Presentation
Just to clarify things before we put our hands in the dirt, ntopng is a netflow analyzer with a nice web-interface, that can get the traffic of its own interface. HOWEVER. It cannot work as a netflow collector too. That means that if you have a couple network devices on a WAN Network, and you want to know what kind of flows are going through your network, you will have to install a separate tool, which is also developped by the ntopng guys : nProbe. Sadly, this one is not free, and you will need a license to get it working in production environnement as the default-installation provides a 20K flows limit per nprobe thread, then it stops collecting them.
So to make it short, you will have to :
- install ntopng and nprobe
- configure your network devices to send net/sflow packets to ntopng server
- configure nProbe to collect net/sflow packets and to stream them in JSON to ntopng
- configure ntopng to listen for nProbe JSON streams
Ntopng is a… , howevcer it cannot porcess netflow expoert directly from asa for examle
ntopng, but older version is directly availble through debian repository, however installing actual version follow next stpes
Installation for debian jessie
select your distribution,
apt-get clean all apt-get update apt-get install nprobe ntopng
or alternatively go to the http://packages.ntop.org/debian/ , find your distro (actually there is "jessie" only, so if you are using other version of debian, you will need to install ntop from the source) and download all individual packages manually using wget and install them throuh dpkg -i package.deb
Accessing ntopng web gui
put the url into your browser
http://<IP-ADDRESS>:3000/
and login using admin/admin
configuring nprobe for ntong collector
http://www.ntop.org/nprobe/using-ntop-as-a-flow-collector-for-nprobe/
vim nrpobe.conf
paste
nprobe --collector-port 6343 --zmq tcp://127.0.0.1:5556 >> /dev/null &
daj to netop.conf -i….
chod do .etc/nrpobe
