File ntopng.changes of Package ntopng

Sun Aug 22 12:43:11 UTC 2021 - Martin Hauke <>

- Update to version 5.0
  * Advanced alerts engine with security features, including the
    detection of attackers and victims.
    + Integration of 30+ nDPI security risks.
    + Generation of the score indicator of compromise for hosts,
      interfaces and other network elements.
  * Ability to collect flows from hundredths of routers by means of
    observation points.
  * Anomaly detection based on Double Exponential Smoothing (DES)
    to uncover possibly suspicious behaviors in the traffic and in
    the score.
  * Encrypted Traffic Analysis (ETA) with special emphasis on the
    TLS to uncover self-signed, expired, invalid certificates and
    other issues.
  New features
  * Ability to configure alert exclusions for individual hosts to
    mitigate false positives.
  * Ability to see the TX/RX traffic breakdown both for physical
    interfaces and when receiving traffic from nProbe.
  * Add support for ECS when exporting to Syslog.
  * Improved TCP analysis, including analysis of TCP flows with
    zero window and low goodput.
  * Ability to send alerts to Slack.
  * Implementation of a token-based REST API access.
  * Reworked the execution of hosts and flows checks (formerly user
    scripts), yielding a reduced CPU load of about 50% .
  * Improved 100Kfps+ NetFlow/sFlow collection performance.
  * Drilldown of nIndex historical flows much more flexible.
  * Migration to Bootstrap 5.
  * Check malicious JA3 signatures against all TLS-based protocols.
  * Reworked Doh/DoT handling.
  * Fixes SSRF and stored-XSS injected with malicious SSDP
  * Fixes several leaks in NetworkInterface
  * REST API v1/ is deprecated and will be dropped in the next
    stable release in favor of REST API v2/ .
  * The old alerts dashboard has been removed and replaced by an
    advanced alerts drilldown page with integrated charts.

Fri Apr 23 15:12:36 UTC 2021 - Mathias Homann <>

- Update to ntopNG 4.2
  * had to manually specify the mysql include dir - something weird is going

Sat May  2 11:19:10 UTC 2020 - Petr Cervinka <>

- Add unit file
- Remove ntopctl script
- Obsolete old ntopng-data package

Wed Apr 29 12:52:21 UTC 2020 - Petr Cervinka <>

- Major package changes:
   * Remove displaying setup information from post section, it duplicates 
     content of README.SUSE
   * Add patch to avoid static linking against bundled ndpi library
   * Remove bundled ndpi library
   * Remove GeoIP data, GeoIP has been discontinued by Maxmind
   * Add geoipupdate to recommends
   * Add directory /var/lib/ntopng
   * Add creation of ntopng user
   * Use default ntopng.conf provided by upstream
   * Update description in ntopng.service file
   * Fix requires in ntopng.service file
   * Remove sysconfig configuration file
   * Add ntopng@.service file to have possibility of multiple configuration files
   * Update SUSE.README about multiple configuration filesqq
- Update to version 4.0:
   * Plugins engine to tap into flows, hosts and other network elements
   * Migration to Bootstrap 4 and Font Awesome 5 for a renewed ntopng look-and-feel
     with light and dark themes
   * Processes and containers monitoring thanks to the eBPF integration via libebpfflow
   * Active monitoring of hosts ICMP/ICMPv6/HTTP/HTTPS Round Trip Times (RTT)
  New features
   * X.509 client certificate authentication
   * ERSPAN transparent ethernet bridging
   * Webhook export module for exporting alarms
   * Identifications of the hosts in broadcast domain
   * Category Lists editor to manage ip/domain lists
   * Handling of PEN fields from nProbe
   * Added anomalous flows to the looking glass
   * Visibility of ICMP port-unreachable flows IPv4
   * TCP states filtering (est., connecting, closed and rst)
   * Ability to serialize local hosts in the broadcast domain via MAC address
   * Japanese, portugese/brazilian localization
   * Added process memory, cpu load, InfluxDB, Redis status pages and charts
   * Implement ntopng Plugins, self contained modules to extend the ntopng functionalities
   * Implement ZMQ/Suricata companion interface
   * SSL traffic analysis and alerts via JA3 fingerprint, unsafe ciphers detection
   * SSH traffic analysis and alerts via HASSH fingerprint
   * Host traffic profile generation via the (MUD) Manufacturer Usage Descriptor
   * Experimental Prometheus timeseries export
   * Introduce the System interface to manage system wide settings and status
   * Read events from Suricata and generate alerts
   * SNMP network topology visualization
   * Automatic ntopng update check and upgrade
   * Calculate host anomaly score and trigger alerts when it exceeds a threshold
   * Add ability to extract timeseries data with a click
   * Initial Marketplace droplet using Fabric
   * Alerts on duplex status change on SNMP interface
   * View interfaces are now optimized for big networks and use less memory
   * Systemd macros are now used to start/restart the ntopng services
   * Handles n2disk traffic extractions from recording processes non managed by ntopng
   * Interface in/out now available also for non PF_RING interfaces (read from /proc)
   * Automatic InfluxDB rollup support
   * MDNS discovery improvements
   * Rework of the alerts engine and api for efficient engaged alerts triggering
   * Faster ZMQ communication to nProbe thanks to the implementation of a binary TLV format
   * Stats update for ZMQ interfaces is now based on the idle/active flows timeout
   * Timeseries export improvements via queues, detect if InfluxDB is down and stop the export
   * Implemented reusable Lua engine to reduce the overhead of periodic scripts
   * Improve Lua error handling
   * Exclude certain categories from Elephant/Long lived flows alerts
   * Ability to set up port forwarding
   * Support for Ubuntu 18.04
   * Fix users and other prefs deleted during nEdge data reset
   * Japanese localization
   * Block unsupported L3 protocols (currently only ARP and IPv4 are supported)
   * DNS mapping port to avoid conflicts with system programs
   * Fixed export to mysql on shutdown in case of Pcap file in community mode
   * Fixed failing SYN-scan detection
   * Fixed ZMQ decompression errors with large templates
   * Fixed possible XSS in login.lua referer param and `runtime.lua`
   * Update geolocation due to changes in the library usage policy
   * Fixes to support browsers dark mode
   * Option `--zmq-encryption-key <pub key>` can be used with `-I <endpoint>` to encrypt
     data hi hierarchical mode
   * Fixed nIndex missing data while performing some queries and throughput calculation
Wed Feb 26 12:08:49 UTC 2020 - Petr Cervinka <>

- Add README.SUSE to %doc and source section 
- Apply spec-cleaner

Wed Dec 25 21:08:42 UTC 2019 - Martin Hauke <>

- Update to version 3.8.1
  * Make the stable version compatible to build with nDPI 3.0
- Update bundled nDPI to version 3.0

Sat Feb  9 14:11:36 UTC 2019 -

- Update to version 3.8
  * Lots of new features, improvements and bufixes
    See /usr/share/doc/packages/ntopng/ for the full
- Specfile cleanup
  - Run spec-cleaner
  - Use pkg-config style dependencies
  - Add conditional build for nEdge (disabled by default)
  - Add conditional build for libndpi
    * ntopng currently only supports building against a static
      version of libndpi

Tue Jun  6 07:55:40 UTC 2017 -

- Spec file completely redesigned
- GeoIP data provided as a new subpackage
- Highlighted proper license for GeoIP data
- Init scripts migrated to systemd unit file
- Updated make compiler flags to build package on Tumbleweed
- Filter out rpmlint errors and warnings
- Added README.SUSE with steps how to configure redis 

Sun Dec 25 19:24:12 UTC 2016 -

- Update to ntopng 2.4

Thu Apr 17 07:03:58 UTC 2014 -

- Initial release
openSUSE Build Service is sponsored by