ntop & Cisco netflow on SUSE HowTo

Leave a comment Go to comments

Install via zypper. There are ntop packages available for OpenSUSE by default and ntop rpms for SLES can be downloaded from the SUSE build service.

In order to get graphing working, you may need to create and chown a directory that isn’t created by default (check the output of ntop).

# mkdir /var/lib/ntop/rrd

# chown nobody /var/lib/ntop/rrd

In order to capture data from a netflow interface you must start ntop in non-merge interface mode.

# ntop -M

On the cisco you have to setup the ip flow-exports:

# ip flow-export source FastEthernet4
# ip flow-export version 9
# ip flow-export destination <ntop host> 6343

You also need to assign flow to the interface you would like to monitor.

interface FastEthernet4
#  ip route-cache flow

Everything you need to do from this point forward is done by accessing the ntop web interface. http://<ntop ip>:3000/

From the web interface:

plugins -> netflow -> view/configure

After you have created a netflow interface wait a while for it to gather statistics and then you should have meaningful data on the graphs.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: