How to use Ntopng using Squid proxy server

To use Ntopng using Squid proxy server

The Ntopng is an open-source network traffic monitoring system that provides a web interface for real-time network monitoring. Ntopng provides several tools for monitoring various protocols, traffic variants and bandwidth across multiple time frames. A squid proxy server is a computer that acts as an intermediary between a desktop computer and the internet and allows a client machine to make an indirect connection to network servers and services. This tutorial covers the ground on the installation procedure of Ntopng using Squid proxy server.

Pre - Requisite

First install Ntopng monitoring tool in your machine and configure squid on same machine, configure your squid with set of local and remote host IPs now monitor the performance and usage in Ntopng monitoring tool.

Installation procedure

To start with the installation procedure, install the Ntopng application by executing the following command.

root@linuxhelp:~# apt-get install ntopng
Reading package lists... Done
Building dependency tree        
Reading state information... Done
The following additional packages will be installed:
  fonts-font-awesome javascript-common libdbi1 libhiredis0.13 libjemalloc1 libjs-bootstrap libjs-d3 libjs-jquery libjs-jquery-form
  libjs-jquery-metadata libjs-jquery-tablesorter libjs-rickshaw libluajit-5.1-2 libluajit-5.1-common libmysqlclient20 libndpi4
  librrd8 mysql-common ntopng-data redis-server redis-tools
Suggested packages:
  apache2 | lighttpd | httpd geoip-database-contrib ruby-redis
The following NEW packages will be installed:
.
.
.
Created symlink /etc/systemd/system/multi-user.target.wants/ntopng.service &rarr  /lib/systemd/system/ntopng.service.
Processing triggers for libc-bin (2.24-9ubuntu2) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (232-21ubuntu2) ...

After installing the ntopng application, create a configuration file named ntopng.conf and enter the following contents into the file. Save and exit the file.

root@linuxhelp:~# vim /etc/ntopng.conf
# This configuration file is similar to the command line, with the exception
# that an equal sign ' ='  must be used between key and value. Example: -i=p1p2
# or --interface=p1p2 For options with no value (e.g. -v) the equal is also
# necessary. Example: " -v="  must be used.
#
# DO NOT REMOVE the following option, required for daemonization.
-e=

# * Interfaces to sniff on: one interface per line, prefix with -i=
# E.g.
-i=ens33
#-i=wlan0
# If none is specified, ntopng will try to auto-detect the best interface.
#
# * Port on which ntopng will listen for the web-UI.
-w=3000
~                     

Restart your Ntop service by running the following command.

root@linuxhelp:~# systemctl restart ntopng

Allow the Ntopng service through firewall by executing the following command.

root@linuxhelp:~# ufw allow 3000
Rules updated
Rules updated (v6)        

The Ntopng is running successfully. Install the squid and configure it with your own ACL rules and allow certain local and remote hosts in it.

Switch over to the browser and go to Ntopng login page. Login with your credentials.

Select the host option from the menu header.

Next filter and see either localhost or remote host using the filter option.

Next set the Squid configuration file named squid.conf (acl rules with set of local and remote host) by running the vim editor.

Enter the following contents in the configuration file and save it.

To see the flow (i.e) the sites reached by the hosts. Switch over to Ntopng and see the required details.

You can also view the peers of the Active Flows.

You can also view the Protocol overview of the running peers.

The installation procedure of Ntopng using Squid proxy server.