Ntop - anyone here use it?

[FirebarUK]

Anyone here use Ntop? If so, how the chuff do you set up SSL for it?
I'm having problems due to the extreme lack of documentation.

Failing that, what do other people use to log network & performance stats on linux?

Not necessarily something with an integrated webserver...

 

[Una]

Been a while since I installed ntop I think I built it from source tarbal since ssl wasn't included in the package as default but I may be wrong...

./configure switches are for custom paths although the defaults might be aright depending on your distro.

--with-ossl-root=DIR openSSL located in DIR
--with-ossl-lib=DIR or libssl located in DIR
--with-ossl-include=DIR or ssl.h located in DIR

There is also,
--enable-sslv3 enable ssl v3 support [default=disabled]
--enable-sslwatchdog enable Watchdog for ssl hangups [default=disabled]

This should get you going..

I tend to just use tcpdump/wireshark/mrtg/snort and some other IDS stuff for networking + SNMP stuff on my networking hardware..

 

[FirebarUK]

Thanks, I had it installed from an RPM and I can enable SSL fine and it works, but I can't create my own certificate for it - which is really bugging me

As you say, wondering whether its worth it now. I suppose I am in essence creating another web server and hence another attack vector.

 

[Una]

Thanks, I had it installed from an RPM and I can enable SSL fine and it works, but I can't create my own certificate for it - which is really bugging me

openssl genrsa -out privkey.pem 2048
openssl req -new -x509 -key privkey.pem -out cert.pem -days 1095
cat privkey.pem cert.pem > ntop-cert.pem
rm privkey.pem cert.pem
mv ntop-cert.pem /etc/ntop/

As you say, wondering whether its worth it now. I suppose I am in essence creating another web server and hence another attack vector.

Exactly.. its not worth it in my opinion unless you specifically need ntops services. Still its a learning experience.

 

[FirebarUK]

Thanks for your help as always