Install and configure nprobe

Suppose we installed ntopng as I described in this article – Install and configure ntopng
That is, they selected the necessary package at and downloaded it:

wget wget
sudo dpkg -i apt-ntop-stable.deb

Install nprobe if it is not installed:

sudo apt-get clean all
sudo apt-get update
sudo apt-get install nprobe

To receive NetFlow data and transfer it to ntopng, create a file (in the nano editor, press CTRL+X to exit, y/x to save or discard changes):

sudo nano /etc/nprobe/nprobe-anyname.conf

Add to it:

-3 2055
--flow-version 9

2055 is the port on which you want to receive NetFlow data, and port 5556 is used to transmit it to ntopng.
See my articles on configuring NetFlow on switches:
Configuring NetFlow on Cisco
Configuring sFlow on D-Link Switches
Setting up and using Traffic Flow in Mikrotik

Now it remains to open the ntopng configuration in a text editor:

sudo nano /etc/ntopng/ntopng.conf

And add a line at the end (thereby adding the nprobe interface to collect statistics):


It remains to restart ntopng to apply the changes:

sudo service ntopng restart

Check whether everything works:

sudo netstat -tulpen | grep 2055
sudo netstat -tulpen | grep 5556
sudo /etc/init.d/nprobe status

I noticed that nprobe does not always shut down after the command:

sudo /etc/init.d/nprobe stop

Therefore, if necessary, you can stop it like this:

sudo killall nprobe
sudo kill -9 PID

In the free version of nprobe, I had a message:

NOTE: This is a DEMO version limited to 25000 flows export.

The full version can be purchased at the official site of

See also:
IPTables rules for nprobe

Using netwox

I will give examples of using netwox and describe them.
I described the netwox installation in this article – Установка netwox

Example of a standard startup:

sudo netwox

netwox has quite a lot of functions, you can see them by pressing after starting the number 3 and Enter.

Network configuration display:

sudo netwox 1

Display debugging information:

sudo netwox 2

Display information about the IP address or host name:

sudo netwox 3

Displaying information about the MAC address:

sudo netwox 4 -e 00:15:5D:38:01:08

Obtaining MAC addresses from the IP list:

sudo netwox 5 -i

Display information that will be used to reach the specified IP address:

sudo netwox 6

Sniffer, displaying the transmitted packets on the screen:

sudo netwox 7

Sniffer, displaying only the list of open ports that were used in the captured packets:

sudo netwox 8

Sniffer, mapping of MAC and IP addresses:

sudo netwox 9

An example of capturing packets and displaying brief statistics (the number of packets counted, the size of packages, the percentage of the number of packets (c%), the percentage of the size (s%)):

netwox 10 -d eth0

Convert a digit to an encrypted one:

sudo netwox 21 -n number

Converting a string to an encrypted string (sha256, md5, etc.):

sudo netwox 22 -d text

Show ASCII table:

sudo netwox 23

Check the security of the directory:

sudo netwox 25 /tmp/

Example of ICMP PING:

sudo netwox 49 -i

Example of ARP PING:

sudo netwox 55 -i

Example ICMP route tracing:

sudo netwox 57 -i

Example of TCP route tracing:

sudo netwox 59 -i

Example UDP route tracing:

sudo netwox 61 -i

Example of port scanning:

sudo netwox 67 -i -p 1-1000

ICMP scanning for availability:

sudo netwox 65 -i

TCP port access scan:

sudo netwox 67 -i -p 80

UDP port access scan:

sudo netwox 69 -i -p 80

ARP scanning:

sudo netwox 71 -i

Flood random fragments:

sudo netwox 74 -i

Filling the table of MAC-addresses of the switch by sending a flood:

sudo netwox 75


sudo netwox 76 -i -p 80


Installing and Configuring OpenFire

OpenFire – A cross-platform XMPP server written in Java.

For the test, I will install OpenFire in Ubuntu Server 16.04 and describe the process.

Since OpenFire requires Java, let’s see the installed version on the system:

java -version

If necessary, install Java:

sudo apt-get install default-jre

Then go to the download page, click download and copy the link.

Download, adding at the end the copied link instead of LINK:

wget -O openfire.deb LINK

For example:

wget -O openfire.deb


sudo dpkg --install openfire.deb

Now it remains to open in the browser http://YourServer:9090/ and follow the prompts.

After that, the installation of OpenFire will be completed.

If necessary, you can stop, start, or restart OpenFire like this:

/etc/init.d/openfire {start|stop|restart|force-reload}

Installing and Configuring SSMTP

SSMTP – an alternative to sendmail for sending mail, allows you to configure sending via third-party mail servers.

To install in Ubuntu, use the command:

sudo apt-get install ssmtp mailutils

Next, open the /etc/ssmtp/ssmtp.conf file in any text editor (in the nano, press Ctrl+X to exit, y/n to save or discard changes):

sudo nano /etc/ssmtp/ssmtp.conf

Comment out all and set up as shown below for an example:

If you use Google mail, you will probably need to allow “Untrusted applications” in the settings at

Also open the /etc/ssmtp/revaliases file in the text editor:

sudo nano /etc/ssmtp/revaliases

And add:

Let’s try to send the letter to the specified address (after the command we will type the desired text and put a point for completion):

sendmail -v

Letters must be sent from the address specified in the file /etc/ssmtp/ssmtp.conf.

Using Linux ISG

View all sessions:

/opt/ISG/bin/ | less

View information about a specific session:

/opt/ISG/bin/ | grep

Viewing the number of sessions:

/opt/ISG/bin/ show_count

Deleting a specific session:

/opt/ISG/bin/ clear
/opt/ISG/bin/ clear <IP-address | Virtual# | Session-ID>

Change the speed for a specific session (incoming/outgoing, for example 100 MB/s):

/opt/ISG/bin/ change_rate 102400 102400

I note that the speed is specified in kilobytes, and when viewed in the table of sessions is displayed in bytes.

I’ll describe the possible keys to the flags:
A (Session approved)
X (Session not approved)
S (This is a service (or sub-session))
O (Service administrative status is enabled)
U (Online service (RADIUS account is active, traffic flow))
T (Type of service – “tagger”)
Z (Disconnected)

Changing the processor core frequency in Linux

To see the minimum, current and maximum frequency of the processor cores, execute the command:

grep '' /sys/devices/system/cpu/cpu0/cpufreq/scaling_{min,cur,max}_freq

For example, in my case, the following is displayed:


On idle servers, there is probably no point in raising the minimum frequency of the processor cores, but on heavily loaded ones, such as the access server for example, I usually increase, because the processor is constantly loaded, jumping frequencies only hinder and judging by the graphs after the changes, the load on the processor decreases noticeably.

To set the minimum frequency for all processor cores to the same as the maximum, create a script with the code below and execute it:

cpucount=$(grep -c 'model name' /proc/cpuinfo)
for cpu in $(eval echo cpu{0..$((cpucount-1))}); do
        cat $sysdir/$cpu/cpufreq/scaling_max_freq > $sysdir/$cpu/cpufreq/scaling_min_freq

See also my article:
Changing CPU Scaling Governor on Linux

Logging activity using IPTables

Using iptables, you can write network activity to the log file, that is, which data is sent to and from where it comes from.
Example command:

sudo iptables -t filter -A FORWARD -s -m tcp -p tcp --dport 80 -j LOG --log-prefix "iptables: "

That the information was written not in rsyslog a file, and separately, we will create a file:

sudo nano /etc/rsyslog.d/10-iptables.conf

And add the following to it:

:msg, contains, "iptables: " -/var/log/iptables.log
& ~

To apply the changes, restart rsyslog:

sudo /etc/init.d/rsyslog reload

Done, the network activity specified in the first rule will be written to the file /var/log/iptables.log.

It is also desirable to configure logrotate to remove old logs, to save disk space.

See also:
Configuring logrotate for log rotation
Configuring IPTables

Monitoring of Apache2 parameters in Zabbix

Install the necessary components:

sudo apt-get install curl

Activate the module information about apache2 (usually it is activated initially):

sudo a2enmod info

Open the configuration file of the module and specify the IP address of the zabbix server to allow it to view information about apache2 (if apache2 is on the local machine, then access is usually allowed by specifying local or

sudo nano /etc/apache2/mods-enabled/status.conf

In the nano editor, CTRL+X is used to exit and y/n to save or discard changes. Example of specifying IP:

<Location /server-status>
    SetHandler server-status
    Require local
    Require ip

Restart the web server to apply the changes:

sudo service apache2 restart

Now the information about apache2 is available through the browser by the link http://HOST/server-status

Let’s move on to Zabbix. Create a folder for scripts if it does not exist:

mkdir /etc/zabbix/scripts/
chown root:zabbix -R /etc/zabbix/scripts/
chmod 750 /etc/zabbix/scripts/

In the zabbix server configuration file, we specify the path to this folder:

sudo nano /etc/zabbix/zabbix_server.conf

Now I will give the content of the script:

if [[ -z "$1" || -z "$2" || -z "$3" ]]; then
  exit 1
##### PARAMETERS #####
CACHE_FILE="/tmp/zabbix.apache2.`echo ${URL} | md5sum | cut -d" " -f1`.cache"
NOW_TIME=`date '+%s'`
##### RUN #####
if [ -s "${CACHE_FILE}" ]; then
  CACHE_TIME=`stat -c"%Y" "${CACHE_FILE}"`
if [ ${DELTA_TIME} -lt ${EXEC_TIMEOUT} ]; then
  sleep $((${EXEC_TIMEOUT} - ${DELTA_TIME}))
elif [ ${DELTA_TIME} -gt ${CACHE_TTL} ]; then
  echo "" >> "${CACHE_FILE}" # !!!
  DATACACHE=`curl -sS --insecure --max-time ${EXEC_TIMEOUT} "${STATSURL}" 2>&1`
  echo "${DATACACHE}" > "${CACHE_FILE}" # !!!
  echo "URL=${URL}"  >> "${CACHE_FILE}" # !!!
  chmod 640 "${CACHE_FILE}"
if [ "${METRIC}" = "accesses" ]; then
  cat "${CACHE_FILE}" | grep -i "accesses" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "kbytes" ]; then
  cat "${CACHE_FILE}" | grep -i "kbytes" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "cpuload" ]; then
  cat "${CACHE_FILE}" | grep -i "cpuload" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "uptime" ]; then
  cat "${CACHE_FILE}" | grep -i "uptime" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "avgreq" ]; then
  cat "${CACHE_FILE}" | grep -i "ReqPerSec" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "avgreqbytes" ]; then
  cat "${CACHE_FILE}" | grep -i "BytesPerReq" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "avgbytes" ]; then
  cat "${CACHE_FILE}" | grep -i "BytesPerSec" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "busyworkers" ]; then
  cat "${CACHE_FILE}" | grep -i "BusyWorkers" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "idleworkers" ]; then
  cat "${CACHE_FILE}" | grep -i "idleworkers" | cut -d':' -f2 | head -n1
if [ "${METRIC}" = "totalslots" ]; then
  cat "${CACHE_FILE}" | grep -i "Scoreboard" | cut -d':' -f2 | sed -e 's/ //g' | wc -c | awk '{print $1-1}'
exit 0

Let’s make the script file executable:

chown root:zabbix /etc/zabbix/scripts/
chmod 550 /etc/zabbix/scripts/

Script validation example:

sudo -u zabbix /etc/zabbix/scripts/ none accesses http://HOST/server-status

Open the zabbix agent configuration file in the editor:

sudo nano /etc/zabbix/zabbix_agentd.conf

And we will specify the following parameters:

UserParameter=apache2[*],/etc/zabbix/scripts/ "none" "$1" "$2"

Some commands allow you to see the number of apache2 processes and connections to port 80, for this you do not need a script, for example, you can specify:

UserParameter=apache2.count_processes,ps aux | grep apache | wc -l
UserParameter=connections_on_80_port,netstat -na | grep :80 | wc -l

Restart the zabbix agent to apply the changes:

sudo /etc/init.d/zabbix-agent restart

Let’s check:

zabbix_get -s -k "apache2[accesses,http://HOST/server-status]"

Now we will create a template and add data elements, an example of created data items:


Exported ready template – apache2-status

We also need to add a macro to the monitored host:

Value: http://HOST/server-status


The number of apache2 processes can be obtained from the Zabbix agent by creating on the Zabbix server a data element with a key: