ntopng for IPFire

Help on building IPFire & Feature Requests
ummeegge
Community Developer
Community Developer
Posts: 4593
Joined: October 9th, 2010, 10:00 am

Re: ntopng for IPFire

Post by ummeegge » June 9th, 2018, 1:32 pm

Hi gocart,
thanks for info. Am currently not at home but when back i will give it a go for 3.4 and MariaDB.

Grüssle,

UE
Image
Image
Image

ummeegge
Community Developer
Community Developer
Posts: 4593
Joined: October 9th, 2010, 10:00 am

Re: ntopng for IPFire

Post by ummeegge » June 24th, 2018, 2:36 pm

Hi all,
have updated (no 3.5 but little newer 3.3) Ntopng and the in- uninstaller (updater) and have also included the MySQL perl modules (builded faster then MariaDB) which were required to bring Ntopng to life so it should be independent of potential IPFire MySQL installation.

Ntopng-3.5 (either 3.5 stable nor 3.5 dev branch) do not build here -->

Code: Select all

In file included from /usr/include/stdio.h:862:0,
                 from /usr/src/ntopng/include/ntop_includes.h:33,
                 from src/TimeSeriesExporter.cpp:22:
/usr/include/bits/stdio2.h:65:44: note: '__builtin___snprintf_chk' output between 2 and 4116 bytes into a destination of size 4096
        __bos (__s), __fmt, __va_arg_pack ());
                                            ^
In file included from /usr/include/fcntl.h:313:0,
                 from /usr/src/ntopng/include/ntop_includes.h:84,
                 from src/TimeSeriesExporter.cpp:22:
In function 'int open(const char*, int, ...)',
    inlined from 'void TimeSeriesExporter::createDump()' at src/TimeSeriesExporter.cpp:77:12:
/usr/include/bits/fcntl2.h:50:24: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
    __open_missing_mode ();
    ~~~~~~~~~~~~~~~~~~~~^~
make[1]: *** [Makefile:167: src/TimeSeriesExporter.o] Error 1
make[1]: Leaving directory '/usr/src/ntopng'
make: *** [ntopng:93: /usr/src/log/ntopng-3.4.220618] Error 2
but version 3.3.180624 does build for 64 bit but also for 32 bit machines so both platforms are again available.

All can be found in here --> viewtopic.php?f=50&t=19565#p111061 .

Greetings,

UE
Image
Image
Image

ummeegge
Community Developer
Community Developer
Posts: 4593
Joined: October 9th, 2010, 10:00 am

Re: ntopng for IPFire

Post by ummeegge » June 27th, 2018, 5:18 am

Hi all,
we found a fix --> https://github.com/ntop/ntopng/issues/1833 for the above problem. Update to the current actual ntopng-3.5 and nDPI-2.2.2 dev version has been uploaded and is available via installer --> viewtopic.php?f=50&t=19565 .

UE
Image
Image
Image

User avatar
kettenshcutz
Posts: 17
Joined: May 23rd, 2018, 12:04 pm

Re: ntopng for IPFire

Post by kettenshcutz » July 4th, 2018, 5:28 am

hi and thanks for the update
out of the sudden the ntop IF was again not reachable, even if the ntop and redis server were running without errors
restarting services and even the whole IPFIRE wont fix that

i now installed the update with the new uploaded installer, and et voila. NTOP is up again (:

Special thanks for that ummeegge, cokart

Stefan87
Posts: 39
Joined: July 20th, 2017, 11:55 pm

Re: ntopng for IPFire

Post by Stefan87 » August 9th, 2018, 1:23 pm

does ntopng work with the latest version of ipfire after the update?

ummeegge
Community Developer
Community Developer
Posts: 4593
Joined: October 9th, 2010, 10:00 am

Re: ntopng for IPFire

Post by ummeegge » August 9th, 2018, 5:47 pm

Hi,
current dev version v.3.5.180626 runs here without problems.

UE
Image
Image
Image

Stefan87
Posts: 39
Joined: July 20th, 2017, 11:55 pm

Re: ntopng for IPFire

Post by Stefan87 » August 10th, 2018, 1:17 pm

Works Perfekt Thanks

Hellfire
Posts: 486
Joined: November 8th, 2015, 8:54 am

Re: ntopng for IPFire

Post by Hellfire » August 22nd, 2018, 11:51 am

Hi,

I did install ntopng today which worked fine on core 122. After the first access of the notpng webpage I was forced to change my admin password, which I did in Firefox 52.x, afterwards I was successfully redirected to the ntopng dashboard.

After restarting Firefox and trying to re-entering the dashboard, nothing happens after typing in my rather complex admin password. No redirection to the dashboard took place, even no refresh of the login page nor any hint about a wrong user name or password.

So I did a password reset as described here viewtopic.php?f=50&t=19565&start=15#p111142 since I assumed notpng has some issues with my password.

Since this did not affect anything either I killed the process via SSH and restarted ntopng with

Code: Select all

/etc/init.d/ntopng restart
.
[root@ipfire ntopng]# /etc/init.d/ntopng restart
Stopping Traffic Analyzer and Flow Collector... Not running. [ OK ]
Starting Traffic Analyzer and Flow Collector...
22/Aug/2018 13:39:07 [Prefs.cpp:963] ntopng will use redis 127.0.0.1@3
22/Aug/2018 13:39:07 [Ntop.cpp:1509] Setting local networks to [ .....]
22/Aug/2018 13:39:07 [Redis.cpp:127] Successfully connected to redis 127.0.0.1:6379@3
22/Aug/2018 13:39:07 [Redis.cpp:127] Successfully connected to redis 127.0.0.1:6379@3
22/Aug/2018 13:39:08 [Ntop.cpp:1449] Parent process is exiting (this is normal)
Again I tried to access the login page of ntopng. To my surprise I now get an error saying:
2018-08-22_134734.png
Edit: guess this one hit me, too: viewtopic.php?f=50&t=19565&start=15#p111149. My password looks like this one:
KH2KSkys7#hwIo#Y^;-Vc%@
So, how to proceed?

Thanks,
Michael
Image

Hellfire
Posts: 486
Joined: November 8th, 2015, 8:54 am

Re: ntopng for IPFire

Post by Hellfire » August 22nd, 2018, 12:50 pm

Got this solved by uninstalling ntopng an reinstalling it :(
Image

ummeegge
Community Developer
Community Developer
Posts: 4593
Joined: October 9th, 2010, 10:00 am

Re: ntopng for IPFire

Post by ummeegge » August 22nd, 2018, 1:46 pm

Hi Michael,
this seems to be pretty much like a long term problem. Have found also some other hints with the usage of redis-cli like this one --> https://github.com/ntop/ntopng/issues/153 , in there is also a possibility described to disable the login via ntopng.conf with an '-l=1' entry (-l|--disable-login --> http://manpages.org/ntopng/8 ) .
ntopng do provides an extra side for this --> https://github.com/xtao/ntopng/blob/master/README.users but all i tried results in the same 'not working' procedure.

After several test, have had also the "login.lua was not found" message but this has been fixed by stopping ntopng, restarting redis and starting ntopng again.

There is again a new version (3.6) out which i currently build. If i get a working version out there will go for a checkout for the password problem too.

UE
Image
Image
Image

Hellfire
Posts: 486
Joined: November 8th, 2015, 8:54 am

Re: ntopng for IPFire

Post by Hellfire » August 22nd, 2018, 1:59 pm

Thanks for this reply.

As already said, a reinstall solved this for me now. I did restart redis and ntopng, too, maybe used the wrong order though.

Michael
Image

ummeegge
Community Developer
Community Developer
Posts: 4593
Joined: October 9th, 2010, 10:00 am

Re: ntopng for IPFire

Post by ummeegge » August 23rd, 2018, 4:57 am

Hi all,
just for the records. I could break down which special characters are a problem for the ntopng webinterface whereby one sign seems to break almost the 'add a new user' setup.

Tests has been done with the current new 3.7.230818 DEV version:
Characters which worked:

Code: Select all

! $ % & / ( ) = ? ^ ; : . , _ - # * `
Characters which do NOT work and there is also no warning via webinterface are:

Code: Select all

´ + ° < > & "
Character which brokes the "Manage user" setup:

Code: Select all

'
after entering this one, i do only get "Invalid parameters" in the setup.

Some news from here.

UE

EDIT: Opened up a bug --> https://github.com/ntop/ntopng/issues/1935 .
Image
Image
Image

ummeegge
Community Developer
Community Developer
Posts: 4593
Joined: October 9th, 2010, 10:00 am

Re: ntopng for IPFire

Post by ummeegge » August 23rd, 2018, 8:19 am

Hi all,
an update of ntopng to

Code: Select all

v.3.7.180823	[Community build]
GIT rev:	dev:e67d40694fa8e4189e4b991b8da6fb455ed205e7:20180823
and to nDPI-2.5 DEV version has been uploaded.
Ntopng announcement --> https://www.ntop.org/ntop/say-hello-to- ... -influxdb/ and nDPI --> https://www.ntop.org/ndpi/introducing-ndpi-2-4/ since i only use the dev versions here, the version is +1 to the stable released ones (3.7 and 2.5).

Lot´s of the described features are not available for the community version. Changes i have had recognized until now are:

Host Details:
- PCAP download possibility until the last 10 minutes <-- takes relatively long to generate and download (be patient).

Dashboard Details:

- PCAP download possibility for selected interface.

Alerts for Interfaces:
New Tabs for "Past Alerts" and "Flow Alerts" with configuration possibilities for thresholds in time cycles for minute, 5 minutes, hourly, daily.

Flows:
- Selections extended for "Applications" and "Categories" filtering (new nDPI).

MAC addresses:
- Includes now also history.

Preferences:

Cache Settings --> "Active Local Host Cache Interval".

Time Series --> "Timeseries Driver" for RRD and InfluxDB.

Devices Timeseries --> "Layer-7 Applications" and "Timeseries Retention" .

Alerts --> "Mining Alerts".

Logging --> "Trace Log" and "Enable Host Pool Events Log" can now be saved to data dump directory instead of syslog.

BackUP for Ntopng settings possibility.

Update can be done as usual via in- uninstaller from here --> viewtopic.php?f=50&t=19565#p111061 .

New integrated has been libmaxminddb and GeoIP-api-c has been dropped. If you use the geoip_updater you can execute after the update an

Code: Select all

/etc/ntopng/scripts/geoip_updater.sh
to get instantly the new GeoLite2 database, if you added a weekly or monthly update via installer, this update will be made automatically after the time cycle has been reached (fcron).

Greetings,

UE
Image
Image
Image

Hellfire
Posts: 486
Joined: November 8th, 2015, 8:54 am

Re: ntopng for IPFire

Post by Hellfire » August 28th, 2018, 2:38 pm

Update works great so far, a big thanks!

I've used the already available installer script from version 3.5 on harddrive and pressed 'u'pdate again, noticed, however, that this did not update to the latest version 3.7, though, cause the ntopng webpage still claims there is an update available...

Guess it is absolutely necessary to re-download the installer again and perform the update afterwards, right?

Is it possbible to use the InfluxDB with this 3.7 version on IPFire? I assume that this is a new database system that is not available on IPFire and not available with the current installation of ntopng right now, correct? Did not dare to switch so far ;) from the settings.
Edit: Question already answered :D Dared to try it myself and got this message:
Could not contact the InfluxDB database: 0
Btw, most of the statistics show IP-adresses instead of DNS names. Is there a setting for DNS resolving in ntopng I did not see so far?

Michael
Image

ummeegge
Community Developer
Community Developer
Posts: 4593
Joined: October 9th, 2010, 10:00 am

Re: ntopng for IPFire

Post by ummeegge » August 28th, 2018, 6:29 pm

Hi Michael,
Hellfire wrote:
August 28th, 2018, 2:38 pm
Update works great so far, a big thanks!
your welcome :) .
Hellfire wrote:
August 28th, 2018, 2:38 pm
I've used the already available installer script from version 3.5 on harddrive and pressed 'u'pdate again, noticed, however, that this did not update to the latest version 3.7, though, cause the ntopng webpage still claims there is an update available...

Guess it is absolutely necessary to re-download the installer again and perform the update afterwards, right?
Yes, you will need to download always the new in- uninstaller since the new packages, checksums but also other possible important changes are in there --> https://gitlab.com/ummeegge/ntopng-ipfi ... staller.sh so old in- uninstaller won´t work for updates or fresh in- uninstall of actual versions.
Hellfire wrote:
August 28th, 2018, 2:38 pm
Is it possbible to use the InfluxDB with this 3.7 version on IPFire? I assume that this is a new database system that is not available on IPFire and not available with the current installation of ntopng right now, correct? Did not dare to switch so far ;) from the settings.
Edit: Question already answered :D Dared to try it myself and got this message:
Could not contact the InfluxDB database: 0
IPFire (and me too) do not provide influxDB, you would need a go compiler --> https://anomaly.io/compile-influxdb/ to build it from source which is also not available in IPFires dev environment but it should be possible to use precompiled binaries --> https://github.com/influxdata/influxdb . Did a very fast one and installed one at a Linux Mint machine, created testwise a ntopng DB and configured ntopng to this address and got a

Code: Select all

Successfully initialized database "ntopng" on InfluxDB(1.6.2)
tcpdump shows also some delivered data on TCP 8086 but i haven´t had a deeper look into all that even it seems pretty interesting. Also Grafana might be there a possiblity --> https://www.ntop.org/ntopng/ntopng-graf ... alizazion/ which is also a topic in PFsense forums, so i think it is a community version gimmick.
Hellfire wrote:
August 28th, 2018, 2:38 pm
Btw, most of the statistics show IP-adresses instead of DNS names. Is there a setting for DNS resolving in ntopng I did not see so far?
This is here different, depends possibly what interface is listed i think. Checkout the "--dns-mode" section from here --> https://www.ntop.org/guides/ntopng/cli_options.html may this helps.

Another one: Have reported your delivered password bug --> viewtopic.php?f=50&p=118441#p118335 which has been identified as a bug --> https://github.com/ntop/ntopng/issues/1935 and it seems that it is meanwhile fixed --> https://github.com/ntop/ntopng/commit/a ... fea9a9f523 . Am currently building the new version can take a little longer to test and provide it here cause am tomorrow at the road again for a couple of days.

Greetings,

UE
Image
Image
Image

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests