed Oct 20 14:22:39 2010 Joining thread NPS(eth0)
Wed Oct 20 14:22:39 2010 THREADMGMT[t2984381344]: NPS(eth0): pcapDispatch thread terminated [p5409]
Wed Oct 20 14:22:39 2010 CLEANUP: Locking purge mutex (may block for a little while)
Wed Oct 20 14:22:39 2010 CLEANUP: Locked purge mutex, continuing shutdown
Wed Oct 20 14:22:39 2010 CLEANUP: Continues (still running SFP SIH WEB)
Wed Oct 20 14:22:39 2010 FREE_HOST: Start, 1 device(s)
Wed Oct 20 14:22:39 2010 FREE_HOST: End, freed 0
Wed Oct 20 14:22:39 2010 PLUGIN_TERM: Unloading plugins (if any)
Wed Oct 20 14:22:39 2010 RRD: Shutting down, locking mutex (may block for a little while)
Wed Oct 20 14:22:39 2010 RRD: Locked mutex, continuing shutdown
Wed Oct 20 14:22:39 2010 THREADMGMT[t3086902976]: RRD: killThread(rrdThread) succeeded
Wed Oct 20 14:22:39 2010 THREADMGMT[t3086902976]: RRD: killThread(rrdTrafficThread) succeeded
Wed Oct 20 14:22:39 2010 THREADMGMT[t3086902976]: RRD: Plugin shutdown continuing
Wed Oct 20 14:22:39 2010 RRD: Thanks for using the rrdPlugin
Wed Oct 20 14:22:39 2010 RRD: Done
I don't understand, as installing Ntop as a standalone on an Ubuntu machine doesn't make any problem, and CactiEZ 0.4 included Ntop already installed.
Some people seem to have Ntop running under CactiEZ 0.6, by just installing it and then running it, so it seems that it is possible.
Please, can someone tell me : what am I doing wrong ?
NB : pardon my english as I am a French guy. Those are also some of my first steps under the Unix OS...