How to install an NtopNG server

  • 11 July 2022
  • 0 replies

Badge +2



NtopNG is a network traffic probe that monitors network usage. It is possible to install it on any Linux operating system.


This page describes how to install NtopNG on OracleLinux 8, so as to use it with Centreon 22.04 and the NtopNG widget.





Prerequisites to capture network traffic from 100 Mbps to 1 Gbps:

  • CPU : 4 cores
  • Memory : 4 Go
  • Disk : 100 Go (more information here)
  • The server needs two network interfaces:
    • One for the management (access to system and NtopNG)
    • One for network capture



  • DNS Server for Internet access (if no proxy) and to resolve name of captured IP addresses
  • NTP Server, mandatory to have a "precise" monitoring
  • Internet Access for installation and updates




Update the system before installing NtopNG and its dependencies :

yum update -y
yum upgrade -y


Powertools & REMI repositories


You need the Epel and REMI repositories to install NtopNG.


To activate epel :

dnf install


Then for REMI :

rpm -ivh
yum install dnf-plugins-core
dnf config-manager --set-enabled ol8_codeready_builder
dnf config-manager --set-enabled remi


Stop SELinux and firewalld


To stop SELinux, open /etc/selinux/config:

vi /etc/selinux/config

 Replace :


By :


Then reboot your system:


Stop and disable the firewall:

systemctl disable firewalld
systemctl stop firewalld


Configure the monitoring interface


The server has several interfaces: you must define which one will be used to listen to the network traffic. Here is an example:

    # ip addr

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

        inet scope host lo

            valid_lft forever preferred_lft forever

        inet6 ::1/128 scope host

            valid_lft forever preferred_lft forever

    2: enp0s20f0u3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

        link/ether 00:e0:4c:20:d1:15 brd ff:ff:ff:ff:ff:ff

        inet brd scope global dynamic noprefixroute enp0s20f0u3

            valid_lft 613961sec preferred_lft 613961sec

        inet6 fe80::4f2f:401a:ec02:7e91/64 scope link noprefixroute

            valid_lft forever preferred_lft forever

    3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

        link/ether f4:4d:30:6f:f7:e8 brd ff:ff:ff:ff:ff:ff

    4: wlp58s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000

        link/ether 2e:61:d1:70:34:12 brd ff:ff:ff:ff:ff:ff

 We have 4 interfaces:

  • lo: Loopback
  • enp0s20f0u3: USB interface, used for management for this appliance
  • eno1: Physical interface
  • wlp58s0: Wifi

On the interface you have chosen as a capture interface, activate the "promiscuous" mode:

ip link set ${CAPTURE_INTERFACE} promisc on

So, in our example, for the interface eno1:

ip link set eno1 promisc on

To activate that at boot, you have to add this command to the file /etc/rc.d/rc.local :

ip link set eno1 promisc on

You need to activate rc-local to load this file:

vi /etc/systemd/system/rc-local.service

Add :

Description=/etc/rc.local Compatibility

ExecStart=/etc/rc.local start


Then modify rights to execute /etc/rc.local:

chmod +x /etc/rc.local

Activate the service:

systemctl enable rc-local

Then restart the server to verify that the interface is in promiscuous mode with the command ip addr:

3: eno1: <BROADCAST,MULTICAST,**PROMISC**,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

    link/ether f4:4d:30:6f:f7:e8 brd ff:ff:ff:ff:ff:ff


Install NtopNG


We will use the official repository to install NtopNG. The official documentation is here.

cd /etc/yum.repos.d/
wget -O ntop.repo

We need to be sure that zeromq3 is not present. Apache is not needed and should be removed if you plan to use another port than TCP/3000 to connect to NtopNG :

yum erase zeromq3
yum erase httpd
yum clean all

Then install NtopNG :

yum install pfring-dkms n2disk nprobe ntopng cento


NtopNG Configuration


Monitoring interface


You need to add the name of the interface used to monitor your network to file /etc/ntopng/ntopng.conf:

vi /etc/ntopng/ntopng.conf 

Uncomment the line with the -i option and add the name of the promiscuous interface:


For performance reasons, add your local networks in the configuration file /etc/ntopng/ntopng.conf. All other network addresses with be considered as remote by NtopNG:


Then activate and start NtopNG:

systemctl start ntopng
systemctl enable ntopng


Customize the port for the graphical interface (optional)


By default, we connect to NtopNG’s graphical interface through TCP/3000. This can be changed in the file /etc/ntopng/ntopng.conf:

vi /etc/ntopng/ntopng.conf

Uncomment the option -w and set the port you want to use (in this example, we will use port 80) :


Then restart NtopNG :

systemctl restart ntopng

Check that the port that you have set is used by the process ntopng (here, port 80):

# netstat -anp | grep
tcp        0      0    *               LISTEN      2413/ntopng


Connect to the graphical interface


Connect to the Management IP, on port TCP/3000 if you didn't change the default port.

For instance, if your server’s IP address is, connect to:

Then connect with the account admin and the password admin:



You will have to change the password at the first connection :


Additional configuration for the monitoring interface


You need to declare that your monitoring interface receives traffic from a mirrored port. On page Interface, in the Settings section, check Mirrored Traffic:


Create an API account


The Centreon widget uses an API account to get metrics from NtopNG. We don't recommend that you use an admin account for this action: create a dedicated account.


To create the account, go to Settings > Users and then click on +:


Just add a Non privileged User:


0 replies

Be the first to reply!