Monitoring DNS on your raspberry pi with ntopng

Raspbian Buster Lite Version: September 2019 Release date: 2019-09-26
Pi-hole Version v4.3.2 Web Interface Version v4.3.2 FTL Version v4.3.1
unbound v1.9.6 (compiled from source)
Installation instructions:


sudo dpkg -i apt-ntop_1.0.190416-469_all.deb 
sudo apt-get -y install ntopng nprobe n2n 

sudo service ntopng stop

# activate community edition
sudo -i sed '/ExecStart=/ s/$/ --community/' $file

# options @
sudo cp $file /etc/ntopng/
sudo sed -i '/# -i=eth2/a -i=eth0' $file
# filter syntax @
echo '--packet-filter="port 53"' | sudo tee -a $file

sudo systemctl daemon-reload
sudo service ntopng start

Warning for redis (unbound) users: you’ll need an additional configuration setting to force ntopng to use redis database 1 (unbound uses database 0 - this doesn’t appear to be configurable)

echo '--redis="@1"' | sudo tee -a /etc/ntopng/ntopng.conf

you may want to use this method (NOT tested) to prevent ntopng from starting immediately after installation, thus using the wrong redis database…

traffic dashboard (http://ip_of_pihole:3000/)

active flows (sample)

intriguing questions (alerts) I need to look into:

All comments and ideas are welcome to increase the possible diagnostic value of this package.


how do you upate the license file?

The Community version is free to use and opensource (code can be found on Github), ref. here. Licensing faq here.

to activate community editition:

echo '--community=' | sudo tee -a /etc/ntopng/ntopng.conf

and restart the ntopng service.

The method to activate community edition, as described in the original post (modify /etc/systemd/system/ntopng.service) doesn't work (only works if you start ntopng from the command line), but I cannot edit the post anymore...

awsome!!! updated!! thanks!! works great!!