<NTOP : 네트워크 모니터링체계 구축>
|
<http://www.ntop.org/news.html>
<ntop 다운로드 및 설치> [root@jo:~]#mkdir /usr/local/src/ntop [root@jo:~]#cd /usr/local/src/ntop/ [root@jo:/usr/local/src/ntop]#wget http://sourceforge.net/projects/ntop/files/ntop/ntop-3.3.10/ntop-3.3.10.tar.gz/download
[root@jo:/usr/local/src/ntop]#tar xvfz ntop-3.3.10.tar.gz
[root@jo:/usr/local/src/ntop]#cd ntop-3.3.10 [root@jo:/usr/local/src/ntop/ntop-3.3.10]#./autogen.sh --help --> 옵션 도움말 Starting ntop automatic configuration system v.0.2.3 Please be patient, there is a lot to do... This script should help you to configure 'ntop' Usage: autogen.sh [OPTION]... -h, --help display this message and exit -v, --version print version information and exit -d, --debug enable verbose shell tracing -p, --purge purge all files which are not part of the source package --noconfig skip the ./configure execution Any unrecognized options will be passed to ./configure, e.g.: ./autogen.sh --prefix=/usr becomes ./configure --prefix=/usr
[root@jo:/usr/local/src/ntop/ntop-3.3.10]#./autogen.sh --prefix=/usr/local/ntop
Error! You need to have libevent 1.4.X or better. --> 에러 났다. --> libevent 1.4 이상 필요하단다. |
--
|
<http://www.monkey.org/~provos/libevent/> <libevent 다운로드 및 설치> [root@jo:/usr/local/src/ntop/ntop-3.3.10]#cd .. [root@jo:/usr/local/src/ntop]#wget http://www.monkey.org/~provos/libevent-1.4.12-stable.tar.gz
[root@jo:/usr/local/src/ntop]#tar xvfz libevent-1.4.12-stable.tar.gz
[root@jo:/usr/local/src/ntop/libevent-1.4.12-stable]#./configure && make && make install
[root@jo:/usr/local/src/ntop/libevent-1.4.12-stable]#cd ../ntop-3.3.10 [root@jo:/usr/local/src/ntop/ntop-3.3.10]#./autogen.sh --prefix=/usr/local/ntop
configure: error: Unable to find RRD at /usr/local/rrdtool: please use --with-rrd-home=DIR --> rrdtool 이 없다고 에러 났다 깔아야 된다. |
--
|
<library 설치> --> rrdtool을 설치하기 전에 몇 가지 라이브러리들이 설치 되어 있어야 한다. "Yum install" 명령으로 설치 해준다. [root@jo:/usr/local/src/ntop/rrdtool-1.4.2]#yum install zlib zlib-devel libpng libpng-devel freetype freetype-devel libart_lgpl libart_lgpl-devel libpcap libpcap-devel –y |
--
|
<http://oss.oetiker.ch/rrdtool/pub/?M=D> <rrdtool 다운로드 및 설치> --> 대표적인 모니터링 툴 MRTG도 이걸 이용.., 라우터 모니터링에도 이용 [root@jo:/usr/local/src/ntop/ntop-3.3.10]#cd .. [root@jo:/usr/local/src/ntop]#wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.2.tar.gz
[root@jo:/usr/local/src/ntop]#tar xvfz rrdtool-1.4.2.tar.gz
[root@jo:/usr/local/src/ntop]#cd rrdtool-1.4.2 [root@jo:/usr/local/src/ntop/rrdtool-1.4.2]#./configure --prefix=/usr/local/rrdtool --disable-python --disable-tcl --enable-shared
checking whether build environment is sane... configure: error: newly created file is older than distributed files! Check your system clock #rdate –s time.bora.net --> 시간 맞춤.
[root@jo:/usr/local/src/ntop]#wget http://oss.oetiker.ch/rrdtool/pub/libs/pixman-0.10.0.tar.gz [root@jo:/usr/local/src/ntop]#wget http://oss.oetiker.ch/rrdtool/pub/libs/cairo-1.6.4.tar.gz [root@jo:/usr/local/src/ntop]#wget http://oss.oetiker.ch/rrdtool/pub/libs/pango-1.17.5.tar.gz [root@jo:/usr/local/src/ntop]yum install libxml2* -y [root@jo:/usr/local/src/ntop]yum install fontconfig-devel -y [root@jo:/usr/local/src/ntop]#yum install glib2 glib2-devel –y
[root@jo:/usr/local/src/ntop]#tar xvfz pixman-0.10.0.tar.gz [root@jo:/usr/local/src/ntop]#cd pixman-0.10.0 [root@jo:/usr/local/src/ntop/pixman-0.10.0]#./configure && make && make install
[root@jo:/usr/local/src/ntop]#export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/lib/pkgconfig
[root@jo:/usr/local/src/ntop/pixman-0.10.0]#cd .. [root@jo:/usr/local/src/ntop]#tar xvfz cairo-1.6.4.tar.gz [root@jo:/usr/local/src/ntop]#cd cairo-1.6.4 [root@jo:/usr/local/src/ntop/cairo-1.6.4]#./configure && make && make install |
|
[root@jo:/usr/local/src/ntop]#tar xvfz pango-1.17.5.tar.gz [root@jo:/usr/local/src/ntop]#cd pango-1.17.5 [root@jo:/usr/local/src/ntop/pango-1.17.5]#./configure && make && make install
<rrdtool설치> [root@jo:/usr/local/src/ntop/pango-1.17.5]#cd ../rrdtool-1.4.2 [root@jo:/usr/local/src/ntop/rrdtool-1.4.2]#./configure --prefix=/usr/local/rrdtool --disable-python --disable-tcl --enable-shared && make && make install |
--
|
<ntop 다시 설치> [root@jo:/usr/local/src/ntop/ntop-3.3.10]#cd GeoIP-1.4.6/ [root@jo:/usr/local/src/ntop/ntop-3.3.10/GeoIP-1.4.6]#make && make install
[root@jo:/usr/local/src/ntop/ntop-3.3.10/GeoIP-1.4.6]#cd .. [root@jo:/usr/local/src/ntop/ntop-3.3.10]#mkdir m4 [root@jo:/usr/local/src/ntop/ntop-3.3.10]#./autogen.sh --prefix=/usr/local/ntop [root@jo:/usr/local/src/ntop/ntop-3.3.10]#make && make install
[root@jo:/usr/local/ntop]#ls bin etc include lib man share var --> 설치된 디렉토리 확인
[root@jo:/usr/local/ntop]#ls etc/ GeoIP.conf GeoIP.conf.default ntop [root@jo:/usr/local/ntop]#cd etc/ntop/ [root@jo:/usr/local/ntop/etc/ntop]#ls GeoIPASNum.dat GeoLiteCity.dat ntop-cert.pem oui.txt.gz specialMAC.txt.gz
[root@jo:/usr/local/ntop/bin]#mkdir -p /usr/local/ntop/var/ntop/rrd |
--
|
[root@jo:/usr/local/ntop]#useradd -M -c "NTOP USER" -s /bin/false ntop [root@jo:/usr/local/ntop]#chown -R ntop.ntop /usr/local/ntop/ [root@jo:/usr/local/ntop]#/usr/local/ntop/bin/ntop -u ntop -w 3001 -P /usr/local/ntop -r 60 -i eth0 --> -w : http, -W : https --> -r : refresh --> -i : 모니터링할 인터페이스 --> -d : 데몬으로 띄움. 지금은 –d 안 붙임.
[root@jo:~]#ps -ef |grep ntop ntop 2236 21466 0 14:34 pts/0 00:00:00 /usr/local/ntop/bin/ntop -u ntop -w 3001 -P /usr/local/ntop -r 60 -i eth0 root 2402 2387 0 14:36 pts/1 00:00:00 grep --color ntop [root@jo:~]#netstat -nlp |grep ntop tcp 0 0 :::3001 :::* LISTEN 2236/ntop udp 0 0 0.0.0.0:34641 0.0.0.0:* 2236/ntop
#iptables -A INPUT -p tcp --sport 1024: -m multiport --dports 3000,3001 -m state --state NEW -j ACCEPT |
--
<ntop 접속>
브로드캐스트 패킷이 많아 지면 별로 안 좋다.
지금 vpn 접속 때문에 udp 패킷이 많다.
