Qadry
unixcop Admin

How to install and use Darkstat web based Linux Network Traffic Analyzer

Introduction

If you are a system administrator managing a Linux server, you want a simple tool that helps to monitor your server.

Darkstat is a cross-platform, lightweight, simple, real-time network statistics tool that captures network traffic, computes statistics concerning usage, and serves the reports over HTTP.

Install Darkstat

  • For Ubuntu and Debian operating systems, run:
sudo apt-get install darkstat -y
  • For CentOS and RHEL operating systems, run:
dnf install darkstat -y

Configure Darkstat

  • Edit the Darkstat main configuration file and define your network interface, port, and listening IP address
vim /etc/darkstat/init.cfg
  • Then modify on this value as follow
START_DARKSTAT=yes
INTERFACE="-i ens33"
DIR="/var/lib/darkstat"
PORT="-p 667"
BINDIP="-b 0.0.0.0"
DAYLOG="--daylog darkstat.log"

Note: you can know the name of your interface with running the command below

nmcli c s 
  • Restart the Darkstat service
systemctl restart darkstat

Check the status of Darkstat

systemctl status darkstat

Access Darkstat via Web UI

  • Darkstat is running and listening on port 667. You can check it with the following command:
ss -antpl | grep 667
  • Open your web browser and access the Darkstat web interface using the URL http://Server_ip:667 as shown below
  • You can reload graphs automatically by clicking on and off buttons.
  • You’ll get a list of all hosts on the network that have attempted to reach the server by clicking on the hosts section

Manage Darkstat From CLI

  • To collect network statistics on the ens33 interface, you can use the -i flag as below.
darkstat -i ens33
  • Also to serve web pages on a specific port, include the -p flag like this.
darkstat -i ens33 -p 80
  • To keep an eye on network statistics for a given service, use the -f or filter flag. The filter will capture traffic concerned with SSH service.
darkstat -i ens33 -f "port 22"
  • To shutdown Darkstat, Send SIGTERM or SIGINT signal to the darkstat parent process.

1- Get the darkstat parent process ID (PPID) using the pidof command:

pidof darkstat

2- Then kill the process.

sudo kill -15 6352
OR
sudo kill -SIGTERM 6352

Conclusion

In this guide, we showed you how to install and use Darkstat in Linux to capture network traffic over the HTTP.

Thank you.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

x