Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ping monitoring

    Scheduled Pinned Locked Moved pfSense Packages
    17 Posts 5 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • keyserK
      keyser Rebel Alliance @bigjohns97
      last edited by

      @bigjohns97 Be aware that NtopNG does use a fair bit of ressources and does a substantial amount of diskwrites/sec in the default setup because it will start monitoring all traffic on a interface. If you only use it for ping monitoring you should probably disable the monitoring of interface traffic - to prevent it wearing your SSD/eMMC out and to conserve CPU ressources.

      Love the no fuss of using the official appliances :-)

      B 1 Reply Last reply Reply Quote 2
      • B
        bigjohns97 @keyser
        last edited by

        @keyser I appreciate the heads up but I was already running ntopng for traffic DPI grafana dashboard shown below

        https://github.com/lephisto/pfsense-analytics

        e6eeac51-f782-482b-8ad5-177e85e083d3-image.png

        I have also turned off all of the local stuff possible while just leaving the timeseries required for the DPI stuff above that is hosted on another system on the LAN.

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @bigjohns97
          last edited by

          @bigjohns97 what version of pfsense do you have this running on. The comments on the GIT page have some not able to get it working on 2.6.
          There are other issues with the docker stack as well. Just worried you may be running out of date and insecure software to get this data.

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          B 1 Reply Last reply Reply Quote 0
          • B
            bigjohns97 @michmoor
            last edited by

            @michmoor 24.03 the latest release

            M 1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @bigjohns97
              last edited by

              @bigjohns97 if you got it working it would help others if you posted how on git. There seems to be a fair amount of people struggling—just a suggestion.

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              B 1 Reply Last reply Reply Quote 0
              • B
                bigjohns97 @michmoor
                last edited by

                @michmoor I would be happy to, share what you found and I will help best I can.

                I found this solution on git under the ntopng project

                https://github.com/ntop/ntopng/issues/8174

                1 Reply Last reply Reply Quote 0
                • dennypageD
                  dennypage @bigjohns97
                  last edited by dennypage

                  @bigjohns97 said in Ping monitoring:

                  I was able to find this solution on my own using ntopng.

                  Enabling alerts and then using the active monitoring section to setup a continuous ping measurement to my local host worked flawlessly.

                  FWIW, I strongly recommend reading through the code before considering use of ntopng active monitoring, most especially on a firewall. It does things you might not expect or want, such as ssh probes.

                  B 1 Reply Last reply Reply Quote 0
                  • B
                    bigjohns97 @dennypage
                    last edited by

                    @dennypage Are you talking about the built in behavioral checks, because I disable all of those.

                    a82a0f34-10eb-41fb-8cc3-458a6744327f-image.png

                    dennypageD 1 Reply Last reply Reply Quote 0
                    • dennypageD
                      dennypage @bigjohns97
                      last edited by

                      @bigjohns97 said in Ping monitoring:

                      @dennypage Are you talking about the built in behavioral checks, because I disable all of those.

                      The ssh probes are from the os fingerprinting system and cannot be separately disabled.

                      Enabling active mode gives ntopng license to do things that have no business being on a firewall. I actually would have disabled it in the package if there were a command line option to do so.

                      B 1 Reply Last reply Reply Quote 0
                      • B
                        bigjohns97 @dennypage
                        last edited by

                        @dennypage Help me understand what the risks are here, to me this is nothing more than what an nmap scan would do.

                        dennypageD 1 Reply Last reply Reply Quote 0
                        • dennypageD
                          dennypage @bigjohns97
                          last edited by

                          @bigjohns97 said in Ping monitoring:

                          Help me understand what the risks are here, to me this is nothing more than what an nmap scan would do.

                          Ntopng is an autonomous agent, whereas nmap is not. Consider that. You should look at the ntopng code and decide for your self. The best I can tell you is that I have, and I recommend against enabling it.

                          FWIW, you may have different views on network security that I do.

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.