How to Install nTOP in 6.1

[md3v]

The following instructions work on Untangle 6.1 and 6.2 and will provide a working nTOP environment with the current nTOP 3:3.3-11+b2 package included with Debian 5.

1. Increase the APT cache

Code:

sed -i -e 's/APT::Cache-Limit 10000000/APT::Cache-Limit 20000000/' /etc/apt/apt.conf

2. Backup the Original sources.list

Code:

cp /etc/apt/sources.list /etc/apt/sources.list.orig

3. Add Debian 5 Repo's

Code:

echo "deb http://http.us.debian.org/debian/ lenny main contrib non-free" >>/etc/apt/sources.list
echo "deb-src http://http.us.debian.org/debian/ lenny main" >>/etc/apt/sources.list

4. Update packages and install latest nTOP build

Code:

apt-get update

apt-get install ntop

5. Set nTOP's admin password

Code:

ntop -A

6. Configure nTOP monitoring interface

Code:

cd /var/lib/ntop

sed 's/INTERFACES="eth0"/INTERFACES="eth1"/g' init.cfg> init.cfg.tmp

cp init.cfg.tmp init.cfg

rm init.cfg.tmp

7. Configure nTOP to use TCP port 4000

Code:

echo 'GETOPT="-w 4000"' >>/etc/default/ntop

8. Restore the original APT sources list

Code:

cp /etc/apt/sources.list.orig /etc/apt/sources.list
rm /etc/apt/sources.list.orig

9. Start nTOP

Code:

/etc/init.d/ntop start

10. Confirm nTOP is listening on TCP port 4000:

Code:

/var/lib/ntop # lsof -i :4000                                                                                                                                       [root @ utm1]
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
ntop    7462 ntop    1u  IPv4 488311       TCP *:4000 (LISTEN)

NOTE: The expected result is *:4000 (Listen).

11. Configure a packet filter for nTOP

(See packet filter image, attachment below!)

12. Secure nTOP access from outside the UTM

a. Browse your UTM at http://ip-address:4000
b. Click "Admin" then "Configure" then "Protect URL's"
c. Enter username "admin" and your password (set in step 5 above) when prompted.
e. Click "Add URL" then "Add URL" again.

NOTE: This will require a username and password to access http://ip-address:4000

Post if you experience issues with these instructions.

[Drewster727]

thanks for the info md3v.

I had this same problem with silver bullets commands on my 6.1 untangle box.
for some reason when I run:

sed 's/INTERFACES="eth0"/INTERFACES="eth1"/g' init.cfg> init.cfg.tmp

it seems to do nothing, because when I run the "/etc/init.d/ntop start" command it says:

Starting network top daemon: ERROR: Cannot start ntop since INTERFACES is not defined, check the configuration file /etc/default/ntop

although I did notice after the ntop install script ran after running "apt-get install ntop" it says:

br.etho0: error fetching interface information: Device not found.

so I'm thinking ntop is trying to use br.eth0 to monitor yet...it cant find br.etho0 because I'm using eth0. That setting the interface command seems to have no effect.

Any help on this would be great as I'd love to get ntop up and running.

Thanks.

[md3v]

Hi Drewster,

Regarding:

sed 's/INTERFACES="eth0"/INTERFACES="eth1"/g' init.cfg> init.cfg.tmp

Not working. Eth1 will generally be your inside interface (LAN side) which is what is bridged to Eth0 or (~other) as your WAN side interface.

You can manually edit the nTOP configuration file using:

Code:

nano -w /var/lib/ntop/init.cfg

But make sure your using valid interface names based on the output of:

Code:

ifconfig

If all else fails, PM me shell access information for your box and I'll investigate it for you.

Christopher.

[Drewster727]

md3v, thank you for the tips.

However, I was finally able to get my ntop working.

I have a friend who is running untangle in a vm exactly as mine, upgraded to 6.1.

He sent me the contents of his /etc/default/ntop file. When I checked my /etc/default/ntop all that was listed was:

GETOPT="-w 4000"

his showed:

# This file will normally include the debconf template but you can disable
# that and use this file only.

. /var/lib/ntop/init.cfg
#GETOPT=""
GETOPT="-w 4000"

after inserting that into /etc/default/ntop it worked like a charm. Not 100% sure why it did that. So it appears it was not an interface problem setting specifically but rather /etc/default/ntop did not have the proper contents.

For anyone who has similar issues, insert the above quote into your /etc/default/ntop directory, or make sure you've got something similar.

and I do not belive it is specific to those debian repos you listed, I'm betting its something specific to my install that got screwed up somehow, after some trial and error over the past few days with other repos, etc.. thanks again tho md3v.

[lschafroth]

1. Increase the APT cache

Code:

sed -i -e 's/APT::Cache-Limit 10000000/APT::Cache-Limit 20000000/' /etc/apt/apt.conf

The very first step on 6.1 fails.

sed: can't read /etc/apt/apt.conf: No such file or directory

Also, I still do not see where to add the packet filter. The firewall does not show a similar screen. NAT policies look similar but do not appear to be the same screen.

I show ntop running, but without steps to add a packet filter I cannot get to it.

Lannie

+++++++++

I found the packet filter. It doesnt say anthying about clicking on the little down arrow on the Advanced button!! Every time I clicked on advanced it said you are already in advanced mode.

Now I just need to increase the cache size sicne that command does not work.

I noticed this warning in the startup preferences:

You cannot set the capture interface: missing privileges.

Do I need to change anything?

[Drewster727]

lschafroth,

the packet filter rule is located under config-->networking, then to access the packet filter rules you must be in advanced mode, you'll then be able to use a drop-down box on the top right of your screen, just click that and select packet filter.

Also just a note, the packet filter rule you posted md3v does not work, at least for me it doesn't. However, when I make the packet filter exactly as silver bullet had his in the "install ntop in 5.1" thread, everything worked properly.

edit: Ischafroth, sorry I didn't see you updated your post saying you found the packet filter section. Just ignore what I said earlier... but as for your cache command issue, if you ssh into your untangle box, can you go to that directory and find that file? or is it missing?

[lschafroth]

edit: Ischafroth, sorry I didn't see you updated your post saying you found the packet filter section. Just ignore what I said earlier... but as for your cache command issue, if you ssh into your untangle box, can you go to that directory and find that file? or is it missing?

Ya, the file does not exist. This is on a fresh 6.1 install. I created a blank one then ran the command. Not sure if that will work or not. either way, the nTOP works great on this machine.

Lannie

[Drewster727]

here is the contents of my apt.conf file:

APT::Cache-Limit 20000000;
Apt::Get::Purge;
APT::Cache-Limit 12582912;

just copy that into yours, not sure if it will change anything as you said it is working now.

[nadim.chidiac]

Ignore what I posted earlier if you read it. I installed nTop and forgot to create the packet filter. Once it was created, all was ok. Thanks for this!!

[jgshier]

Works Great Thanks!