If it spiked to 12MB, compression would NOT at play…intuitively, you should have grasped that it seems!

If I had to guess, it's because the FreeBSD port of ntopng is likely the open source/community version, which probably doesn't have a way to support a commercial license. You'd need to get the ntop folks to create a pfSense package for their commercial version that could be installed in order to use a paid license.

Of course, they'd say "Why are you running this on a router/firewall?", and they'd probably try to direct you to their ARM versions, even though pfSense runs on Intel/AMD CPUs (with the exception of the newer Netgate produced devices; SG-1000 and SG-3100 are both ARM devices).

Bah, never mind. Covered here, item 1:

https://forum.pfsense.org/index.php?topic=114753.0

There are definitely issues with the Status_Traffic_Totals package… mine's showing two "11/2017" months, and data for March 2018 is being shown as February as a result.

trafftot-monthly.png
trafftot-monthly.png_thumb

Bom dia.
Realmente o pacote NtopNG do Pfsense muito instável e ainda sobrecarrega o servidor, no entanto estou querendo roda um servidor externo com o NtopNG com linux ou windows exportando os dados para ele. Queria saber de tem alguém fazendo assim???
Já estou exportando os relatórios do firewall para o PRTG está funcionando perfeito, assim consigo consultar os dados com 6 meses.

Good Morning.
Actually Pfsense's very unstable NtopNG package and still overloaded with the server, no need to run an external server with NtopNG with Linux or Windows exporting the data to it. Wanted to know someone is doing so ???
You are exporting the firewalls so the PRTG is working perfectly, as well as to query the data with 6 months.

Thanks for the reply. I temporarily swapped my old i3 setup into the main router role, so the next time I put the 3100 back in service I will do that and post my results.

I wanted to check out the config file too… Didn't find ntopng.conf.
The package uses a different method to configure that service in pfSense.

Here is what I found:
there is 2 files related to ntopng in
/usr/local/pkg/ntopng.inc
/usr/local/pkg/ntopng.xml

This file :/usr/local/pkg/ntopng.inc seems to have all the logic for configurations included.
and seems to start ntopng on the fly with config parameters based on the the xml config file / web page

It starts something like this
(after looking at ps -A)
/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e -w 0 -W 3000 -i em1 --dns-mode 0 --local-networks 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8

Perhaps that info helps you further...

Hey man! Follow the steps below, the language is portuguese I guess you will understand.

https://github.com/lndgoncalves/zabbix-pfsense-gateway

In additional I recommend you remove from the log the commands that will executed by script. Try do this in sudoers file.

Best regards.

your using .local as your AD domain.. Yeah that is bad idea..

Sure looks like it asked 8.8.8.8 as well.. That would be broken..

How and the hell is your enternal servers taking 30ms to respond?  While 8.8.8.8 is only 15 ;)

Is putting VLAN monitoring back in on the roadmap? Additionally, any recommendations for alternative packages that also allow VLAN traffic monitoring?

I have installed ntopNG for the time being but it's too complicated for what I require.

I decided to head the ntopng route.  OK, not quite what I was looking for but it's fancy and fast for my purposes as I found a solution and wanted to pass it along:

In ntopng, there is per host alerting.  While it's not an email or sms, it does SLACK!!  Woot.  I just integrated a new workspace with my existing workspace in Slack and followed the instructions here:

https://github.com/ntop/ntopng/blob/dev/doc/README.slack

I set two threshold items - the Activity Time and Traffic, Layer 2 with the levels low to see what a baseline looked like.  Sure enough, it is quite gated unless it gets stupid.

Hope this can help anyone else looking for this solution.  The only way it could be better is to split send/rec in Traffic, but it works for now!

I see cores in the logs.

yes turning off network discover on pppoe connection fixed issue

Once everything gets built, yes, it will be updated in snapshots (2.4.3 and 2.3.6 dev snapshots). Probably won't be merged back into 2.4.2/2.3.5 automatically.