Ping monitoring
-
@bigjohns97 Be aware that NtopNG does use a fair bit of ressources and does a substantial amount of diskwrites/sec in the default setup because it will start monitoring all traffic on a interface. If you only use it for ping monitoring you should probably disable the monitoring of interface traffic - to prevent it wearing your SSD/eMMC out and to conserve CPU ressources.
-
@keyser I appreciate the heads up but I was already running ntopng for traffic DPI grafana dashboard shown below
https://github.com/lephisto/pfsense-analytics
I have also turned off all of the local stuff possible while just leaving the timeseries required for the DPI stuff above that is hosted on another system on the LAN.
-
@bigjohns97 what version of pfsense do you have this running on. The comments on the GIT page have some not able to get it working on 2.6.
There are other issues with the docker stack as well. Just worried you may be running out of date and insecure software to get this data. -
@michmoor 24.03 the latest release
-
@bigjohns97 if you got it working it would help others if you posted how on git. There seems to be a fair amount of people struggling—just a suggestion.
-
@michmoor I would be happy to, share what you found and I will help best I can.
I found this solution on git under the ntopng project
https://github.com/ntop/ntopng/issues/8174
-
@bigjohns97 said in Ping monitoring:
I was able to find this solution on my own using ntopng.
Enabling alerts and then using the active monitoring section to setup a continuous ping measurement to my local host worked flawlessly.
FWIW, I strongly recommend reading through the code before considering use of ntopng active monitoring, most especially on a firewall. It does things you might not expect or want, such as ssh probes.
-
@dennypage Are you talking about the built in behavioral checks, because I disable all of those.
-
@bigjohns97 said in Ping monitoring:
@dennypage Are you talking about the built in behavioral checks, because I disable all of those.
The ssh probes are from the os fingerprinting system and cannot be separately disabled.
Enabling active mode gives ntopng license to do things that have no business being on a firewall. I actually would have disabled it in the package if there were a command line option to do so.
-
@dennypage Help me understand what the risks are here, to me this is nothing more than what an nmap scan would do.
-
@bigjohns97 said in Ping monitoring:
Help me understand what the risks are here, to me this is nothing more than what an nmap scan would do.
Ntopng is an autonomous agent, whereas nmap is not. Consider that. You should look at the ntopng code and decide for your self. The best I can tell you is that I have, and I recommend against enabling it.
FWIW, you may have different views on network security that I do.
