Install ntopng Network Traffic Monitor

Set up ntopng to monitor network traffic in real-time with detailed analytics, bandwidth monitoring, and customizable dashboards. Learn to configure interface monitoring, traffic analysis rules, and alerting for complete network visibility.

Prerequisites

Root or sudo access
At least 4GB RAM
Network interfaces to monitor
Redis for data storage

What this solves

ntopng provides comprehensive network monitoring with real-time traffic analysis, bandwidth usage tracking, and interactive dashboards. You need this when monitoring network performance, identifying bandwidth bottlenecks, analyzing traffic patterns, or tracking network security events across your infrastructure.

Step-by-step installation

Update system packages

Start by updating your package manager to ensure you get the latest versions and dependencies.

sudo apt update && sudo apt upgrade -y

sudo dnf update -y

Install ntopng and dependencies

Install ntopng along with required networking tools and Redis for data storage.

sudo apt install -y ntopng redis-server libpcap0.8 net-tools

sudo dnf install -y epel-release
sudo dnf install -y ntopng redis libpcap net-tools

Enable and start Redis

Redis stores ntopng's historical data and provides high-performance data retrieval for dashboards.

sudo systemctl enable --now redis
sudo systemctl status redis

Create ntopng data directory

Set up the directory structure for ntopng data storage with correct permissions.

sudo mkdir -p /var/lib/ntopng
sudo chown ntopng:ntopng /var/lib/ntopng
sudo chmod 755 /var/lib/ntopng

Configure ntopng main settings

Create the primary configuration file with network interfaces, web interface settings, and data storage options.

# Network interfaces to monitor (comma-separated)
-i=eth0,eth1

Web interface settings
-P=/var/lib/ntopng/ntopng.pid
-d=/var/lib/ntopng
-w=3000

Redis connection
-r=127.0.0.1:6379

Local networks (adjust to your subnets)
-m=192.168.1.0/24,10.0.0.0/8,172.16.0.0/12

Enable historical data
--dump-timeline=1
--dump-flows=1

User authentication (optional)
-u=admin:admin123

Logging
-v=3
--syslog=daemon

Configure network interface monitoring

Identify your network interfaces and adjust the monitoring configuration accordingly.

ip link show
ss -tuln | grep :3000

Update the configuration file with your actual interface names:

sudo sed -i 's/eth0,eth1/enp0s3,enp0s8/' /etc/ntopng/ntopng.conf

Set up traffic analysis rules

Create custom rules for traffic categorization and bandwidth monitoring.

# Custom traffic categories
Format: category_name:protocol:port_range
HTTP_Traffic:tcp:80,8080
HTTPS_Traffic:tcp:443
DNS_Traffic:udp:53
SSH_Traffic:tcp:22
Database_Traffic:tcp:3306,5432
Email_Traffic:tcp:25,587,993,995

Configure alerting and thresholds

Set up bandwidth thresholds and security alerts for network monitoring.

# Bandwidth thresholds (in Mbps)
bandwidth_threshold_host=100
bandwidth_threshold_network=1000

Flow thresholds
max_flows_per_host=10000
max_new_flows_per_minute=1000

Security alerts
enable_intrusion_detection=true
enable_malware_detection=true
enable_port_scan_detection=true

Alert destinations
alert_email=admin@example.com
alert_syslog=true

Create systemd service override

Configure systemd service parameters for better resource management and monitoring.

sudo mkdir -p /etc/systemd/system/ntopng.service.d

[Service]
ExecStart=
ExecStart=/usr/bin/ntopng /etc/ntopng/ntopng.conf
Restart=always
RestartSec=10
User=ntopng
Group=ntopng

[Unit]
After=redis.service
Requires=redis.service

Configure firewall access

Open the ntopng web interface port while maintaining security.

sudo ufw allow 3000/tcp comment 'ntopng web interface'
sudo ufw reload

sudo firewall-cmd --add-port=3000/tcp --permanent
sudo firewall-cmd --reload

Enable and start ntopng

Start the ntopng service and enable it for automatic startup.

sudo systemctl daemon-reload
sudo systemctl enable --now ntopng
sudo systemctl status ntopng

Set up log rotation

Configure automatic log rotation to prevent disk space issues.

/var/log/ntopng/*.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    notifempty
    create 644 ntopng ntopng
    postrotate
        /bin/systemctl reload ntopng > /dev/null 2>&1 || true
    endscript
}

Configure dashboards and visualization

Access the web interface

Open your browser and navigate to the ntopng web interface to configure dashboards.

curl -I http://localhost:3000
echo "Access ntopng at: http://$(hostname -I | awk '{print $1}'):3000"

Configure custom dashboard settings

Set up the web interface with custom views and monitoring preferences through the API.

# Create custom dashboard configuration
sudo mkdir -p /var/lib/ntopng/dashboards
sudo tee /var/lib/ntopng/dashboards/custom.json > /dev/null << 'EOF'
{
  "name": "Network Overview",
  "widgets": [
    {
      "type": "traffic_stats",
      "title": "Interface Traffic",
      "interfaces": ["all"]
    },
    {
      "type": "top_talkers",
      "title": "Top 10 Hosts by Traffic",
      "limit": 10
    },
    {
      "type": "protocols",
      "title": "Protocol Distribution"
    }
  ]
}
EOF
sudo chown ntopng:ntopng /var/lib/ntopng/dashboards/custom.json

Set up advanced monitoring and alerts

Configure SNMP integration

Enable SNMP monitoring for network devices and enhanced visibility.

# SNMP device monitoring
Format: device_ip:community:version
192.168.1.1:public:v2c
192.168.1.10:public:v2c

SNMP polling interval (seconds)
snmp_polling_interval=300

SNMP timeout (seconds)
snmp_timeout=10

Update the main configuration to include SNMP monitoring:

echo '--snmp-config=/etc/ntopng/snmp.conf' | sudo tee -a /etc/ntopng/ntopng.conf

Set up email alerting

Configure email notifications for critical network events and threshold breaches.

sudo apt install -y mailutils postfix

sudo dnf install -y mailx postfix

#!/bin/bash
Email alert script for ntopng

SMTP_SERVER="smtp.example.com"
FROM_EMAIL="ntopng@example.com"
TO_EMAIL="admin@example.com"

Function to send alert email
send_alert() {
    local subject="$1"
    local message="$2"
    
    echo "$message" | mail -s "[NTOPNG ALERT] $subject" \
        -r "$FROM_EMAIL" \
        -S smtp="$SMTP_SERVER" \
        "$TO_EMAIL"
}

Check for high bandwidth usage
check_bandwidth() {
    local threshold=1000  # Mbps
    local current=$(curl -s "http://localhost:3000/lua/rest/get/interface/data.lua" | jq -r '.throughput_bps' | awk '{print $1/1000000}')
    
    if (( $(echo "$current > $threshold" | bc -l) )); then
        send_alert "High Bandwidth Usage" "Current bandwidth: ${current}Mbps exceeds threshold: ${threshold}Mbps"
    fi
}

Run checks
check_bandwidth

sudo chmod +x /etc/ntopng/email-alerts.sh
sudo chown ntopng:ntopng /etc/ntopng/email-alerts.sh

Create monitoring cron jobs

Set up automated monitoring tasks and alert checking.

# Add cron job for ntopng user
sudo crontab -u ntopng -l 2>/dev/null | { cat; echo "/5    * /etc/ntopng/email-alerts.sh"; } | sudo crontab -u ntopng -

Verify cron job
sudo crontab -u ntopng -l

Integrate with external monitoring

Configure ntopng to export metrics to external monitoring systems like Prometheus.

# Enable Prometheus metrics export
echo '--prometheus=9090' | sudo tee -a /etc/ntopng/ntopng.conf

Restart ntopng to apply changes
sudo systemctl restart ntopng

Verify your setup

# Check ntopng service status
sudo systemctl status ntopng

Verify web interface is accessible
curl -I http://localhost:3000

Check Redis connection
redis-cli ping

Verify network interfaces are being monitored
sudo ss -tuln | grep :3000

Check ntopng logs for errors
sudo journalctl -u ntopng --no-pager -l

Test Prometheus metrics endpoint (if enabled)
curl http://localhost:9090/metrics | head -20

You can also integrate ntopng metrics with comprehensive monitoring solutions. For example, you can monitor system time drift with Prometheus and Grafana alerts alongside your network monitoring, or set up Linux network traffic shaping with tc and QoS for bandwidth management based on ntopng insights.

Common issues

Symptom	Cause	Fix
ntopng won't start	Permission denied on data directory	`sudo chown -R ntopng:ntopng /var/lib/ntopng`
No traffic visible	Wrong network interface specified	Check `ip link show` and update `-i` parameter in config
Web interface not accessible	Firewall blocking port 3000	Open port: `sudo ufw allow 3000/tcp`
Redis connection failed	Redis service not running	`sudo systemctl start redis`
High memory usage	Too many flows being tracked	Reduce `--max-num-flows` in config
Missing historical data	Dump options not enabled	Add `--dump-timeline=1` to config
SNMP monitoring not working	SNMP community string incorrect	Verify SNMP settings on target devices

Never use chmod 777. If you encounter permission issues, fix ownership with chown and use appropriate permissions like 755 for directories and 644 for files. This maintains security while allowing proper access.

Next steps

Running this in production?

Want this handled for you? Setting up network monitoring once is straightforward. Keeping it tuned, maintaining historical data, managing alerts across environments, and ensuring 24/7 visibility is the harder part. See how we run infrastructure like this for European teams.

Automated install script

Run this to automate the entire setup

install.sh

#!/usr/bin/env bash

set -euo pipefail

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

# Default values
NTOPNG_PORT="${1:-3000}"
ADMIN_PASS="${2:-admin123}"

# Usage message
usage() {
    echo "Usage: $0 [port] [admin_password]"
    echo "  port: Web interface port (default: 3000)"
    echo "  admin_password: Admin password (default: admin123)"
    exit 1
}

# Logging functions
log() { echo -e "${GREEN}[INFO]${NC} $1"; }
warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
error() { echo -e "${RED}[ERROR]${NC} $1" >&2; }

# Cleanup on failure
cleanup() {
    error "Installation failed. Cleaning up..."
    systemctl stop ntopng 2>/dev/null || true
    systemctl stop redis 2>/dev/null || true
    exit 1
}
trap cleanup ERR

# Check prerequisites
if [[ $EUID -ne 0 ]]; then
    error "This script must be run as root"
    exit 1
fi

# Validate port
if [[ ! "$NTOPNG_PORT" =~ ^[0-9]+$ ]] || [ "$NTOPNG_PORT" -lt 1024 ] || [ "$NTOPNG_PORT" -gt 65535 ]; then
    error "Invalid port number. Use 1024-65535"
    usage
fi

# Detect distribution
if [ ! -f /etc/os-release ]; then
    error "/etc/os-release not found. Cannot detect distribution."
    exit 1
fi

. /etc/os-release
case "$ID" in
    ubuntu|debian)
        PKG_MGR="apt"
        PKG_INSTALL="apt install -y"
        PKG_UPDATE="apt update && apt upgrade -y"
        FIREWALL_CMD="ufw"
        PACKAGES="ntopng redis-server libpcap0.8 net-tools"
        ;;
    almalinux|rocky|centos|rhel|ol)
        PKG_MGR="dnf"
        PKG_INSTALL="dnf install -y"
        PKG_UPDATE="dnf update -y"
        FIREWALL_CMD="firewall-cmd"
        PACKAGES="ntopng redis libpcap net-tools"
        ;;
    fedora)
        PKG_MGR="dnf"
        PKG_INSTALL="dnf install -y"
        PKG_UPDATE="dnf update -y"
        FIREWALL_CMD="firewall-cmd"
        PACKAGES="ntopng redis libpcap net-tools"
        ;;
    amzn)
        PKG_MGR="yum"
        PKG_INSTALL="yum install -y"
        PKG_UPDATE="yum update -y"
        FIREWALL_CMD="firewall-cmd"
        PACKAGES="ntopng redis libpcap net-tools"
        ;;
    *)
        error "Unsupported distribution: $ID"
        exit 1
        ;;
esac

log "Installing ntopng on $PRETTY_NAME"

# Step 1: Update system
echo "[1/10] Updating system packages..."
$PKG_UPDATE

# Step 2: Install EPEL if RHEL-based
if [[ "$PKG_MGR" == "dnf" || "$PKG_MGR" == "yum" ]]; then
    echo "[2/10] Installing EPEL repository..."
    $PKG_INSTALL epel-release
else
    echo "[2/10] Skipping EPEL (Debian-based system)..."
fi

# Step 3: Install ntopng and dependencies
echo "[3/10] Installing ntopng and dependencies..."
$PKG_INSTALL $PACKAGES

# Step 4: Enable and start Redis
echo "[4/10] Configuring Redis..."
systemctl enable redis || systemctl enable redis-server
systemctl start redis 2>/dev/null || systemctl start redis-server
sleep 2

# Step 5: Create ntopng data directory
echo "[5/10] Creating ntopng data directory..."
mkdir -p /var/lib/ntopng
if id "ntopng" &>/dev/null; then
    chown ntopng:ntopng /var/lib/ntopng
else
    warn "ntopng user not found, using root ownership"
fi
chmod 755 /var/lib/ntopng

# Step 6: Detect network interfaces
echo "[6/10] Detecting network interfaces..."
INTERFACES=$(ip link show | awk '/^[0-9]+:/ && !/lo:/ {gsub(/:/, "", $2); print $2}' | head -2 | tr '\n' ',' | sed 's/,$//')
if [[ -z "$INTERFACES" ]]; then
    warn "No network interfaces detected, using default eth0"
    INTERFACES="eth0"
fi
log "Using interfaces: $INTERFACES"

# Step 7: Configure ntopng
echo "[7/10] Configuring ntopng..."
mkdir -p /etc/ntopng
cat > /etc/ntopng/ntopng.conf << EOF
# Network interfaces to monitor
-i=$INTERFACES

# Web interface settings
-P=/var/lib/ntopng/ntopng.pid
-d=/var/lib/ntopng
-w=$NTOPNG_PORT

# Redis connection
-r=127.0.0.1:6379

# Local networks
-m=192.168.0.0/16,10.0.0.0/8,172.16.0.0/12

# Enable historical data
--dump-timeline=1
--dump-flows=1

# User authentication
-u=admin:$ADMIN_PASS

# Logging
-v=3
--syslog=daemon
EOF

chmod 644 /etc/ntopng/ntopng.conf

# Step 8: Configure systemd service
echo "[8/10] Configuring systemd service..."
mkdir -p /etc/systemd/system/ntopng.service.d
cat > /etc/systemd/system/ntopng.service.d/override.conf << EOF
[Service]
ExecStart=
ExecStart=/usr/bin/ntopng /etc/ntopng/ntopng.conf
Restart=always
RestartSec=10

[Unit]
After=redis.service
Requires=redis.service
EOF

# Step 9: Configure firewall
echo "[9/10] Configuring firewall..."
if [[ "$FIREWALL_CMD" == "ufw" ]]; then
    if command -v ufw >/dev/null; then
        ufw --force enable
        ufw allow $NTOPNG_PORT/tcp comment 'ntopng web interface'
        ufw reload
    fi
else
    if command -v firewall-cmd >/dev/null && systemctl is-active firewalld >/dev/null 2>&1; then
        firewall-cmd --add-port=$NTOPNG_PORT/tcp --permanent
        firewall-cmd --reload
    fi
fi

# Step 10: Start services and configure log rotation
echo "[10/10] Starting services and finalizing configuration..."
systemctl daemon-reload
systemctl enable ntopng
systemctl start ntopng

# Configure log rotation
cat > /etc/logrotate.d/ntopng << EOF
/var/log/ntopng/*.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    notifempty
    create 644 ntopng ntopng
    postrotate
        /bin/systemctl reload ntopng > /dev/null 2>&1 || true
    endscript
}
EOF

# Verification
echo
log "Verifying installation..."
sleep 5

if systemctl is-active ntopng >/dev/null; then
    log "✓ ntopng service is running"
else
    error "✗ ntopng service is not running"
    exit 1
fi

if systemctl is-active redis >/dev/null 2>&1 || systemctl is-active redis-server >/dev/null 2>&1; then
    log "✓ Redis service is running"
else
    error "✗ Redis service is not running"
    exit 1
fi

if ss -tuln | grep :$NTOPNG_PORT >/dev/null; then
    log "✓ ntopng web interface is listening on port $NTOPNG_PORT"
else
    error "✗ ntopng web interface is not listening"
    exit 1
fi

# Final message
echo
log "ntopng installation completed successfully!"
log "Access the web interface at: http://$(hostname -I | awk '{print $1}'):$NTOPNG_PORT"
log "Username: admin"
log "Password: $ADMIN_PASS"
warn "Change the default password after first login!"

Review the script before running. Execute with: bash install.sh

#ntopng #network monitoring #traffic analysis #bandwidth monitoring #real-time dashboards

Install and configure ntopng for comprehensive network monitoring with traffic analysis and real-time dashboards

Prerequisites

What this solves

Step-by-step installation

Update system packages

Install ntopng and dependencies

Enable and start Redis

Create ntopng data directory

Configure ntopng main settings

Web interface settings

Redis connection

Local networks (adjust to your subnets)

Enable historical data

User authentication (optional)

Logging

Configure network interface monitoring

Set up traffic analysis rules

Format: category_name:protocol:port_range

Configure alerting and thresholds

Flow thresholds

Security alerts

Alert destinations

Create systemd service override

Configure firewall access

Enable and start ntopng

Set up log rotation

Configure dashboards and visualization

Access the web interface

Configure custom dashboard settings

Set up advanced monitoring and alerts

Configure SNMP integration

Format: device_ip:community:version

SNMP polling interval (seconds)

SNMP timeout (seconds)

Set up email alerting

Email alert script for ntopng

Function to send alert email

Check for high bandwidth usage

Run checks

Create monitoring cron jobs

Verify cron job

Integrate with external monitoring

Restart ntopng to apply changes

Verify your setup

Verify web interface is accessible

Check Redis connection

Verify network interfaces are being monitored

Check ntopng logs for errors

Test Prometheus metrics endpoint (if enabled)

Common issues

Next steps

Running this in production?

Related tutorials

Configure SNMP v3 authentication and encryption for secure network monitoring

Configure HAProxy load balancing with multiple backend servers

Monitor OSPF network topology with Prometheus and Grafana dashboards

Don't want to manage this yourself?