Broken traffic graphs?
-
Hi All,
I searched other posts similar to this topic but did not see one that matched what I am experiencing. So.. I am on the latest CE build 2.5.2. My traffic graphs on the right side show traffic activity (ip addresses and bandwidth use) but the graph itself on the WAN interface is flat. The other interfaces are properly displaying. WAN interface is igb0 and is a dual port Intel NIC. Pfsense sees the NIC as igb0: <Intel(R) PRO/1000 PCI-Express Network Driver> mem 0xdf200000-0xdf2fffff,0xdf304000-0xdf307fff irq 22 at device 0.0 on pci4. This is a fresh build. I added this NIC and had to do a fresh build as backup files do not work well with hardware changes. The only thing I pulled from my backup were my firewall aliases. Nothing else. Thoughts as to why this could be happening or where to look?
Thanks.
-
@aclouden Are you using Snort or Suricata in inline mode? If so that's a limitation of inline mode.
-
@steveits
Yes I am. Is this a recent development? I have been running snort for a while in inline mode and not noticed this. Putting snort back in it's legacy mode corrects this? -
@steveits
I put snort into legacy mode and the wan traffic graphs work as expected. Thanks for the tip!Chris
-
@aclouden Thereās a longer explanation the package maintainer posts from time to time; check the IDS sub forum. Has to do with low level drivers and netmap changed in recent FreeBSD versions that I canāt recite from memory. :)
-
@aclouden said in Broken traffic graphs?:
@steveits
I put snort into legacy mode and the wan traffic graphs work as expected. Thanks for the tip!Chris
The problem with the traffic graph and Inline IPS mode operation is due to a bug in the netmap kernel device. That kernel device is needed for Inline IPS Mode to work. That bug was recently fixed with an update to FreeBSD. That update was merged into FreeBSD back mid-August if I recall correctly. So at some point in the future it will make it into pfSense when they pull an operating system update from upstream.