Connect to ClickHouse

To connect ntopng to ClickHouse use option -F. The format of this option is the following

clickhouse;<host[@port]|socket>;<dbname>;<user>;<pw>

Where

  • <host[@port]|socket> Specifies the database host or a socket file. By default, port 9000 is used for the connection. To use a different port, specify it with @port. The host can be a symbolic name or an IP address.
  • <dbname> Specifies the name of the database to be used and defaults to ntopng
  • <user> Specifies an user with read and write permissions on <dbname>
  • <pw> Specifies the password that authenticates <user>

Example

To connect ntopng and ClickHouse, both running on the same machine, the following line can be used

./ntopng -F="clickhouse;127.0.0.1;ntopng;default;default"

In the example above, 127.0.0.1 is used to connect using IPv4 (using the symbolic string localhost could resolve to an IPv6 address). A user default, identified with password default, with read and write permissions on database ntopng is indicated as well. As shortcut you can use -F clickhouse for F="clickhouse;127.0.0.1;ntopng;default;default"

Stored Information

ntopng stores historical flows and alerts in ClickHouse.

IPv4 and IPv6 flows are stored in table flows. A column INTERFACE_ID is used to identify the interface on which the flow was seen, this is useful ntopng is monitoring multiple interfaces (see -i).

Alerts are stored in several tables, all ending with suffix _alerts. The table prefix indicates the alert family, e.g. host_alerts table contains alerts for hosts, flow_alerts table contains alerts for flows, and so on.