I want to know How to Analyse MikroTik Traffic Using ntopng.

[SAray2013]

I followed configuration from { http://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/ } but it's not working and made my router cannot access. Thank you for attention.

[emanuele-f]

Hi, please post the exact ntopng and nprobe command line you are using. What ntopng and nprobe version are you using? Can you post some logs?

Please take these steps to understand were the problem is: 1) run nprobe with -b2 option: it should print to the console the flows it receives from the router 2) run ntopng with -v3 options: it should print to the console the flows it receives from nprobe

[harmane]

Which RouterOS/Winbox version are you using? The ntop guide is fairly outdated. I use the following to start nprobe/ntopng w/script at reboot and RouterOS 6.38.7 bugfix:

nprobe:

/usr/local/bin/nprobe -G --zmq "tcp://*:5556" -i none -n none --collector-port 5900 -V 9

/etc/ntopng/ntopng.conf:

-w=3004 <---Web port (ntopnghost.local:3004) -d=/var/ntopng <---data directory, default is /var/tmp I believe -G=/var/ntopng/ntopng.pid <---PID stored in data dir -S=all <---records data for local and remote hosts -n=3 <---no name resolution for hosts (too many lookups raising CPU unnecessarily) -i=tcp://127.0.0.1:5556 <---nprobe int -m=192.168.0.0/23 <---local networks (adjust accordingly) -e=1 <---don't recall off top of my head -F=mysql;localhost;ntopng;flows;root; <---mysql bits for historical data

In Winbox, IP > Traffic Flow > General; enabled, all interfaces, 64K cache, flow timeout defaults. Select Targets > Add target (plus sign), leave source IP blank, add dst IP, set port to nprobe port (5900 in my case), version 9 in my example and rest defaults. Apply and then close.

If nprobe and ntopng are running you should see flows within a few seconds to a minute depending on size of flow.

[lucaderi]

@harmane Would you be willing to write a short README.mikrotik that we can add to the doc directory?

[harmane]

Sure. I should have some time this weekend to put something together.

[SAray2013]

[SAray2013]

/ip traffic-flow set active-flow-timeout=1m enabled=yes /ip traffic-flow target add dst-address=192.168.74.130 port=2055 v9-template-timeout=1m /ip traffic-flow print /ip traffic-flow target print detail

[SAray2013]

please help sir Thank you for attention.

[simonemainardi]

@SAray2013 please, report ntopng and nprobe configurations used.

[SAray2013]

@simonemainardi Thank you for attention.

0)-yum install epel-release
-reboot
1)vi /etc/yum.repos.d/ntop.repo
2)[ntop]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri
[ntop-noarch]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/noarch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri
3)yum --enablerepo=epel install redis ntopng hiredis-devel
4)systemctl start redis.service ; systemctl enable redis.service
5)systemctl start ntopng.service ; systemctl enable ntopng.service
6)systemctl status ntopng.service
7)vi /etc/ntopng/ntopng.conf
-7.1 (replace) 
--G=/var/tmp/ntopng.pid\
--community
8)systemctl restart ntopng.service
/9)firewall -cmd --zone=public --permanent --add-port=3000/tcp
firewall-cmd --zone=public --permanent --add-port=3000/tcp
10)firewall-cmd --reload

[simonemainardi]

@SAray2013 I can't see the nprobe configuration

[simonemainardi]

@SAray2013 any feedback?

[simonemainardi]

information requested hasn't been provided. closing for inactivity.