Traffic Monitoring

• D

  Monthly traffic reports?
  • dzog  

  13
  0
  Votes
  13
  Posts
  2240
  Views

  V

  There are definitely issues with the Status_Traffic_Totals package… mine's showing two "11/2017" months, and data for March 2018 is being shown as February as a result.
• M

  NTOPNG pfSense package: send data to external log server
  • mleone87  

  4
  0
  Votes
  4
  Posts
  1422
  Views

  D

  Bom dia. Realmente o pacote NtopNG do Pfsense muito instável e ainda sobrecarrega o servidor, no entanto estou querendo roda um servidor externo com o NtopNG com linux ou windows exportando os dados para ele. Queria saber de tem alguém fazendo assim??? Já estou exportando os relatórios do firewall para o PRTG está funcionando perfeito, assim consigo consultar os dados com 6 meses. Good Morning. Actually Pfsense's very unstable NtopNG package and still overloaded with the server, no need to run an external server with NtopNG with Linux or Windows exporting the data to it. Wanted to know someone is doing so ??? You are exporting the firewalls so the PRTG is working perfectly, as well as to query the data with 6 months.
• M

  NTOPNG install at pfsense in port 65443
  • major697  

  1
  0
  Votes
  1
  Posts
  326
  Views

  No one has replied

• K

  Ntopng and SG-3100 - performance hit
  • kegobeer  

  3
  0
  Votes
  3
  Posts
  698
  Views

  K

  Thanks for the reply. I temporarily swapped my old i3 setup into the main router role, so the next time I put the 3100 back in service I will do that and post my results.
• J

  Package that contain Top website usage per IP
  • jrabams  

  1
  0
  Votes
  1
  Posts
  406
  Views

  No one has replied

• 

  Ntopng Configuration / Config File
  • arrmo  

  2
  0
  Votes
  2
  Posts
  1951
  Views

  M

  I wanted to check out the config file too… Didn't find ntopng.conf. The package uses a different method to configure that service in pfSense. Here is what I found: there is 2 files related to ntopng in /usr/local/pkg/ntopng.inc /usr/local/pkg/ntopng.xml This file :/usr/local/pkg/ntopng.inc seems to have all the logic for configurations included. and seems to start ntopng on the fly with config parameters based on the the xml config file / web page It starts something like this (after looking at ps -A) /usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e -w 0 -W 3000 -i em1 --dns-mode 0 --local-networks 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 Perhaps that info helps you further...
• R

  Snort home_net list seems to have no effect
  • romainp  

  1
  0
  Votes
  1
  Posts
  300
  Views

  No one has replied

• P

  Zabbix / Monitoring Gateway Status
  • paul_endeavour  

  2
  1
  Votes
  2
  Posts
  1552
  Views

  J

  Hey man! Follow the steps below, the language is portuguese I guess you will understand. https://github.com/lndgoncalves/zabbix-pfsense-gateway In additional I recommend you remove from the log the commands that will executed by script. Try do this in sudoers file. Best regards.
• S

  Darkstat not resolving internal hosts
  • stevetingate  

  4
  0
  Votes
  4
  Posts
  615
  Views

  

  your using .local as your AD domain.. Yeah that is bad idea.. Sure looks like it asked 8.8.8.8 as well.. That would be broken.. How and the hell is your enternal servers taking 30ms to respond?  While 8.8.8.8 is only 15 ;)
• W

  Where does ntopng get hostnames from?
  • wkearney99  

  1
  1
  Votes
  1
  Posts
  1034
  Views

  No one has replied

• 

  BandwidthD is coming back soon!
  • jimp  

  28
  0
  Votes
  28
  Posts
  5077
  Views

  B

  Is putting VLAN monitoring back in on the roadmap? Additionally, any recommendations for alternative packages that also allow VLAN traffic monitoring? I have installed ntopNG for the time being but it's too complicated for what I require.
• S

  How to Alert on Single IP uploading too much?
  • SkinnerVic  

  2
  0
  Votes
  2
  Posts
  455
  Views

  S

  I decided to head the ntopng route.  OK, not quite what I was looking for but it's fancy and fast for my purposes as I found a solution and wanted to pass it along: In ntopng, there is per host alerting.  While it's not an email or sms, it does SLACK!!  Woot.  I just integrated a new workspace with my existing workspace in Slack and followed the instructions here: https://github.com/ntop/ntopng/blob/dev/doc/README.slack I set two threshold items - the Activity Time and Traffic, Layer 2 with the levels low to see what a baseline looked like.  Sure enough, it is quite gated unless it gets stupid. Hope this can help anyone else looking for this solution.  The only way it could be better is to split send/rec in Traffic, but it works for now!
• S

  Ntopng stopped working after 2.4.2-RELEASE upgrade - libmysqlclient.so.18
  • sean.allen  

  2
  0
  Votes
  2
  Posts
  1006
  Views

  

  I see cores in the logs.
• G

  Ntopng v.3.2.180110 problem with network discovery
  • grandrivers  

  3
  0
  Votes
  3
  Posts
  634
  Views

  G

  yes turning off network discover on pppoe connection fixed issue
• G

  Ntopng v.3.2.180110 do not use disable all alerts in setting
  • grandrivers  

  1
  0
  Votes
  1
  Posts
  971
  Views

  No one has replied

• J

  Ntopng emitter
  • jason0  

  5
  0
  Votes
  5
  Posts
  652
  Views

  

  Once everything gets built, yes, it will be updated in snapshots (2.4.3 and 2.3.6 dev snapshots). Probably won't be merged back into 2.4.2/2.3.5 automatically.
• P

  High Traffic on Layer 2 Interface without IP - ntopng
  • pfnewb2016  

  1
  0
  Votes
  1
  Posts
  328
  Views

  No one has replied

• A

  Traffic monitor similar to Tomato
  • areynot  

  2
  0
  Votes
  2
  Posts
  488
  Views

  D

  I'm not familiar with Tomato, but I use pftop to monitor active connections with (I believe) all the data you're requesting.  I typically use it from a SSH connection, but I think it's available under the Status or Diaganostics menu as well. Here's some other options from the pfSense documentation: https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage
• X

  Tuning Guide for collection traffic statistics using ipcad and lightsquid
  • xpaco  

  5
  0
  Votes
  5
  Posts
  4342
  Views

  P

  This is great!!! If I have more interfaces to monitor I just have to duplicate the interface line changing the actual interface and ip address? Is this OK for adding 3 VLANS ? interface vtnet0 filter "ip and dst net 192.168.2.0/24 and not src net 10.0.0.0/ 8 and not 172.16.0.0/12 and not 192.168.0.0/16"; interface vtnet0.3 filter "ip and dst net 192.168.3.0/24 and not src net 10.0.0. 0/8 and not 172.16.0.0/12 and not 192.168.0.0/16"; interface vtnet3.4 filter "ip and dst net 192.168.4.0/24 and not src net 10.0.0. 0/8 and not 172.16.0.0/12 and not 192.168.0.0/16"; interface vtnet3.5 filter "ip and dst net 192.168.5.0/24 and not src net 10.0.0. 0/8 and not 172.16.0.0/12 and not 192.168.0.0/16";
• 

  MOVED: Anyone have a guide for FRR and OSPF?
  • jimp  

  1
  0
  Votes
  1
  Posts
  467
  Views

  No one has replied

• Z

  Ntopng stopping
  • zMaliz  

  6
  0
  Votes
  6
  Posts
  1889
  Views

  R

  I no longer see the service crashing at least for now. I have disabled all data retention and also the following alert: Enable Hosts Malware Blacklists Enable alerts generated by traffic sent/received by malware-marked hosts. Overnight new blacklist rules are refreshed. I'm letting it run for few more days and then I will enable data retention one at a time and make sure it doesn't crash… I'm under the impression the crash was caused by Enable Hosts Malware Blacklists.
• T

  Find out how much bandwidth a device uses in a day
  • TomT  

  4
  0
  Votes
  4
  Posts
  700
  Views

  P

  Interesting. There really shouldn't be too much to it.  I've run it on old 2.x setups and recently set it up again on 2.4.1 Here are my settings: Enable BandwidthD should be selected BandwidthD Interface: LAN Subnets for Statistics Collection:  Select ALL interfaces (hold down CTRL and click) except your CARP/SYNC interface Extra Subnets for Statistics Collection:  (Enter other subnets as needed) I have one other. Promiscuous Mode:  Unchecked SensorID:  <make up="" a="" name="" of="" your="" choosing="">Draw Graphs:  Checked Meta REfresh: <default>Skip Intervals <default>Graph Cutoff: <default>Output to CDF: Unchecked Recover CDF:  Unchecked Graph and Log Info:  <informational>PostgreSQL Options (All Blank and Unchecked).</informational></default></default></default></make>
• B

  BandwidthD how to force NO ICMP?
  • belt9  

  2
  0
  Votes
  2
  Posts
  503
  Views

  P

  Are you sure those aren't the "Day" markers on the graph, and not ICMP traffic?
• T

  Ntopng not working behind HAProxy with SSL Offload
  • topkool  

  2
  0
  Votes
  2
  Posts
  837
  Views

  P

  I've been trying to get this running for 2 days now on 2.4.1 without HAProxy.  It seems like it's the only way to get it working though huh. everything is over HTTPS.  I tried setting up DNS for it etc.  Nothing seems to want to work. I get these errors. Chrome: This site can’t provide a secure connection <firewall>uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite. Firefox: Secure Connection Failed An error occurred during a connection to https://<firewall>:3000. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. IE This page can’t be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://<firewall>:3000 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator. btw when you said you commented out the "-w 0 -W 3000" you meant in the shell script right - not in PHP?</firewall></firewall></firewall>
• G

  Traffic Totals not working any more after update pkg pfsense 2.4
  • gmar15  

  3
  0
  Votes
  3
  Posts
  869
  Views

  E

  I'm having the same problem. Anyone figure this out? Thanks!
• J

  Bandwidthd kills my throughput
  • jlwright77  

  5
  0
  Votes
  5
  Posts
  764
  Views

  J

  During a "successful" Speedtest, I get the following output: last pid: 46610;  load averages:  0.41,  0.25,  0.16  up 3+02:46:41    15:48:56 202 processes: 8 running, 152 sleeping, 42 waiting Mem: 43M Active, 262M Inact, 391M Wired, 178M Buf, 7192M Free Swap: 8192M Total, 8192M Free PID USERNAME      PRI NICE  SIZE    RES STATE  C  TIME    WCPU COMMAND   11 root          155 ki31    0K    64K RUN    3  73.8H  88.77% [idle{idle: cpu3}]   11 root          155 ki31    0K    64K RUN    0  73.9H  80.08% [idle{idle: cpu0}]   11 root          155 ki31    0K    64K RUN    1  73.9H  79.59% [idle{idle: cpu1}]   11 root          155 ki31    0K    64K RUN    2  73.8H  58.69% [idle{idle: cpu2}]     0 root          -92    -    0K  560K CPU2    2  3:41  38.28% [kernel{igb1 que (qid 3)}]   12 root          -92    -    0K  704K WAIT    0  14:30  18.99% [intr{irq256: igb0:que 0}]   12 root          -92    -    0K  704K CPU1    1  14:27  15.48% [intr{irq257: igb0:que 1}]   12 root          -92    -    0K  704K WAIT    3  15:08  7.18% [intr{irq260: igb1:que 1}]   12 root          -92    -    0K  704K RUN    2  17:17  4.05% [intr{irq259: igb1:que 0}] 31309 nobody        23    0 14920K  5084K select  3  3:01  3.08% /usr/local/sbin/darkstat -i igb0 -b 192.168.0.1 -p 666 84405 root          21    0  263M 38676K piperd  0  0:01  0.59% php-fpm: pool nginx (php-fpm)     0 root          -92    -    0K  560K -      1  0:02  0.20% [kernel{igb0 que (qid 0)}]     0 root          -92    -    0K  560K -      3  2:43  0.10% [kernel{igb1 que (qid 2)}] 5207 squid          20    0  281M  132M kqread  3  38:15  0.00% (squid-1) -f /usr/local/etc/squid/squid.conf (squid) 27498 root          20    0 12696K  2356K bpf    3  2:54  0.00% /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid   17 root          -16    -    0K    16K -      0  2:14  0.00% [rand_harvestq]   12 root          -60    -    0K  704K WAIT    0  1:57  0.00% [intr{swi4: clock (0)}] 2954 root          20    0 10484K  2540K select  0  1:46  0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf During an unsuccessful Speedtest with bandwidthd enabled, I get: top: warning: process display count should be non-negative – using default .... last pid: 17290;  load averages:  0.97,  0.48,  0.26  up 3+02:48:48    15:51:03 75 processes:  1 running, 74 sleeping Mem: 47M Active, 260M Inact, 396M Wired, 178M Buf, 7184M Free Swap: 8192M Total, 8192M Free
• 

  Can someone please explain these figures to me
  • gregeeh  

  3
  0
  Votes
  3
  Posts
  501
  Views

  

  @virgiliomi: A variety of things could explain different numbers. DNS lookups from cache would show traffic on LAN but not WAN or OPT1.  Any other caching you might be doing (like using Squid as a cache) can also have such an effect. Data compression on the OpenVPN connection could also cause differences. Depending on the media of your ISP, you could be receiving a variety of broadcast traffic on WAN. There are likely external connection attempts that are being blocked by the firewall on WAN too… those still get counted as traffic on the interface. The numbers aren't different enough that I would think there are problems. If one interface were double the amount of the other two, then I might find reason for concern... but a difference of a couple of megabytes in an hour isn't a big deal IMHO. Thank you.  Much appreciated.
• A

  How to monitor users
  • abdallhsamy  

  3
  0
  Votes
  3
  Posts
  973
  Views

  

  I use Squid as a transparent proxy and LightSquid for reporting web traffic. For other forms of traffic you can use ntopng though it's not intuitive. And both of these solutions are not per-user but rather per-device. If you need per-user monitoring you'll need to look at something installed on the client workstation.
• E

  Ntopng v3.0.0 released
  • epionier  

  13
  0
  Votes
  13
  Posts
  4871
  Views

  

  It's available in 2.4.0 and on 2.3.5 snapshots.
• G

  Dpinger used to monitor vpn gateway connections - blocked
  • gwaitsi  

  4
  0
  Votes
  4
  Posts
  612
  Views

  

  Thanks for the info I corrected my post…
• K

  Softflowd issue
  • ka3ax  

  4
  0
  Votes
  4
  Posts
  1025
  Views

  K

  Hi luckman212. FlowTraq Exporter works fine for me. I still have no way to run it on pfSenese. So I still run it on dedicated Windows box. The results are quite accurate, 2-3% difference with controlled measurements.
• K

  Strange behavior from Traffic totals and RRD Summary
  • kitdavis  

  1
  0
  Votes
  1
  Posts
  466
  Views

  No one has replied

• C

  Ntopng historical data fills harddrive
  • c0mputerking  

  7
  0
  Votes
  7
  Posts
  3600
  Views

  D

  You are using outdated package version. https://redmine.pfsense.org/issues/7649
• F

  Ntopng - cannot log in
  • Fabzster  

  12
  1
  Votes
  12
  Posts
  9872
  Views

  

  Old thread. Locking.
• R

  Disk space full: How to uninstall and clean packages that use too much space?
  • riahc3  

  1
  0
  Votes
  1
  Posts
  380
  Views

  No one has replied

• T

  Ntop - Flow Floods
  • TomT  

  2
  0
  Votes
  2
  Posts
  1152
  Views

  S

  Seeing the same error. The IP is behind the firewall so this could only be happening from an internal IP, maybe the bridge? Any possibility to see what source IP triggered this?
• ?

  Bandwidthd date on daily report incorrect.
  • A Former User  

  1
  0
  Votes
  1
  Posts
  564
  Views

  No one has replied

• F

  BandwidthD not starting
  • felda  

  1
  0
  Votes
  1
  Posts
  611
  Views

  No one has replied

• T

  Ntopng - unable to access..
  • TomT  

  8
  0
  Votes
  8
  Posts
  2413
  Views

  

  That's very off-topic for this thread / board, you should post a new thread on the OpenVPN board here asking for help: https://forum.pfsense.org/index.php?board=39.0 Though if you search, there are many how-to documents out there, including those on the doc wiki.
• W

  What Interface outgoing?
  • wf-me  

  1
  0
  Votes
  1
  Posts
  418
  Views

  No one has replied