network monitoring

[moredruid]

Maybe it's something people are interested in, you can add network monitoring to your server.
Personally I like ntop, I just installed it last night and it works great.
It will give you nice graphs and other metrics on type of traffic, amount of traffic, bandwidth on your LAN to the server etc.
Installing is easy:

Code: Select all

root@localhost# yum install ntop

running it just as easy:

Code: Select all

root@localhost# service ntop start

then point your browser to the following link:
https://hda:3001
done

if it doesn't work, issue the following commands:

Code: Select all

root@localhost# service ntop stop root@localhost# ntop -A <fill in a password> root@localhost# service ntop start

and try again.

[cpg]

whoa nice!

i had to change the /etc/ntop.conf to put the ip address for it to bind to instead of 127.0.0.1

Code: Select all

--http-server 192.168.1.10:3000 --https-server 192.168.1.10:3001

also, i can only seem to be able to access it with http://hda:3000 (not the https at 3001).

would you be interested in adding the details as an app in the wiki?
say here? http://wiki.amahi.org/index.php/App/Ntop


--

on a somewhat related topic, french and i started talking about network monitoring and ended up producing some code to toy around network monitoring, because he need an intrusion alarm (by email) and i wanted to experiment towards integrating something with amahi (more tightly than external programs) long term.

we committed some ruby code (not much doc) that is tailored for what he needs, however it could be made more general and integrated in amahi to send custom alers on specific types of packets/traffic on the network:

http://git.amahi.org/?p=amahi.git;a=tre ... f9;hb=HEAD

not much docs, but it can be run as a daemon and send email on specific packet combination. could be made to be rule based, make some pretty graphs, etc.

thanks for the tip!

[moredruid]

sure, will add it to the list somewhere this week if I've got the time.

I'll take a look at the code from french (I'm not a coder), but I think you can have ntop trigger certain events and mail them to you. SNMP based triggering seems to be an option... you may want to look into the admin section of your ntop page for that

[cpg]

ntop keeps on crashing on me:

Code: Select all

ntop[13551]: segfault at 38 ip 02046ab3 sp b1d845a4 error 6 in libntop-3.3.8.so[2000000+67000]

it should be put under monit's watch

[moredruid]

weird, ntop runs fine here

here's my /etc/ntop.conf

Code: Select all

# tells ntop the user id to run as --user ntop #save messages into the system log --use-syslog=daemon # sets the directory that ntop runs from --db-file-path /var/lib/ntop # the amount and severity of messages that ntop will put out --trace-level 3 # limit ntop to listening on a specific interface and port --http-server 3000 --https-server 3001 # specify the interface --interface eth0 # Under certain circumstances, the sched_yield() function causes the ntop web # server to lock up. It shouldn't happen, but it does. This option causes # ntop to skip those calls, at a tiny performance penalty. --disable-schedyield # disables "phone home" behavior --skip-version-check=yes

[moredruid]

added to wiki

[moredruid]

on a somewhat related topic, french and i started talking about network monitoring and ended up producing some code to toy around network monitoring, because he need an intrusion alarm (by email) and i wanted to experiment towards integrating something with amahi (more tightly than external programs) long term.

what kind of intrusions are we talking about here? There are lots of IDS packages out there, maybe it's better to use them instead of creating something new (which might introduce it's own flaws and attack vectors). Should it be an alarm or a periodic overview of login activity (like daily stats)?

[cpg]

not sure - perhaps we should see IDS systems and see if they fit the bill for jfrenc14.

as for amahi, i guess some sort of monitoring, giving a "more concise and to the point" view than ntop (too technical, imnsho).