Environment:
Raspbian Buster Lite Version: September 2019 Release date: 2019-09-26
Pi-hole Version v4.3.2 Web Interface Version v4.3.2 FTL Version v4.3.1
unbound v1.9.6 (compiled from source)
Installation instructions:
#!/bin/bash
# http://packages.ntop.org/RaspberryPI/
wget http://packages.ntop.org/RaspberryPI/apt-ntop_1.0.190416-469_all.deb
sudo dpkg -i apt-ntop_1.0.190416-469_all.deb
sudo apt-get -y install ntopng nprobe n2n
sudo service ntopng stop
# activate community edition
file=/etc/systemd/system/ntopng.service
sudo -i sed '/ExecStart=/ s/$/ --community/' $file
file=/etc/ntopng/ntopng.conf
# options @ https://www.ntop.org/guides/ntopng/cli_options.html
sudo cp $file /etc/ntopng/ntopng.org
sudo sed -i '/# -i=eth2/a -i=eth0' $file
# filter syntax @ https://www.tcpdump.org/manpages/pcap-filter.7.html
echo '--packet-filter="port 53"' | sudo tee -a $file
sudo systemctl daemon-reload
sudo service ntopng start
Warning for redis (unbound) users: you'll need an additional configuration setting to force ntopng to use redis database 1 (unbound uses database 0 - this doesn't appear to be configurable)
echo '--redis="@1"' | sudo tee -a /etc/ntopng/ntopng.conf
you may want to use this method (NOT tested) to prevent ntopng from starting immediately after installation, thus using the wrong redis database...
traffic dashboard (http://ip_of_pihole:3000/)
active flows (sample)
intriguing questions (alerts) I need to look into:
All comments and ideas are welcome to increase the possible diagnostic value of this package.