本文共 21991 字,大约阅读时间需要 73 分钟。
Ntop是一种监控网络流量工具,用ntop显示网络的使用情况比其他一些网络管理软件更加直观、详细。Ntop甚至可以列出每个节点计算机的网络带宽利用率。他是一个灵活的、功能齐全的,用来监控和解决局域网问题的工具;尤其当ntop与nprobe配合使用,其功能更加显著。它同时提供命令行输入和web页面,可应用于嵌入式web服务。
因为安装 rrdtool 需要。cairo,埃及首都开罗,向量图形绘图库。
先将光盘mount到/mnt。
[root@liunx0918 ~]# mount /dev/cdrom /mnt [root@liunx0918 ~]# cd /mnt [root@liunx0918 mnt]# ls Cluster RELEASE-NOTES-de.html RELEASE-NOTES-ml.html RELEASE-NOTES-U4-de.html RELEASE-NOTES-U4-ml.html RELEASE-NOTES-zh_CN.html ClusterStorage RELEASE-NOTES-en RELEASE-NOTES-mr.html RELEASE-NOTES-U4-en RELEASE-NOTES-U4-mr.html RELEASE-NOTES-zh_TW.html EULA RELEASE-NOTES-en.html RELEASE-NOTES-or.html RELEASE-NOTES-U4-en.html RELEASE-NOTES-U4-or.html RPM-GPG-KEY-redhat-beta eula.en_US RELEASE-NOTES-es.html RELEASE-NOTES-pa.html RELEASE-NOTES-U4-es.html RELEASE-NOTES-U4-pa.html RPM-GPG-KEY-redhat-release GPL RELEASE-NOTES-fr.html RELEASE-NOTES-pt_BR.html RELEASE-NOTES-U4-fr.html RELEASE-NOTES-U4-pt_BR.html Server images RELEASE-NOTES-gu.html RELEASE-NOTES-ru.html RELEASE-NOTES-U4-gu.html RELEASE-NOTES-U4-ru.html TRANS.TBL isolinux RELEASE-NOTES-hi.html RELEASE-NOTES-si.html RELEASE-NOTES-U4-hi.html RELEASE-NOTES-U4-si.html VT README-en RELEASE-NOTES-it.html RELEASE-NOTES-ta.html RELEASE-NOTES-U4-it.html RELEASE-NOTES-U4-ta.html README-en.html RELEASE-NOTES-ja.html RELEASE-NOTES-te.html RELEASE-NOTES-U4-ja.html RELEASE-NOTES-U4-te.html RELEASE-NOTES-as.html RELEASE-NOTES-kn.html RELEASE-NOTES-U4-as.html RELEASE-NOTES-U4-kn.html RELEASE-NOTES-U4-zh_CN.html RELEASE-NOTES-bn.html RELEASE-NOTES-ko.html RELEASE-NOTES-U4-bn.html RELEASE-NOTES-U4-ko.html RELEASE-NOTES-U4-zh_TW.html [root@liunx0918 mnt]# find . -name "cairo*rpm" ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/cairo-java-1.0.5-3.fc6.i386.rpm ./Server/cairo-java-devel-1.0.5-3.fc6.i386.rpm [root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 error: Failed dependencies: fontconfig-devel >= 2.0 is needed by cairo-devel-1.2.4-5.el5.i386 freetype-devel >= 2.1.3-3 is needed by cairo-devel-1.2.4-5.el5.i386 libXrender-devel is needed by cairo-devel-1.2.4-5.el5.i386 libpng-devel is needed by cairo-devel-1.2.4-5.el5.i386依赖的rpm包还真多! [root@liunx0918 mnt]# find . -name "fontconfig-devel*rpm" ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm [root@liunx0918 mnt]# find . -name "freetype-devel*rpm" ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm [root@liunx0918 mnt]# find . -name "libXrender-devel*rpm" ./Server/libXrender-devel-0.9.1-3.1.i386.rpm [root@liunx0918 mnt]# find . -name "libpng-devel*rpm" ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm [root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 error: Failed dependencies: libX11-devel is needed by libXrender-devel-0.9.1-3.1.i386 xorg-x11-proto-devel is needed by libXrender-devel-0.9.1-3.1.i386 [root@liunx0918 mnt]# find . -name "libX11-devel*rpm" ./Server/libX11-devel-1.0.3-11.el5.i386.rpm [root@liunx0918 mnt]# find . -name "xorg-x11-proto-devel*rpm" ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm [root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 error: Failed dependencies: libXau-devel is needed by libX11-devel-1.0.3-11.el5.i386 libXdmcp-devel is needed by libX11-devel-1.0.3-11.el5.i386 mesa-libGL-devel is needed by xorg-x11-proto-devel-7.1-13.el5.i386 [root@liunx0918 mnt]# find . -name "libXau-devel*rpm" ./Server/libXau-devel-1.0.1-3.1.i386.rpm [root@liunx0918 mnt]# find . -name "libXdmcp-devel*rpm" ./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm [root@liunx0918 mnt]# find . -name "mesa-libGL-devel*rpm" ./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm [root@liunx0918 mnt]# rpm -ivh ./Server/cairo-1.2.4-5.el5.i386.rpm ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm ./Server/libXau-devel-1.0.1-3.1.i386.rpm ./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm ./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm warning: ./Server/cairo-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] package cairo-1.2.4-5.el5.i386 is already installed [root@liunx0918 mnt]# rpm -ivh ./Server/cairo-devel-1.2.4-5.el5.i386.rpm ./Server/fontconfig-devel-2.4.1-7.el5.i386.rpm ./Server/freetype-devel-2.2.1-21.el5_3.i386.rpm ./Server/libXrender-devel-0.9.1-3.1.i386.rpm ./Server/libpng-devel-1.2.10-7.1.el5_3.2.i386.rpm ./Server/libX11-devel-1.0.3-11.el5.i386.rpm ./Server/xorg-x11-proto-devel-7.1-13.el5.i386.rpm ./Server/libXau-devel-1.0.1-3.1.i386.rpm ./Server/libXdmcp-devel-1.0.1-2.1.i386.rpm ./Server/mesa-libGL-devel-6.5.1-7.7.el5.i386.rpm warning: ./Server/cairo-devel-1.2.4-5.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:freetype-devel ########################################### [ 10%] 2:fontconfig-devel ########################################### [ 20%] 3:libXau-devel ########################################### [ 30%] 4:libpng-devel ########################################### [ 40%] 5:xorg-x11-proto-devel ########################################### [ 50%] 6:libX11-devel ########################################### [ 60%] 7:libXrender-devel ########################################### [ 70%] 8:cairo-devel ########################################### [ 80%] 9:libXdmcp-devel ########################################### [ 90%] 10:mesa-libGL-devel ########################################### [100%][root@liunx0918 mnt]#
因为安装 rrdtool 需要。pango是一个文字渲染库。
rrdtool是一个环状数据库工具。
简要安装步骤如下:
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.7.tar.gz tar zxf rrdtool-1.4.7.tar.gz cd rrdtool-1.4.7 ./configure --prefix=/usr make && make install
下面是安装过程中的一些输出信息: [root@liunx0918 rrdtool-1.4.7]# ./configure --prefix=/usr checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for gcc... gcc省略
----------------------------------------------------------------
Config is DONE! With MMAP IO: yes Build rrd_getopt: no Build rrd_graph: yes Static programs: no Perl Modules: perl_piped perl_shared Perl Binary: /usr/bin/perl Perl Version: 5.8.8 Perl Options: PREFIX=/usr LIB=/usr/lib/perl/5.8.8 Ruby Modules: Ruby Binary: no Ruby Options: sitedir=/usr/lib/ruby Build Lua Bindings: no Build Tcl Bindings: no Build Python Bindings: yes Build rrdcgi: yes Build librrd MT: yes Use gettext: yes With libDBI: no With libwrap: yes Libraries: -lxml2 -lglib-2.0 -lcairo -lcairo -lcairo -lm -lwrap -lcairo -lpng12 -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0 Type 'make' to compile the software and use 'make install' to install everything to: /usr. ... that wishlist is NO JOKE. If you find RRDtool useful make me happy. Go to http://tobi.oetiker.ch/wish and place an order. -- Tobi Oetiker <tobi@oetiker.ch> ---------------------------------------------------------------- [root@liunx0918 rrdtool-1.4.7]#
libpcap是一个网络数据包捕获函数库。
安装 ntop 时需要,否则报下面的错:
checking for pcap_lookupdev in -lpcap... no *** FATAL ERROR *** It looks that you don't have the libpcap distribution installed. Download, compile and, optionally, install it. When finished please re-run this program. You can download the latest source tarball at http://www.tcpdump.org/ configure: error: The LBL Packet Capture Library, libpcap, was not found! 下面是安装记录: [root@liunx0918 mnt]# find . -name "libpcap*rpm" ./Server/libpcap-0.9.4-14.el5.i386.rpm ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm [root@liunx0918 mnt]# rpm -ivh ./Server/libpcap-0.9.4-14.el5.i386.rpm ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm warning: ./Server/libpcap-0.9.4-14.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] package libpcap-0.9.4-14.el5.i386 is already installed [root@liunx0918 mnt]# rpm -ivh ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm warning: ./Server/libpcap-devel-0.9.4-14.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:libpcap-devel ########################################### [100%] [root@liunx0918 mnt]#
GeoIP是一个 ip 对应地理信息的数据库。
如果不安装 GeoIP,那么在安装 ntop 时报错:
checking for GeoIP_record_by_ipnum in -lGeoIP... no checking for GeoIP_name_by_ipnum_v6 in -lGeoIP... no Please install GeoIP (http://www.maxmind.com/)
下面是简要安装步骤:
wget http://www.maxmind.com/download/geoip/api/c/GeoIP.tar.gz tar zxf GeoIP.tar.gz cd GeoIP-1.4.8/ ./configure --prefix=/usr make && make install
下面是详细安装记录:
[root@liunx0918 install]# wget http://www.maxmind.com/download/geoip/api/c/GeoIP.tar.gz --2012-05-28 15:00:14-- http://www.maxmind.com/download/geoip/api/c/GeoIP.tar.gz 正在解析主机 www.maxmind.com... 174.36.207.186 Connecting to www.maxmind.com|174.36.207.186|:80... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:1074829 (1.0M) [application/octet-stream] Saving to: `GeoIP.tar.gz' 100%[=============================================================================================================================>] 1,074,829 45.6K/s in 20s 2012-05-28 15:00:35 (53.4 KB/s) - `GeoIP.tar.gz' saved [1074829/1074829] [root@liunx0918 install]# tar zxf GeoIP.tar.gz [root@liunx0918 install]# cd GeoIP-1.4.8/ [root@liunx0918 GeoIP-1.4.8]# ls aclocal.m4 ChangeLog configure depcomp get_ver.awk ltmain.sh Makefile.vc NEWS READMEwin32static.txt apps conf configure.in geoip.ico INSTALL Makefile.am Makefile.win32 README READMEwin32.txt AUTHORS config.guess COPYING GeoIP.spec.in install-sh Makefile.in man README.MinGW test bootstrap config.sub data GeoIPWinDLL.patch libGeoIP Makefile.netware missing README.OSX TODO [root@liunx0918 GeoIP-1.4.8]# ./configure --prefix=/usr checking for gcc... gcc checking whether the C compiler works... yes省略
configure: creating ./config.status
config.status: creating Makefile config.status: creating GeoIP.spec config.status: creating libGeoIP/Makefile config.status: creating apps/Makefile config.status: creating conf/Makefile config.status: creating data/Makefile config.status: creating man/Makefile config.status: creating test/Makefile config.status: executing depfiles commands config.status: executing libtool commands [root@liunx0918 GeoIP-1.4.8]#
终于到这一步了。下面是安装的简要步骤:
wget "http://sourceforge.net/projects/ntop/files/ntop/Stable/ntop-4.1.0.tar.gz/download" tar zxf ntop-4.1.0.tar.gz cd ntop-4.1.0 ./autogen.sh make && make install
下面是安装过程中输出的部分信息:
******************************************************************* * * NOTE: ./configure is now complete! * * All of the obviously FATAL errors would cause you to * abort before this point, so while you SHOULD scroll * back and check for error/warning/note messages, * you probably will not... * ++ ++ If you like ntop, please do not forget to support its ++ development. See SUPPORT_NTOP.txt for more information. ++ ++ Thanks for supporting ntop! ++ * * NEXT STEP(S): * * Building ntop requires GNU Make, so to build ntop, type * 'make' (or on *BSD and Solaris systems, 'gmake') * ******************************************************************* .... autogen.sh done just type make to compile ntop ************************************************************ ************************************************************ WARNING: This install created a directory for the ntop files and databases: //usr/local/share/ntop This directory MUST be owned by the user which you are going to use to run ntop. The command you must issue is something like: chown -R ntop.ntop //usr/local/share/ntop or chown -R ntop:users //usr/local/share/ntop man chown to check the syntax for YOUR system ************************************************************ ************************************************************ echo "Shall you be using SELinux please run:" Shall you be using SELinux please run: echo "make install-selinux-policy" make install-selinux-policy
网上有些资料说需要添加名为 ntop 的用户,我试了,并不需要。
首先来看一下 ntop 的启动参数: ntop -u user 就可以指定启动程序执行的用户,否则 ntop是以 nobody 用户来运行的。
一般建议以 ntop 用户来运行 ntop 程序。
下面是创建 ntop 用户的步骤:useradd -s /sbin/nologin ntop passwd -l ntop [root@liunx0918 ~]# useradd -s /sbin/nologin ntop [root@liunx0918 ~]# passwd -l ntop Locking password for user ntop. passwd: Success [root@liunx0918 ~]# 计划将 ntop 的数据库放在 /var/ntop 目录 [root@liunx0918 ~]# mkdir /var/ntop [root@liunx0918 ~]# chown -R ntop:ntop /var/ntop [root@liunx0918 ~]# 检查防火墙设置,放开 3000 端口先执行 service iptables save 再在 /etc/sysconfig/iptables 中添加一行 -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3000 -j ACCEPT-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 保存 执行 service iptables restart [root@liunx0918 ~]# service iptables save Saving firewall rules to /etc/sysconfig/iptables: [ OK ] [root@liunx0918 ~]# vi /etc/sysconfig/iptables 修改 /etc/sysconfig/iptables 文件,如上所示。 [root@liunx0918 ~]# service iptables restart Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: [ OK ] Loading additional iptables modules: ip_conntrack_netbios_n[ OK ] [root@liunx0918 ~]# 注:直接执行下面的命令不能放开 3000 端口 iptables -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3000 -j ACCEPT ntop其他重要参数经过这么长时间的准备工作,我准备用下面的方式来启动 ntop,用以监控第一块网卡上的流量:
ntop -P /var/ntop -i eth0 -u ntop
首先得使用 ntop -A 设置管理密码。可以设置得复杂些。
ntop startup - waiting for user response!
Please enter the password for the admin user: Mon May 28 15:07:13 2012 THREADMGMT[t3017280400]: DNSAR(3): Address resolution thread running Password too short (5 characters or more). Please try again. ntop startup - waiting for user response! Please enter the password for the admin user: Please enter the password again: Mon May 28 15:07:31 2012 Admin user password has been set
[root@liunx0918 ~]# ntop -P /var/ntop -i eth0 -u ntop -d
Tue Jun 5 09:08:22 2012 NOTE: Interface merge enabled by default Tue Jun 5 09:08:22 2012 Initializing gdbm databases Tue Jun 5 09:08:22 2012 Setting administrator password... Tue Jun 5 09:08:22 2012 Admin password set... Tue Jun 5 09:08:22 2012 ntop v.4.1.0 (32 bit) Tue Jun 5 09:08:22 2012 Configured on May 28 2012 15:03:47, built on May 28 2012 15:05:09. Tue Jun 5 09:08:22 2012 Copyright 1998-2011 by Luca Deri <deri@ntop.org> Tue Jun 5 09:08:22 2012 Get the freshest ntop from http://www.ntop.org/ Tue Jun 5 09:08:22 2012 NOTE: ntop is running from 'ntop' Tue Jun 5 09:08:22 2012 NOTE: (but see warning on man page for the --instance parameter) Tue Jun 5 09:08:22 2012 NOTE: ntop libraries are in '/usr/local/lib' Tue Jun 5 09:08:22 2012 Initializing ntop Tue Jun 5 09:08:22 2012 Checking eth0 for additional devices Tue Jun 5 09:08:22 2012 Added virtual interface: 'eth0:0' Tue Jun 5 09:08:22 2012 Resetting traffic statistics for device eth0 Tue Jun 5 09:08:22 2012 Initializing device eth0 (0) Tue Jun 5 09:08:22 2012 DLT: Device 0 [eth0] is 1, mtu 1514, header 14 Tue Jun 5 09:08:22 2012 Initialized events [mask: 0][path: ] Tue Jun 5 09:08:22 2012 Initializing gdbm databases Tue Jun 5 09:08:22 2012 VENDOR: Loading MAC address table. Tue Jun 5 09:08:22 2012 VENDOR: Checking for MAC address table file Tue Jun 5 09:08:22 2012 VENDOR: File '/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded Tue Jun 5 09:08:22 2012 VENDOR: ntop continues ok Tue Jun 5 09:08:22 2012 VENDOR: Checking for MAC address table file Tue Jun 5 09:08:22 2012 VENDOR: File '/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded Tue Jun 5 09:08:22 2012 VENDOR: ntop continues ok Tue Jun 5 09:08:22 2012 Fingerprint: Loading signature file Tue Jun 5 09:08:22 2012 Fingerprint: Checking for Fingerprint file... file Tue Jun 5 09:08:22 2012 Fingerprint: Loading file '/usr/local/etc/ntop/etter.finger.os.gz' Tue Jun 5 09:08:22 2012 Fingerprint: ...loaded 1765 records Tue Jun 5 09:08:22 2012 INIT: Parent process is exiting (this is normal) Tue Jun 5 09:08:22 2012 INIT: Bye bye: I'm becoming a daemon... [root@liunx0918 ~]#
现在就可以通过浏览器来访问了,比如使用 Firefox,网址为:
http://your_server_ip:3000/
在查看网络统计信息时不需要,但点 Admin 里面的配置选项时需要。
是 bps, 不是 Bps
得先申请一个 Google Maps API Key,下面的资料有介绍:
http://blog.csdn.net/guanzhouxuezi/article/details/6070015
http://code.google.com/android/maps-api-signup.html
https://developers.google.com/maps/documentation/android/maps-api-signup不过,怎么试都不灵。最后,看了一下网页源代码,发现 ntop 使用的 Google Maps v2 的API,现在已经作废不能用了。希望 ntop 尽快推出支持 Google Maps v3 的版本。
(1) 百度百科:ntop
http://baike.baidu.com/view/6340040.htm (2) 互动百科:NTOP http://www.hudong.com/wiki/NTOP (3) 天下网盟:网管经验 用NTOP精确监控网络流量 http://netbar.txwm.com/wguan/v13826.html (4) IT专家网:连载:安装配置NTOP监控Linux网络 http://linux.ctocio.com.cn/400/8873900.shtml(5) RHEL 5.4 下安装和使用 ntop 全纪录(就是本文)
END.