summaryrefslogtreecommitdiff
path: root/network/ntop/README.SLACKWARE
diff options
context:
space:
mode:
authorNiels Horn <niels.horn@gmail.com>2010-05-13 00:37:40 +0200
committerRobby Workman <rworkman@slackbuilds.org>2010-05-13 00:37:40 +0200
commit8e76bfd2c826db393f7523867938868cc004c93c (patch)
tree5baebdc1ca67b803848db3700ae77b86ac4fe501 /network/ntop/README.SLACKWARE
parent608dafae2e215562a1b7c20353535d07834f44f7 (diff)
downloadslackbuilds-8e76bfd2c826db393f7523867938868cc004c93c.tar.gz
network/ntop: Updated for version 3.3.10
Diffstat (limited to 'network/ntop/README.SLACKWARE')
-rw-r--r--network/ntop/README.SLACKWARE238
1 files changed, 238 insertions, 0 deletions
diff --git a/network/ntop/README.SLACKWARE b/network/ntop/README.SLACKWARE
new file mode 100644
index 0000000000..0186ed3daa
--- /dev/null
+++ b/network/ntop/README.SLACKWARE
@@ -0,0 +1,238 @@
+README.Slackware
+================
+
+This file contains some specific instructions to complete the
+installation of ntop on Slackware.
+
+0) Before running the SlackBuild script
+---------------------------------------
+
+0.1) ntop group & user
+
+Before running the ntop.SlackBuild script, you will need to create
+the 'ntop' user and group. The script won't run if these do not
+exist.
+
+The suggested UID and GID is 212, but you can change this as needed:
+
+ # groupadd -g 212 ntop
+ # useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop
+
+If you want to use a different user and/or group under which to run
+ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables
+when running the build script.
+
+1) Download extra databases
+---------------------------
+
+After building & installing the ntop package, you might want to
+follow these extra steps:
+
+1.1) GeoIP tables
+
+To identify the location of the external hosts your netwerk connects
+to, ntop uses GeoIP. You will need to download the latest tables to
+your ntop server and store them in /etc/ntop:
+
+ # cd /etc/ntop
+ # wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
+ # gunzip -c GeoLiteCity.dat.gz > GeoLiteCity.dat
+ # wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
+ # gunzip -c GeoIPASNum.dat.gz > GeoIPASNum.dat
+
+Both files are updated regularly (about once a month). There are some
+suggestions below on how to keep your ntop server up-to-date.
+
+1.2) OS fingerprint database
+
+ntop tries to identify the Operating System from the captures packages by
+searching for a "fingerprint". It uses a table that needs to be downloaded
+from the ettercap project on SourceForge:
+
+ # cd /etc/ntop
+ # wget -O etter.finger.os http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD
+
+This file hasn't been updated since 2005, so it doesn't identify the more
+modern OSs (Slackware 13.0 is identified as "Debian Linux" :-/ ) but it still
+might be helpful.
+
+1.3) OUI database
+
+All MAC addresses contain a "Organizationally Unique Identifier" (OUI) to
+identify the manufacturer. These OUIs are assigned by the IEEE Standards
+Association. A table is included with ntop, but new OUIs are assigned almost
+every day, so you might want to update the file now, before starting ntop:
+
+ # cd /etc/ntop
+ # wget http://standards.ieee.org/regauth/oui/oui.txt
+ # gzip -c oui.txt > oui.txt.gz
+
+Since this file changes frequently, check the suggestions later in this file
+on how to keep your ntop server up-to-date.
+
+2) Start & Stop scripts for ntop
+--------------------------------
+
+2.1) Automatic startup and shutdown
+
+If you want to start ntop on system bootup, include these lines in your
+/etc/rc.d/rc.local:
+
+ # Start ntop
+ if [ -x /etc/rc.d/rc.ntop ]; then
+ echo "Starting ntop..."
+ /etc/rc.d/rc.ntop start
+ fi
+
+To guarantee a clean shutdown of ntop, include this in
+/etc/rc.d/rc.local_shutdown:
+
+ # Stop ntop
+ if [ -x /etc/rc.d/rc.ntop ]; then
+ echo "Stopping ntop..."
+ /etc/rc.d/rc.ntop stop
+ fi
+
+2.2) Make /etc/rc.d/rc.ntop executable
+
+Additionally, you'll have to set the rc script to be executable just like
+any other Slackware rc script:
+
+ # chmod +x /etc/rc.d/rc.ntop
+
+3) Set the administrator password
+---------------------------------
+
+When ntop is installed at the first time, you MUST set the administration
+password for ntop (user 'admin'). You do that by running ntop with the
+option -A (or --set-admin-password) as root:
+# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A
+For example:
+
+ # /usr/bin/ntop -P /var/lib/ntop -u ntop -A
+
+It will prompt you for the password and then exit.
+
+4) Starting ntop
+----------------
+
+Now you are ready to start ntop by calling the startup script:
+
+ # /etc/rc.d/rc.ntop start
+
+Once ntop has started and configured correctly, you should be able to look
+at all the data it's collected by pointing your browser at:
+
+ http://(ip-of-your-ntop-server):3000/
+
+Browse through the configuration menu (Admin / Configure / Startup options)
+to set the interfaces you want to capture and many more parameters.
+
+Fore more documentation on ntop, check:
+- http://www.ntop.org/documentation.html
+- http://www.ntop.org/needHelp.html
+
+There are also some mailing lists you can subscribe to, that can be found on
+the pages mentioned above.
+
+*** NOTE ***
+* There have been some reports about ntop crashing (segfault) after any
+* period between a couple of minutes to several hours.
+* If this happens on your system, try disabling DNS resolution either from
+* the menu (admin/configure/startup options/IP Prefs) or changing the rc.ntop
+* file, adding the "-n" option to the line that starts ntop:
+* /usr/bin/ntop --w3c -u $NTOPUID -n -d >> $NTOPLOG 2>&1
+* ^^
+*** end ***
+
+5) Keeping your ntop tables up-to-date
+--------------------------------------
+
+Now that your ntop server is running, you might want to keep the tables we
+installed earlier updated automatically.
+
+I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/
+directories, where xxxx stands for:
+
+ - hourly
+ - daily
+ - weekly
+ - monthly
+
+So saving a script in /etc/cron.weekly/ means it will be run every week.
+Saving it in /etc/cron/monthly/ means it will run once a month, etc.
+
+My suggestions are:
+ - save ntop_update_geoip in /etc/cron.weekly
+ - save ntop_update_oui in /etc/cron.daily
+
+Don't forget to make the script executable.
+
+The following scripts are examples, feel free to adapt them to your reality:
+
+=============================================================================
+*********************
+* ntop_update_geoip * - Suggestion: save in /etc/cron.weekly
+*********************
+-----------------------------------------------------------------------------
+#!/bin/sh
+#
+# ntop_update_geoip: update GeoIP tables
+
+UPDATE_DIR="/etc/ntop"
+UPDATE_LOG="/var/log/ntop_update.log"
+UPDATE_OUT="wget.out"
+UPDATES="\
+http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \
+http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat"
+
+cd $UPDATE_DIR
+
+for update in $UPDATES; do
+ update_url=`echo $update | awk -F , {'print $1'}`
+ update_file=`echo $update | awk -F , {'print $2'}`
+
+ wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz
+ WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
+ if [ $WGET_TEST -eq "0" ]; then
+ tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
+ gunzip -c ${update_file}.gz > ${update_file}
+ fi
+done
+
+rm $UPDATE_OUT
+=============================================================================
+*******************
+* ntop_update_oui * - Suggestion: save in /etc/cron.daily
+*******************
+-----------------------------------------------------------------------------
+#!/bin/sh
+#
+# ntop_update_oui: update OUI table
+
+UPDATE_DIR="/etc/ntop"
+UPDATE_LOG="/var/log/ntop_update.log"
+UPDATE_OUT="wget.out"
+UPDATES="\
+http://standards.ieee.org/regauth/oui/,oui.txt"
+
+cd $UPDATE_DIR
+
+for update in $UPDATES; do
+ update_url=`echo $update | awk -F , {'print $1'}`
+ update_file=`echo $update | awk -F , {'print $2'}`
+
+ wget -o $UPDATE_OUT -N ${update_url}${update_file}
+ WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
+ if [ $WGET_TEST -eq "0" ]; then
+ tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
+ gzip -c ${update_file} > ${update_file}.gz
+ fi
+done
+
+rm $UPDATE_OUT
+=============================================================================
+
+(Note that there are some subtle differences between the scripts, so beware
+when copying)
+