Thursday, August 19, 2010

How to install Ntop 4.0.1 on Debian

After a few months, I decided to write about something :)

I'm still in India.. And while I was working here, we had some problems related to our internet connection.. We think that someone is sniffing!.. So, we wanted to monitor network activity, and see what really happens.. While googling about it, I saw a tool called "ntop".. That was good, because you can use a web interface to monitor things instead of using a linux terminal..

We are currently using a debian system, so first thing we tried was to install it with:

$ sudo apt-get install ntop

Once it was installed(it took some time because of dependencies), I realized that the version was an old one(3.3..). So of course, I wanted to install the new version 4.0.1.. Our debian system was an old version.. Maybe this is why we suffered very much, I'm not sure..

First, I tried to install it by using the tarball archive provided by the site.. I have to say that ntop's installation script is not very user friendly.. You never know what you need as dependencies before running the command "./".. Each time that we tried to run the script, we needed more and more dependencies.. because I'm very stubborn, I didnt give up!.. and tried to install all dependencies.. even the version of python was a problem :)

ntop installation script will give an error because it cannot find RRD tool installed.., you need to have RRD tool installed.. And then, run the script again with rrd home parameter which is:

$ ./ --with-rrd-home:/opt/rrdtool-1.4.x

this part is important.. by default, ntop tries to find RRD tool in /usr/local/rrdtool folder.. but if you try to install RRD tool using a tarball, after the configure, make, make install process, RRD tool is installed under /opt directory.. so do not try to give the /usr/local/rrdtool as a parameter :)

and other dependencies, that we came up with were libraries like "pixman, cairo, pangocairo, fontconfig, freefont and so on".. and these are only "few" ones.. And another missing dependency was "GeoIP".. that you need to install it from here.. Well, we were working on a virtual machine.. I untar the file.. Tried to configure.. but was never able to "make" it.. and the weird thing is that "the host machine" was turned off!.. yes.. we tried 2-3 times, and every time, because of the "make" command, the host machine was turned off.. so I was obliged to give up at this point..

After spending too many hours, I really wanted to run this new version.. So I wanted to try again :) This time, when I checked the ntop site, I realized the Ubuntu documentation on the homepage. So Ubuntu is based on a debian system, so I thought that this documentation can also be useful for us..

$ sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev

with this command, I installed all the missing dependencies in our system.. And instead of using a tar archive, I checked out ntop code from svn..

$ svn co
$ cd ntop
$ ./

and it worked!.. yeah.. then:

$ make

Of course, I had some errors.. "./.libs/ undefined reference to `pcap_parse'".. So that was errors related to compile process.. I reinstalled the libpcap0.9.7 library.. and then retried..

$ make

I've got new errors.. "error while loading shared libraries:".. I checked my /usr/lib directory that was not there but under my /usr/local/lib.. then, I copied related libraries to /usr/lib dir..

$ cp /usr/local/lib/libntopreport* /usr/lib
$ make

Finally, that was compiled..

$ make install

and installed..

$ ntop -a

type an admin password.. and repeat the password..

$ ntop

now, ntop service is started.. you can use ntop 4.0.1 by using your browser: http://localhost:3000