Monitoring DNS on your raspberry pi with ntopng

Raspbian Buster Lite Version: September 2019 Release date: 2019-09-26
Pi-hole Version v4.3.2 Web Interface Version v4.3.2 FTL Version v4.3.1
unbound v1.9.6 (compiled from source)
Installation instructions:


sudo dpkg -i apt-ntop_1.0.190416-469_all.deb 
sudo apt-get -y install ntopng nprobe n2n 

sudo service ntopng stop

# activate community edition
sudo -i sed '/ExecStart=/ s/$/ --community/' $file

# options @
sudo cp $file /etc/ntopng/
sudo sed -i '/# -i=eth2/a -i=eth0' $file
# filter syntax @
echo '--packet-filter="port 53"' | sudo tee -a $file

sudo systemctl daemon-reload
sudo service ntopng start

Warning for redis (unbound) users: you’ll need an additional configuration setting to force ntopng to use redis database 1 (unbound uses database 0 - this doesn’t appear to be configurable)

echo '--redis="@1"' | sudo tee -a /etc/ntopng/ntopng.conf

you may want to use this method (NOT tested) to prevent ntopng from starting immediately after installation, thus using the wrong redis database…

traffic dashboard (http://ip_of_pihole:3000/)

active flows (sample)

intriguing questions (alerts) I need to look into:

All comments and ideas are welcome to increase the possible diagnostic value of this package.

1 Like