Getting a real-time network monitor up and running is just a few commands away with ntopng.
If you’ve installed a Debian minimal server, you might want to add a network monitoring tool into the mix. One such tool is ntopng, an open source, cross-platform network monitor that features:
IP address geolocation
Sorting of traffic according to both source and destination
Storing data in RRD format
Sorting IP protocol usage by type
A user-friendly, web-based dashboard
Role-based user management
And much more
Ntopgn focuses on performance with low resource usage, and can be installed on any variation of Linux, as well as macOS and Windows. I’m going to show you how to install ntopng on a Debian minimal server.
SEE: Hiring kit: Database administrator (TechRepublic Premium)
What you’ll need
The only things you’ll need to install ntopng are:
Two things to know:
- If you’re using a Linux distribution that is not based on Debian, you’ll have to modify the installation instructions.
- If you want to avoid using the root account, you’ll have to add your user to the sudoers file.
If you opt to add your user to the sudoers file, you must first su to the root user and then issue the command:
In that file (Figure A), add a line like:
USER ALL=(ALL:ALL) ALL
Where USER is the username to be added.
How to install ntopng
In order to install ntopng, you must download the necessary repository .deb file. Go back to the terminal window and issue the command:
Once that file downloads, su to the root user (or use sudo if you opt to add your user to the sudoers file) and install the repository with the command:
dpkg -i apt-ntop.deb
Update apt with the command:
Finally, install ntopng and its dependencies with the command:
apt-get install pfring-dkms nprobe ntopng n2disk cento -y
Start and enable ntopng with the commands:
systemctl start ntopng systemctl enable ntopng
How to configure ntopng
We have to take care of some minimal configurations. Before you do that, you must know which ethernet device will be used for listening. Issue the command:
In the output of that command you’ll see your device listed. In my case, it’s enp0s3.
Open the configuration file with the command:
In the file, uncomment (remove the # character) the line:
Change eth1 to the name of your device (discovered with the ip a command). Next, scroll down and uncomment the line:
Finally, scroll to the bottom and add the following:
--local-networks "10.34.1.0/24" --interface 1
Make sure to change the IP address to match your network address scheme.
Save and close the file. Restart ntopng with the command:
systemctl restart ntopng
How to access the web dashboard
Open a web browser and point it to http://SERVER_IP:3000 (where SERVER_IP is the IP address of the Debian minimal server). You will be prompted to log in using the default credentials admin/admin. As soon as you successfully login, you’ll be required to change the admin user password. Do that and the ntopng dashboard will appear, displaying the real-time traffic monitor (Figure B).
And that’s all there is to installing the ntopng traffic monitor on a Debian server. You now have a powerful and flexible tool to keep tabs on the traffic going into and out of your network.