Monitoring DNS on your raspberry pi with ntopng

Environment:
Raspbian Buster Lite Version: September 2019 Release date: 2019-09-26
Pi-hole Version v4.3.2 Web Interface Version v4.3.2 FTL Version v4.3.1
unbound v1.9.6 (compiled from source)
Installation instructions:

#!/bin/bash

# http://packages.ntop.org/RaspberryPI/
wget http://packages.ntop.org/RaspberryPI/apt-ntop_1.0.190416-469_all.deb 
sudo dpkg -i apt-ntop_1.0.190416-469_all.deb 
sudo apt-get -y install ntopng nprobe n2n 

sudo service ntopng stop

# activate community edition
file=/etc/systemd/system/ntopng.service
sudo -i sed '/ExecStart=/ s/$/ --community/' $file

file=/etc/ntopng/ntopng.conf
# options @ https://www.ntop.org/guides/ntopng/cli_options.html
sudo cp $file /etc/ntopng/ntopng.org
sudo sed -i '/# -i=eth2/a -i=eth0' $file
# filter syntax @ https://www.tcpdump.org/manpages/pcap-filter.7.html
echo '--packet-filter="port 53"' | sudo tee -a $file

sudo systemctl daemon-reload
sudo service ntopng start

Warning for redis (unbound) users: you’ll need an additional configuration setting to force ntopng to use redis database 1 (unbound uses database 0 - this doesn’t appear to be configurable)

echo '--redis="@1"' | sudo tee -a /etc/ntopng/ntopng.conf

you may want to use this method (NOT tested) to prevent ntopng from starting immediately after installation, thus using the wrong redis database…

traffic dashboard (http://ip_of_pihole:3000/)

active flows (sample)

intriguing questions (alerts) I need to look into:

All comments and ideas are welcome to increase the possible diagnostic value of this package.

1 Like