User Guide

Configuration

Permissions

Like for all other modules, the Full Module Access and General Module Access permissions are available for the ntopng module, mapped to the Administrator and Non Privileged user roles in ntopng, respectively. An Administrator will have full access to all the modules’ functionalities and will not be subject to the restrictions listed below.

An additional Permission is peculiar to this module, namely pcap-download, that allows download .pcap file captured by ntopng.

There are two Restrictions available for this module:

  • allowed-interfaces is used to mark which interfaces are available to the role. Wildcard can be used, default is tcp://*:5556c. The trailing c is important as it lets ntopng act as a collector.

  • allowed-networks allows access only to those flows originating from the given (local) networks

Note

Restriction can be applied to only one ntopng interface at time. For this reason, if a user has multiple roles and each role has an interface set in the restriction, the user will only be able to see the first interface.f In case the wildcard * is set in at least one of the roles, the user will be able to see all the interfaces.

Data Retention for ntopng

ntopng by default keeps the flows and alerts data for 7 days. However, you can configure it from ntopng UI in the following preferences section: Settings / Preferences / Expert View / Data Retention.

ClickHouse Log Retention

ClickHouse stores logs in System tables. Due to the amount of information stored, they can take up a large amount of disk space. For this reason the default retention set on all ClickHouse System tables is 7 days. You can change the retention value by following these steps:

  • create a custom sysconfig environment file at: /neteye/local/clickhouse-server/conf/sysconfig/clickhouse-server-user-customization

  • specify the new retention value for each table the user wants to customize in the format

    QUERY_LOG_RETENTION="event_date + INTERVAL 5 DAY"
    

    The available variables are

    • QUERY_LOG_RETENTION: to set the retention of the query_log table, which contains information about the executed queries

    • TRACE_LOG_RETENTION: retention of the table containing stack traces of the query profiler

    • QUERY_THREAD_LOG_RETENTION: retention of the table containing information about the threads executing the single queries

    • QUERY_VIEWS_LOG_RETENTION: retention of the table containing information about the views executed when running a certain query

    • PART_LOG_RETENTION: retention of the table containing information about table parts events, namely events connected with tables using the MergeTree engine

    • METRIC_LOG_RETENTION: retention of the table containing the history of metric values from other system tables

    • ASYNC_METRIC_LOG_RETENTION: retention of the table containing the historical values of some asynchronous metrics calculated in background

  • restart the ClickHouse service: systemctl restart clickhouse-server.service

See also

ClickHouse system tables for more information.