Configuration¶
Permissions¶
Like for all other modules, the Full Module Access and General Module Access permissions are available for the ntopng module, mapped to the Administrator and Non Privileged user roles in ntopng, respectively. An Administrator will have full access to all the modules’ functionalities and will not be subject to the restrictions listed below.
An additional Permission is peculiar to this module, namely pcap-download, that allows download .pcap file captured by ntopng.
There are two Restrictions available for this module:
allowed-interfaces is used to mark which interfaces are available to the role. Wildcard can be used, default is
tcp://*:5556c
. The trailingc
is important as it lets ntopng act as a collector.allowed-networks allows access only to those flows originating from the given (local) networks
Note
In ntopng only one interface can be set as a restriction. For this
reason, if a user has multiple roles and each role has an interface set in the
restriction, the user will only be able to see the first interface.
In case the wildcard *
is set in at least one of the roles,
the user will be able to see all the interfaces.
Retention Period¶
Data Retention for ntopng¶
ntopng by default keeps the flows and alerts data for 7 days. However, you can configure it from ntopng UI in the following preferences section:
.ClickHouse Log Retention¶
ClickHouse stores logs in System tables. Due to the amount of information stored, they can take up a large amount of disk space. For this reason the default retention set on all ClickHouse System tables is 7 days. You can change the retention value by following these steps:
create a custom sysconfig environment file at:
/neteye/local/clickhouse-server/conf/sysconfig/clickhouse-server-user-customization
specify the new retention value for each table the user wants to customize in the format
QUERY_LOG_RETENTION="event_date + INTERVAL 5 DAY"
The available variables are
QUERY_LOG_RETENTION: to set the retention of the query_log table, which contains information about the executed queries
TRACE_LOG_RETENTION: retention of the table containing stack traces of the query profiler
QUERY_THREAD_LOG_RETENTION: retention of the table containing information about the threads executing the single queries
QUERY_VIEWS_LOG_RETENTION: retention of the table containing information about the views executed when running a certain query
PART_LOG_RETENTION: retention of the table containing information about table parts events, namely events connected with tables using the MergeTree engine
METRIC_LOG_RETENTION: retention of the table containing the history of metric values from other system tables
ASYNC_METRIC_LOG_RETENTION: retention of the table containing the historical values of some asynchronous metrics calculated in background
restart the ClickHouse service: systemctl restart clickhouse-server.service
See also
ClickHouse system tables for more information.