Setting up Ntop automatically with Cfengine 3

Recently, I had to use Ntop to analyze the network traffic of one customer file server. Ntop shows the traffic per interface and there per protocol, source IP and offers many other ways of showing you what happens in your network. Ntop is great; however, I observed this tool taking many system resources since it works like tcpdump/tshark with an analyzer around it.

I highly recommend to look carefully on your system when using Ntop.

Writing the Cfengine 3 code for installing and configuring Ntop

body common control {
        version         => "1.0";
        inputs          => { "cfengine_stdlib.cf" };
        bundlesequence  => { "setup_ntop" };
}

bundle agent setup_ntop {
	vars:
	  "package_list"	slist	=> { "ntop", "ntop-data" };
	  "ntop[ENABLED]"	int	=> "1";
	  "ntop[GETOPT]"	string	=> "\"-i lo,eth0,eth1,eth2 -M -u root\"";

	packages:
	  "$(package_list)"
		package_policy  => "add",
		package_method  => generic,
		classes		=> if_repaired("SetNtopAdminPassword");
		
	commands:
	  SetNtopAdminPassword::
		"/usr/sbin/ntop --set-admin-password=mysecretpassword"
		  classes	=> if_repaired("ConfigureNtop");		
	  StartNtop::
		"/etc/init.d/ntop restart"
		  comment	=> "Starting Ntop for the first time.";

	files:
	  ConfigureNtop::
		"/etc/default/ntop"
		  edit_line	=> set_variable_values("setup_ntop.ntop"),
		  classes	=> if_repaired("StartNtop");
}

Now let’s check the syntax and run the snippet afterwards:

/var/cfengine/bin/cf-promises -f xenuser_org-018-installing_ntop.cf
/var/cfengine/bin/cf-agent -f xenuser_org-018-installing_ntop.cf

That’s it! You now could have a look at ps aux |grep ntop if you want to verify that Ntop runs.

Analyzing the Cfengine 3 code snippet
After defining the body common control section and opening the bundle agent “setup_ntop”, we create one variable and one array. The variable “package_list” is a list containing the packages to be installed later. The array “ntop[]” contains the configuration values to be set in the file /etc/default/ntop.

The promise of the type “packages” makes sure that both ntop packages are installed and defines a class called “SetNtopAdminPassword”. We use that class within the commands promise to set an admin password for accessing ntop through the web interface:

	commands:
	  SetNtopAdminPassword::
		"/usr/sbin/ntop --set-admin-password=mysecretpassword"
		  classes	=> if_repaired("ConfigureNtop");
	  StartNtop::
		"/etc/init.d/ntop restart"
		  comment	=> "Starting Ntop for the first time.";	

The second promiser in the commands promise will restart Ntop later after being configured properly.

In the files promise the config file for Ntop is provided (/etc/default/ntop). We also use our array (“setup_ntop.ntop”) to set the config values within the configuration file. Afterwards the class “StartNtop” is defined and Ntop will be (re)started (depends on your distribution since on some of them Ntop is not started after being installed).

And there it is! Ntop was installed and configured automatically. Please note that the following configuration value…

	  "ntop[GETOPT]"	string	=> "\"-i lo,eth0,eth1,eth2 -M -u root\"";

might have to be adapted for your needs. Ntop will not start if one of the interfaces above does not exist.

As usual, you can download today’s Cfengine 3 code snippet here.