Sunday, February 10, 2019

Ntopng on Security Onion

so16@so16:~$ mkdir git
so16@so16:~$ cd git
so16@so16:~/git$ ls
so16@so16:~/git$ wget --no-check-certificate http://bit.ly/2BvYwHh
--2019-02-11 02:48:02--  http://bit.ly/2BvYwHh
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://bit.ly/2TJgz3V [following]
--2019-02-11 02:48:02--  http://bit.ly/2TJgz3V
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8002 (7.8K) [text/plain]
Saving to: ‘install_ntopng_on_so_16’

install_ntopng_on_so_16               100%[=========================================================================>]   7.81K  --.-KB/s    in 0s

2019-02-11 02:48:02 (37.5 MB/s) - ‘install_ntopng_on_so_16’ saved [8002/8002]

so16@so16:~/git$ chmod 700 install_ntopng_on_so_16
so16@so16:~/git$ sudo ./install_ntopng_on_so_16

*
* Starting install/upgrade of ntopng
*

gpg: keyring `/tmp/tmp06wfhwz_/secring.gpg' created
gpg: keyring `/tmp/tmp06wfhwz_/pubring.gpg' created
gpg: requesting key DE742AFA from hkp server keyserver.ubuntu.com
gpg: /tmp/tmp06wfhwz_/trustdb.gpg: trustdb created
gpg: key DE742AFA: public key "Launchpad PPA for MaxMind" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
OK
Reading package lists... Done
Building dependency tree
Reading state information... Done
bridge-utils is already the newest version (1.5-9ubuntu1).
bridge-utils set to manually installed.
libmnl0 is already the newest version (1.0.3-5).
libnetfilter-conntrack3 is already the newest version (1.0.5-1).
libjemalloc1 is already the newest version (3.6.0-9ubuntu1).
libjemalloc1 set to manually installed.
libzmq5 is already the newest version (4.1.4-7).
libzmq5 set to manually installed.
redis-server is already the newest version (2:3.0.6-1ubuntu0.3).
redis-tools is already the newest version (2:3.0.6-1ubuntu0.3).
redis-tools set to manually installed.
The following packages were automatically installed and are no longer required:
  gir1.2-appindicator3-0.1 gir1.2-javascriptcoregtk-4.0 gir1.2-nma-1.0 gir1.2-timezonemap-1.0 gir1.2-webkit2-4.0 libtimezonemap-data libtimezonemap1
Use 'sudo apt autoremove' to remove them.
Suggested packages:
  mmdb-bin
The following NEW packages will be installed:
  fonts-dejavu fonts-dejavu-extra libnetfilter-queue1 libpgm-5.2-0 librdkafka1 librrd4 libzstd0 ttf-dejavu ttf-dejavu-core ttf-dejavu-extra
The following packages will be upgraded:
  libmaxminddb0
1 upgraded, 10 newly installed, 0 to remove and 1 not upgraded.
Need to get 2,339 kB of archives.
After this operation, 8,766 kB of additional disk space will be used.
Get:1 http://bit.ly/2BqApJZ xenial/main amd64 libmaxminddb0 amd64 1.3.2-0+maxmind1~xenial [30.2 kB]
Get:2 http://bit.ly/1cLolBc xenial/main amd64 fonts-dejavu-extra all 2.35-1 [1,749 kB]
Get:3 http://bit.ly/1cLolBc xenial/universe amd64 fonts-dejavu all 2.35-1 [3,184 B]
Get:4 http://bit.ly/1cLolBc xenial/universe amd64 libnetfilter-queue1 amd64 1.0.2-2 [11.4 kB]
Get:5 http://bit.ly/1cLolBc xenial/universe amd64 libpgm-5.2-0 amd64 5.2.122~dfsg-2 [157 kB]
Get:6 http://bit.ly/1cLolBc xenial/universe amd64 librdkafka1 amd64 0.8.6-1.1 [87.7 kB]
Get:7 http://bit.ly/1cLolBc xenial/main amd64 librrd4 amd64 1.5.5-4 [180 kB]
Get:8 http://bit.ly/1cLolBc xenial/universe amd64 libzstd0 amd64 0.5.1-1 [112 kB]
Get:9 http://bit.ly/1cLolBc xenial/universe amd64 ttf-dejavu-core all 2.35-1 [3,038 B]
Get:10 http://bit.ly/1cLolBc xenial/universe amd64 ttf-dejavu-extra all 2.35-1 [3,176 B]
Get:11 http://bit.ly/1cLolBc xenial/universe amd64 ttf-dejavu all 2.35-1 [2,880 B]
Fetched 2,339 kB in 0s (3,828 kB/s)
Selecting previously unselected package fonts-dejavu-extra.
(Reading database ... 178067 files and directories currently installed.)
Preparing to unpack .../fonts-dejavu-extra_2.35-1_all.deb ...
Unpacking fonts-dejavu-extra (2.35-1) ...
Selecting previously unselected package fonts-dejavu.
Preparing to unpack .../fonts-dejavu_2.35-1_all.deb ...
Unpacking fonts-dejavu (2.35-1) ...
Preparing to unpack .../libmaxminddb0_1.3.2-0+maxmind1~xenial_amd64.deb ...
Unpacking libmaxminddb0:amd64 (1.3.2-0+maxmind1~xenial) over (1.0.4-2.1) ...
Selecting previously unselected package libnetfilter-queue1.
Preparing to unpack .../libnetfilter-queue1_1.0.2-2_amd64.deb ...
Unpacking libnetfilter-queue1 (1.0.2-2) ...
Selecting previously unselected package libpgm-5.2-0:amd64.
Preparing to unpack .../libpgm-5.2-0_5.2.122~dfsg-2_amd64.deb ...
Unpacking libpgm-5.2-0:amd64 (5.2.122~dfsg-2) ...
Selecting previously unselected package librdkafka1:amd64.
Preparing to unpack .../librdkafka1_0.8.6-1.1_amd64.deb ...
Unpacking librdkafka1:amd64 (0.8.6-1.1) ...
Selecting previously unselected package librrd4:amd64.
Preparing to unpack .../librrd4_1.5.5-4_amd64.deb ...
Unpacking librrd4:amd64 (1.5.5-4) ...
Selecting previously unselected package libzstd0.
Preparing to unpack .../libzstd0_0.5.1-1_amd64.deb ...
Unpacking libzstd0 (0.5.1-1) ...
Selecting previously unselected package ttf-dejavu-core.
Preparing to unpack .../ttf-dejavu-core_2.35-1_all.deb ...
Unpacking ttf-dejavu-core (2.35-1) ...
Selecting previously unselected package ttf-dejavu-extra.
Preparing to unpack .../ttf-dejavu-extra_2.35-1_all.deb ...
Unpacking ttf-dejavu-extra (2.35-1) ...
Selecting previously unselected package ttf-dejavu.
Preparing to unpack .../ttf-dejavu_2.35-1_all.deb ...
Unpacking ttf-dejavu (2.35-1) ...
Processing triggers for fontconfig (2.11.94-0ubuntu1.1) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up fonts-dejavu-extra (2.35-1) ...
Setting up fonts-dejavu (2.35-1) ...
Setting up libmaxminddb0:amd64 (1.3.2-0+maxmind1~xenial) ...
Setting up libnetfilter-queue1 (1.0.2-2) ...
Setting up libpgm-5.2-0:amd64 (5.2.122~dfsg-2) ...
Setting up librdkafka1:amd64 (0.8.6-1.1) ...
Setting up librrd4:amd64 (1.5.5-4) ...
Setting up libzstd0 (0.5.1-1) ...
Setting up ttf-dejavu-core (2.35-1) ...
Setting up ttf-dejavu-extra (2.35-1) ...
Setting up ttf-dejavu (2.35-1) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...

*
* Downloading packages needed for ntopng installation...
*

--2019-02-11 02:48:39--  http://bit.ly/2BvYxej
Resolving packages.ntop.org (packages.ntop.org)... 151.11.50.180, 2a03:b0c0:2:d0::d27:3001
Connecting to packages.ntop.org (packages.ntop.org)|151.11.50.180|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6462068 (6.2M) [application/x-debian-package]
Saving to: ‘ntopng_3.8.190206-6076_amd64.deb’

ntopng_3.8.190206-6076_amd64.deb      100%[=========================================================================>]   6.16M  4.98MB/s    in 1.2s

2019-02-11 02:48:41 (4.98 MB/s) - ‘ntopng_3.8.190206-6076_amd64.deb’ saved [6462068/6462068]

--2019-02-11 02:48:41--  http://bit.ly/2TCRgR3
Reusing existing connection to packages.ntop.org:80.
HTTP request sent, awaiting response... 200 OK
Length: 21102590 (20M) [application/x-debian-package]
Saving to: ‘ntopng-data_3.8.190206_all.deb’

ntopng-data_3.8.190206_all.deb        100%[=========================================================================>]  20.12M  11.2MB/s    in 1.8s

2019-02-11 02:48:43 (11.2 MB/s) - ‘ntopng-data_3.8.190206_all.deb’ saved [21102590/21102590]

FINISHED --2019-02-11 02:48:43--
Total wall clock time: 3.4s
Downloaded: 2 files, 26M in 3.0s (8.67 MB/s)
dpkg-deb: building package 'pfring' in 'pfring-stub.deb'.
Selecting previously unselected package pfring.
(Reading database ... 178152 files and directories currently installed.)
Preparing to unpack pfring-stub.deb ...
Unpacking pfring (7.4.0-2398) ...
Setting up pfring (7.4.0-2398) ...
Selecting previously unselected package ntopng.
(Reading database ... 178152 files and directories currently installed.)
Preparing to unpack ntopng_3.8.190206-6076_amd64.deb ...
Unpacking ntopng (3.8.190206-6076) ...
Selecting previously unselected package ntopng-data.
Preparing to unpack ntopng-data_3.8.190206_all.deb ...
Unpacking ntopng-data (3.8.190206) ...
Setting up ntopng-data (3.8.190206) ...
dpkg: ntopng: dependency problems, but configuring anyway as you requested:
 ntopng depends on n2n; however:
  Package n2n is not installed.
 ntopng depends on libradcli4; however:
  Package libradcli4 is not installed.

Setting up ntopng (3.8.190206-6076) ...

Configuration file '/usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem', does not exist on system.
Installing new config file as you requested.

Configuration file '/etc/ntopng/ntopng.conf', does not exist on system.
Installing new config file as you requested.
Creating ntopng group
Creating ntopng user...
Rebuilding ld cache...
(Re)Starting ntopng...
Created symlink from /etc/systemd/system/multi-user.target.wants/ntopng.service to /etc/systemd/system/ntopng.service.
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Generating /etc/ntopng/ntopng.conf for the first time.  Consult ntopng man page for customization options.
The default login credentials for ntopng are: admin/admin

*
* Adding 3000/tcp to ufw open ports.
* If this is not desired, manually delete the new ufw rules and then create an empty file '/etc/ntopng/no_touch_ufw' to prevent future ntopng installer updates from modifying ufw.
*

Rule added
Rule added (v6)
Job for ntopng.service failed because the control process exited with error code. See "systemctl status ntopng.service" and "journalctl -xe" for details.
Job for ntopng.service failed because the control process exited with error code. See "systemctl status ntopng.service" and "journalctl -xe" for details.

*
* The ntopng should now be running.  Surf to http://bit.ly/2BvYxLl to reach it.
*

so16@so16:~/git$ sudo systemctl status ntopng.service
● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
   Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2019-02-11 02:48:51 UTC; 1min 1s ago
  Process: 33236 ExecStopPost=/bin/sh -c /bin/echo "$(/bin/date) ntopng StopPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
  Process: 33233 ExecStopPost=/bin/rm -rf /run/ntopng.conf (code=exited, status=0/SUCCESS)
  Process: 33226 ExecStartPost=/bin/sh -c /bin/echo "$(/bin/date) ntopng StartPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
  Process: 33225 ExecStart=/usr/local/bin/ntopng /run/ntopng.conf (code=exited, status=127)
  Process: 33214 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|^[ ]*--pid.*/s/^/#/" /etc/ntopng/ntopng.conf > /run/ntopng.c
  Process: 33184 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a restore || true
  Process: 33173 ExecStartPre=/bin/sh -c /bin/echo "$(/bin/date) ntopng StartPre" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
 Main PID: 33225 (code=exited, status=127)

Feb 11 02:48:51 so16 systemd[1]: ntopng.service: Unit entered failed state.
Feb 11 02:48:51 so16 systemd[1]: ntopng.service: Failed with result 'exit-code'.
Feb 11 02:48:51 so16 systemd[1]: Stopped ntopng high-speed web-based traffic monitoring and analysis tool.
Feb 11 02:48:51 so16 systemd[1]: Starting ntopng high-speed web-based traffic monitoring and analysis tool...
Feb 11 02:48:51 so16 ntopng[33225]: /usr/local/bin/ntopng: error while loading shared libraries: libradcli.so.4: cannot open shared object file: No such
Feb 11 02:48:51 so16 systemd[1]: ntopng.service: Main process exited, code=exited, status=127/n/a
Feb 11 02:48:51 so16 systemd[1]: Failed to start ntopng high-speed web-based traffic monitoring and analysis tool.
Feb 11 02:48:51 so16 systemd[1]: ntopng.service: Unit entered failed state.
Feb 11 02:48:51 so16 systemd[1]: ntopng.service: Failed with result 'exit-code'.

so16@so16:~/git$ sudo apt-get install libradcli4
Reading package lists... Done
Building dependency tree
Reading state information... Done
You might want to run 'apt-get -f install' to correct these:
The following packages have unmet dependencies:
 ntopng : Depends: n2n but it is not going to be installed
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).

so16@so16:~/git$ sudo apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
  gir1.2-appindicator3-0.1 gir1.2-javascriptcoregtk-4.0 gir1.2-nma-1.0 gir1.2-timezonemap-1.0 gir1.2-webkit2-4.0 libtimezonemap-data libtimezonemap1
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  libradcli4 n2n
The following NEW packages will be installed:
  libradcli4 n2n
0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
Need to get 66.5 kB of archives.
After this operation, 257 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://bit.ly/1cLolBc xenial/universe amd64 libradcli4 amd64 1.2.4-2.1 [28.8 kB]
Get:2 http://bit.ly/1cLolBc xenial/universe amd64 n2n amd64 1.3.1~svn3789-5 [37.7 kB]
Fetched 66.5 kB in 0s (339 kB/s)
Selecting previously unselected package libradcli4.
(Reading database ... 178799 files and directories currently installed.)
Preparing to unpack .../libradcli4_1.2.4-2.1_amd64.deb ...
Unpacking libradcli4 (1.2.4-2.1) ...
Selecting previously unselected package n2n.
Preparing to unpack .../n2n_1.3.1~svn3789-5_amd64.deb ...
Unpacking n2n (1.3.1~svn3789-5) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.15) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libradcli4 (1.2.4-2.1) ...
Setting up n2n (1.3.1~svn3789-5) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.15) ...
Processing triggers for ureadahead (0.100.0-19) ...

so16@so16:~/git$ sudo systemctl restart ntopng.service

so16@so16:~/git$ sudo systemctl status ntopng.service
● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
   Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-02-11 02:54:25 UTC; 3s ago
  Process: 39872 ExecStartPost=/bin/sh -c /bin/echo "$(/bin/date) ntopng StartPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
  Process: 39866 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|^[ ]*--pid.*/s/^/#/" /etc/ntopng/ntopng.conf > /run/ntopng.c
  Process: 39844 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a restore || true
  Process: 39829 ExecStartPre=/bin/sh -c /bin/echo "$(/bin/date) ntopng StartPre" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
 Main PID: 39871 (ntopng)
    Tasks: 1
   Memory: 25.1M
      CPU: 288ms
   CGroup: /system.slice/ntopng.service
           └─39871 /usr/local/bin/ntopng /run/ntopng.conf

Feb 11 02:54:25 so16 systemd[1]: Stopped ntopng high-speed web-based traffic monitoring and analysis tool.
Feb 11 02:54:25 so16 systemd[1]: Starting ntopng high-speed web-based traffic monitoring and analysis tool...
Feb 11 02:54:25 so16 systemd[1]: Started ntopng high-speed web-based traffic monitoring and analysis tool.
Feb 11 02:54:26 so16 ntopng[39871]: 11/Feb/2019 02:54:26 [Ntop.cpp:1902] Setting local networks to 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12
Feb 11 02:54:26 so16 ntopng[39871]: 11/Feb/2019 02:54:26 [Redis.cpp:127] Successfully connected to redis 127.0.0.1:6379@0
Feb 11 02:54:26 so16 ntopng[39871]: 11/Feb/2019 02:54:26 [Redis.cpp:127] Successfully connected to redis 127.0.0.1:6379@0
Feb 11 02:54:28 so16 ntopng[39871]: [PF_RING] Wrong RING version: kernel is 16, libpfring was compiled with 17

so16@so16:~/git$ sudo systemctl status ntopng.service
● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
   Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2019-02-11 02:54:30 UTC; 5min ago
  Process: 39941 ExecStopPost=/bin/sh -c /bin/echo "$(/bin/date) ntopng StopPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
  Process: 39938 ExecStopPost=/bin/rm -rf /run/ntopng.conf (code=exited, status=0/SUCCESS)
  Process: 39872 ExecStartPost=/bin/sh -c /bin/echo "$(/bin/date) ntopng StartPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
  Process: 39871 ExecStart=/usr/local/bin/ntopng /run/ntopng.conf (code=exited, status=1/FAILURE)
  Process: 39866 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|^[ ]*--pid.*/s/^/#/" /etc/ntopng/ntopng.conf > /run/ntopng.c
  Process: 39844 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a restore || true
  Process: 39829 ExecStartPre=/bin/sh -c /bin/echo "$(/bin/date) ntopng StartPre" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
 Main PID: 39871 (code=exited, status=1/FAILURE)

Feb 11 02:54:29 so16 ntopng[39871]: 11/Feb/2019 02:54:29 [PcapInterface.cpp:93] Reading packets from interface ens33...
Feb 11 02:54:29 so16 ntopng[39871]: 11/Feb/2019 02:54:29 [Ntop.cpp:1996] Registered interface ens33 [id: 0]
Feb 11 02:54:29 so16 ntopng[39871]: 11/Feb/2019 02:54:29 [main.cpp:308] PID stored in file /var/run/ntopng.pid
Feb 11 02:54:30 so16 ntopng[39871]: 11/Feb/2019 02:54:30 [Utils.cpp:592] User changed to ntopng
Feb 11 02:54:30 so16 ntopng[39871]: 11/Feb/2019 02:54:30 [HTTPserver.cpp:1199] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
Feb 11 02:54:30 so16 ntopng[39871]: 11/Feb/2019 02:54:30 [HTTPserver.cpp:1208] HTTPS server listening on 3000
Feb 11 02:54:30 so16 ntopng[39871]: 11/Feb/2019 02:54:30 [main.cpp:365] ERROR: Unable to write on /usr/local/ntopng as 'ntopng' [/usr/local/ntopng/.test
Feb 11 02:54:30 so16 systemd[1]: ntopng.service: Main process exited, code=exited, status=1/FAILURE
Feb 11 02:54:30 so16 systemd[1]: ntopng.service: Unit entered failed state.
Feb 11 02:54:30 so16 systemd[1]: ntopng.service: Failed with result 'exit-code'.
so16@so16:~/git$ ls -al /usr/local/ntopng
total 8
drwxr-xr-x  2 nobody root 4096 Feb 11 02:48 .
drwxr-xr-x 11 root   root 4096 Feb 11 02:48 ..
so16@so16:~/git$ sudo chown ntopng:ntopng /usr/local/ntopng
so16@so16:~/git$ ls -al /usr/local/ntopng
total 8
drwxr-xr-x  2 ntopng ntopng 4096 Feb 11 02:48 .
drwxr-xr-x 11 root   root   4096 Feb 11 02:48 ..
so16@so16:~/git$ ls -al /usr/local/ntopng/
total 8
drwxr-xr-x  2 ntopng ntopng 4096 Feb 11 02:48 .
drwxr-xr-x 11 root   root   4096 Feb 11 02:48 ..
so16@so16:~/git$ sudo systemctl restart ntopng.service
so16@so16:~/git$ sudo systemctl status ntopng.service
● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
   Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-02-11 03:03:13 UTC; 4s ago
  Process: 39941 ExecStopPost=/bin/sh -c /bin/echo "$(/bin/date) ntopng StopPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
  Process: 39938 ExecStopPost=/bin/rm -rf /run/ntopng.conf (code=exited, status=0/SUCCESS)
  Process: 46939 ExecStartPost=/bin/sh -c /bin/echo "$(/bin/date) ntopng StartPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
  Process: 46933 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|^[ ]*--pid.*/s/^/#/" /etc/ntopng/ntopng.conf > /run/ntopng.c
  Process: 46914 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a restore || true
  Process: 46903 ExecStartPre=/bin/sh -c /bin/echo "$(/bin/date) ntopng StartPre" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
 Main PID: 46938 (ntopng)
    Tasks: 9
   Memory: 77.1M
      CPU: 507ms
   CGroup: /system.slice/ntopng.service
           └─46938 /usr/local/bin/ntopng /run/ntopng.conf

Feb 11 03:03:16 so16 ntopng[46938]: 11/Feb/2019 03:03:16 [PcapInterface.cpp:93] Reading packets from interface ens33...
Feb 11 03:03:16 so16 ntopng[46938]: 11/Feb/2019 03:03:16 [Ntop.cpp:1996] Registered interface ens33 [id: 0]
Feb 11 03:03:16 so16 ntopng[46938]: 11/Feb/2019 03:03:16 [main.cpp:308] PID stored in file /var/run/ntopng.pid
Feb 11 03:03:17 so16 ntopng[46938]: 11/Feb/2019 03:03:17 [Utils.cpp:592] User changed to ntopng
Feb 11 03:03:17 so16 ntopng[46938]: 11/Feb/2019 03:03:17 [HTTPserver.cpp:1199] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
Feb 11 03:03:17 so16 ntopng[46938]: 11/Feb/2019 03:03:17 [HTTPserver.cpp:1208] HTTPS server listening on 3000
Feb 11 03:03:17 so16 ntopng[46938]: 11/Feb/2019 03:03:17 [main.cpp:390] Working directory: /usr/local/ntopng
Feb 11 03:03:17 so16 ntopng[46938]: 11/Feb/2019 03:03:17 [main.cpp:392] Scripts/HTML pages directory: /usr/share/ntopng
Feb 11 03:03:17 so16 ntopng[46938]: 11/Feb/2019 03:03:17 [Ntop.cpp:403] Welcome to ntopng x86_64 v.3.8.190206 - (C) 1998-18 ntop.org
Feb 11 03:03:17 so16 ntopng[46938]: 11/Feb/2019 03:03:17 [Ntop.cpp:413] Built on Ubuntu 16.04.5 LTS
lines 1-26/26 (END)

Copyright 2003-2018 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and http://bit.ly/1fDn3pG)


from TaoSecurity http://bit.ly/2DtY10x
Posted by at
Labels: ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)