操作系统
:
rhas4<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
软件版本
:
perl-Net-SNMP-5.2.0-1.2.el4.rf.noarch.rpm
rrdtool-1.0.41-1.8.0.ntop.i386.rpm
ntop-3.3-1.el4.rf.i386.rpm
安装配置
ntop
[root@localhost ntop]# rpm -ivh rpm -ivh ntop-3.3-1.el4.rf.i386.rpm
#
装上了
APT,
方便了许多
,Y
之后相关依赖包安装完毕
[root@localhost ntop]# vi /etc/ntop.conf
#
编辑配置文件
--interface eth0
前面注释去掉
,
网卡请按照实际情况配置
--http-server 3000
前面注释去掉
,
定义服务端口
,
注
:ntop
并不须要
apache
服务开启
[root@localhost ntop]# ntop -A
#
设置管理员密码
[root@localhost ntop]# /etc/init.d/ntop start
#
启动
ntop
服务
在地址栏中输入
:
服务地址
:3000,
既可看到界面
.
以上为单机测试环境
,
实际中请将此服务器放置于启用
span
的交换机接口或
HUB
下
3550
例
:
monitor session 1 source vlan 1 , 2 , 3 , 4 , 6 rx
#
监控源为
vlan1 vlan2 vlan3 vlan4 vlan6
的入口方向
monitor session 1 destination interface Fa0/28
#
目的端口为
fa0/28,
接上装有
ntop
服务的服务器
我的配置文件
:
### You should copy this file to it's normal location, /etc/etc/ntop.conf
### and edit it to fit your needs.
###
### ntop is easily launched with options by referencing this file from
### a command line like this:
###
### ntop @/etc/ntop.conf
###
### Remember, options may also be listed directly on the command line, both
### before and after the @/etc/ntop.conf.
###
### For switches that provide values, e.g. -i, the last one matters.
### For switches just say 'do things', e..g -M, if it's ANYWHERE in the
### commands, it will be set. There's no unset option.
###
### You can use this to your advantage, for example:
### ntop @/etc/ntop.conf -i none
### Overrides the -i in the file.
### and edit it to fit your needs.
###
### ntop is easily launched with options by referencing this file from
### a command line like this:
###
### ntop @/etc/ntop.conf
###
### Remember, options may also be listed directly on the command line, both
### before and after the @/etc/ntop.conf.
###
### For switches that provide values, e.g. -i, the last one matters.
### For switches just say 'do things', e..g -M, if it's ANYWHERE in the
### commands, it will be set. There's no unset option.
###
### You can use this to your advantage, for example:
### ntop @/etc/ntop.conf -i none
### Overrides the -i in the file.
### Sets the user that ntop runs as.
### NOTE: This should not be root unless you really understand the security risks.
--user ntop
### NOTE: This should not be root unless you really understand the security risks.
--user ntop
### Sets the directory that ntop runs from.
--db-file-path /var/ntop
--db-file-path /var/ntop
### Interface(s) that ntop will capture on (default: eth0)
--interface eth0
--interface eth0
### Configures ntop not to trust MAC addrs. This is used when port mirroring or SPAN
#--no-mac
#--no-mac
### Logging messages to syslog (instead of the console):
### NOTE: To log to a specific facility, use --use-syslog=local3
### NOTE: The = is REQUIRED and no spaces are permitted.
--use-syslog
### NOTE: To log to a specific facility, use --use-syslog=local3
### NOTE: The = is REQUIRED and no spaces are permitted.
--use-syslog
### Tells ntop to track only local hosts as specified by the --local-subnets option
#--track-local-hosts
#--track-local-hosts
### Sets the port that the HTTP webserver listens on
### NOTE: --http-server 3000 is the default
--http-server 3000
### NOTE: --http-server 3000 is the default
--http-server 3000
### Sets the port that the optional HTTPS webserver listens on
#--https-server 3001
#--https-server 3001
### Sets the networks that ntop should consider as local.
### NOTE: Uses dotted decimal and CIDR notation. Example: 192.168.0.0/24
### The addresses of the interfaces are always local and don't need to be specified.
#--local-subnets xx.xx.xx.xx/yy
### NOTE: Uses dotted decimal and CIDR notation. Example: 192.168.0.0/24
### The addresses of the interfaces are always local and don't need to be specified.
#--local-subnets xx.xx.xx.xx/yy
### Sets the domain. ntop should be able to determine this automatically.
#--domain mydomain.com
#--domain mydomain.com
### Sets program to run as a daemon
### NOTE: For more than casual use, you probably want this.
#--daemon
### NOTE: For more than casual use, you probably want this.
#--daemon
详细资料
:
/usr/bin/ntop -P /usr/share/ntop -u ntop -A
#-P [directory] 指定 .db 档存放路径
#-u [user] 指定 service 启动 user
#-A 设定 admin 密码, ntop 会内建 admin 管理者帐号于 ntop 中
4. 查看首次启动所需动作
less /usr/share/doc/ntop-3.0/1STRUN.txt
5. 编修 /etc/ntop.conf 档
vi /etc/ntop.conf
内容如下:
#eth0 是我的单块网卡 lo 是回路
--interface eth0,lo
#--no-mac
# 由于我只是一台机器所以下面的没加,假如您是在路由器或网关上请把对应的 ip 段改成自己的
--local-subnets 192.168.10.0/24
# 运行端口
--http-server 3000
# 数据库存放路径
--db-file-path /usr/share/ntop
# 守护进程方式运行
--daemon
# 用户名
--user ntop
# 默认运行等级
--trace-level 3
# 跳过任何错误
--disable-schedyield
6. 启动 ntop
/etc/init.d/ntop start
7. 查看网络流量
http://localhost:3000/
8. 停止为
/etc/init.d/ntop stop
http://www.ntop.org/ntop.html 为 ntop 首页 ,里面有相关资料及抓图等
ntop 若是架设在 hub 下时便能监控到网络上任何的封包。但若是架设在 switch 环境下时,除非是开放 SPAN 的功能否则只能监测给自己的封包。
本机测试环境为单机,标准安装。未配置插件条件下。如有兴趣可自行研究插件 由于 ntop 需要监听端口,所以最好用 iptables 限定某些 ip 能够浏览 否则可能带来安全性问题
#-P [directory] 指定 .db 档存放路径
#-u [user] 指定 service 启动 user
#-A 设定 admin 密码, ntop 会内建 admin 管理者帐号于 ntop 中
4. 查看首次启动所需动作
less /usr/share/doc/ntop-3.0/1STRUN.txt
5. 编修 /etc/ntop.conf 档
vi /etc/ntop.conf
内容如下:
#eth0 是我的单块网卡 lo 是回路
--interface eth0,lo
#--no-mac
# 由于我只是一台机器所以下面的没加,假如您是在路由器或网关上请把对应的 ip 段改成自己的
--local-subnets 192.168.10.0/24
# 运行端口
--http-server 3000
# 数据库存放路径
--db-file-path /usr/share/ntop
# 守护进程方式运行
--daemon
# 用户名
--user ntop
# 默认运行等级
--trace-level 3
# 跳过任何错误
--disable-schedyield
6. 启动 ntop
/etc/init.d/ntop start
7. 查看网络流量
http://localhost:3000/
8. 停止为
/etc/init.d/ntop stop
http://www.ntop.org/ntop.html 为 ntop 首页 ,里面有相关资料及抓图等
ntop 若是架设在 hub 下时便能监控到网络上任何的封包。但若是架设在 switch 环境下时,除非是开放 SPAN 的功能否则只能监测给自己的封包。
本机测试环境为单机,标准安装。未配置插件条件下。如有兴趣可自行研究插件 由于 ntop 需要监听端口,所以最好用 iptables 限定某些 ip 能够浏览 否则可能带来安全性问题
转载于:https://blog.51cto.com/jlsfwq/165646