|
OpenBSD is not supported, I know. OpenBSD has an ntop
package, v1.1 with none of the cool trimmings and the web interface
disabled. For those that are interested in how to get the new, big ntop it
to run OK on OpenBSD, know this - it ain't quite right J If
you can avoid installing it on OpenBSD, you should probably do so. First, I needed it to run on OpenBSD because I have a bridge
interface here that all traffic to the internet passes through. pf
controls traffic on the bridge. Initially the bridge had no IP address,
so I assigned one to the interface that goes into our big switch. ntop
can't monitor an IPless interface of course. If I hadn't used
OpenBSD in the first place, I would have saved days of effort, but I like
OpenBSD so nyeah. Hopefully this will help someone. This is for
OpenBSD 3.5 because I'm too scared to upgrade to 3.6 on this machine just
yet. I'm sure I did a lot of things wrong, but this is what worked
for me and I'm insane. I read a lot of stuff off these mailing lists,
and I don't want to spread a bunch of misinformation, so if anyone is
sure I did something completely wrong, might want to follow up.
Especially if this can be condensed down into like two steps. If anyone
tells me I could have done this in two steps, I'll jump off a bridge.
I could have mirrored a port on the switch and put a new machine up, but this
was a conquest. First thing is to get the required libraries compiled and
installed. Don't bother with BSD packages, get source. Or, do
what you like J gd-2.0.33, libpng1.2.8, zlib-1.2.2, libiconv-1.9.1 (probably
didn't need to get this one), and I had freetype 2 on there, for no
really good reason. Also, I installed the newest libpcap. I believe gd needed some massaging to compile. Not a
big problem. I don't recall the specifics, but it had to do with
needing to pass -lpthread because it's internal detection didn't
work. After you run ./configure, edit the Makefile and change the LIBS=
line to LIBS = -lpthread -ljpeg -lfreetype -lpng -lz -lm
/usr/local/lib/libiconv.a or something similar. Install Zlib first because libpng wants that, and gd will
enjoy linking with libpng. Your OpenBSD will already have zlib on there
in /usr/lib. If you have updated your system libraries like a good
citizen, your zlib is probably up to date. If you're a scrub,
install the new zlib to /usr/local/libs and tell stuff to compile against that
one .. or else. Once your libraries are in place, configure ntop. First,
edit config.sug and add openbsd)
basic_machine-i386-unknown-openbsd3.5
os=
;; near all the other osses. This is probably not exactly
correct, and it threw a fit about something, but it worked. if you run configure, it'll probably whine about
gdimagedestroy(). If you look at the config.log you'll see
why. To fix this, edit the configure file and search for
gdimagedestroy. A few lines under there, there's a LIBS statement,
I changed mine to look like: LIBS="-lgd -liconv $LIBS" it'll also probably whine about png_read_info(), and
to get around this, search configure for png_read_info and right underneath the
line that says LIBS=$ac_check_lib_save_LIBS I made another entry that said LIBS="-lgd -liconv -lpng -lz -lpthread $LIBS" God knows what this does to the script when you do this, but
it worked for me. Tell it where all the stuff is. My ./configure line
looked like ./configure --build=openbsd
--with-localedir=/usr/share/locale --with-zlib-lib=/usr/local/lib
--with-zlib-include=/usr/local/include I think I might have run into other problems, so I edited
the Makefile LIBS=line to read LIBS = -lresolv -lc -lssl -lcrypto -lz -lpthread -liconv
-lpcap -lgdbm -lgd -lpng Again, if this is not good, don't listen to me.
But it did work. It will compile at this point, but if you get a gzflush
error from ntop and it crashes out, open config.h in the ntop source root and
search for ZLIB. The first hit should be about the header file, a
define. Comment that out with /* and */ or // or whatever.
Underneath put in #undef MAKE_WITH_ZLIB and it should not give you that gzflush error anymore.
I guess zlib isn't required? J oh yeah, when you're compiling on OpenBSD get the
gmake package or it will barf all over the place on make install. If you
do this stuff, and do gmake && gmake install you're all set. Make an ntop user (or _ntop) or whatever. Get ntop
running once and set the admin password. Close it down. From now on, when you start ntop, you will have to pass some
switches to it or you're in for a world of hurt. One of the
switches causes your CPU usage to spike very high, but it doesn't seem to
adversely affect performance on this machine, magically. Well, maybe it
does, but this tool is so useful, what the heck, right? Right? The switches I use to start ntop look like this - /usr/local/bin/ntop -i em0 -u ntop -d -w 127.0.0.1:15123 -W
0 -r 120 --skip-version-check --local-subnets 10.0.0.0/255.0.0.0
--use-syslog=syslog --no-mac --set-pcap-nonblocking -K -i is the interface I want to monitor. -w is
the non-ssl webserver on port 15123, default is 3000. -W is the ssl
webserver that I disabled by specifying port 0 (see below for why). -r
is refresh time, but I think this is default anyway. Don't think
you need local-subnets unless you're a special case. the -use-syslog
doesn't work for me quite right yet, working on that. -no-mac
I needed, you might not. Read about it. I skip version check
because I've got the noids. The developers would probably like you
to use it, and I don't blame them. Thanks for allowing the switch. now -set-pcap-nonblocking I needed. If you read
the man page, you'll see that this causes a massive CPU hit.
Without this, ntop's webserver would respond extremely slowly or not at
all. It wasn't cool. I tried hard to get around this, but it
seems I needed it for OpenBSD. -K I needed, which is debug mode. If I turned that
off, I got a TON of ntop processes listed in ps -aux. It seemed
like they'd spawn and never go away. As you can see, I told ntop to bind it's webserver to
the localhost. That's because I want it going through apache.
This machine has 3 net cards, two for the bridge interface, and one which is
for Squid. I wanted apache to serve pages out on the Squid/mgmt
interface, and I wanted it to work like this - if the DNS name of the
squid machine, say squid.domain.net was entered into a browser, apache would
serve up some HTML. if the DNS alias ntop.domain.net was entered into the
machine, apache would proxy to the localhost port 15123, ntop's
webserver. I also wanted user authentication on both. I did this by doing the following jank (thanks to Toby
Johnson's mini-howto at http://www.ntop.org/UsageNotes.html
for getting me started - You'll need mod_proxy and mod_rewrite open httpd.conf and set AllowOverride to AuthConfig in the
first <directory entry. Like I said, this is for those who type the
non-aliased DNS name. This probably won't apply to too many people,
but nobody else mentioned how to do it like this exactly. Under that, put in Order allow,deny Allow from all AuthName "Restricted Area" AuthType Basic AuthUserFile /usr/local/apache/users/ntop_users require valid-user </Directory> Later on, by the example virtualhost entry, I got NameVirtualHost squid.domain.net <VirtualHost squid.domain.net:80> DocumentRoot /usr/local/apache/htdocs/ ServerName squid.domain.net </virtualhost> and another one for the ntop proxy stuff for when someone
puts the DNS CNAME in. NameVirtualHost ntop.domain.net <VirtualHost ntop.domain.net:80> ServerName ntop.domain.net ServerSignature
Off ServerAlias ntop.domain.net ProxyPass /
http://127.0.0.1:15123/ ProxyPassReverse
/ http://127.0.0.1:15123/ <Directory
proxy:* >
AuthName "Ntop Restricted"
AuthType Basic
AuthUserFile /usr/local/apache/users/ntop_users
require valid-user
</Directory> </VirtualHost> the same file is used by htpasswd for both areas.
Generate it by using htpasswd -c <filelocation> <user> I believe this is all I had to do. I might have missed
something small. At one point, I had to create/hand edit a libpngXX.la
file in a text editor, but perhaps I figured a way to not require that anyway. top command tells me ntop is using 74.41% of the CPU time J It
can't be the fastest ntop machine out there, but it's working so
far. Huzzah! Note to developers or aspiring helpers who know more than me
- consider fully supporting OpenBSD. Your program is cool. |
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
