Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ping monitoring

    Scheduled Pinned Locked Moved
    pfSense Packages
    5
    17
    477
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bigjohns97 @keyser
      last edited by

      @keyser I appreciate the heads up but I was already running ntopng for traffic DPI grafana dashboard shown below

      https://github.com/lephisto/pfsense-analytics

      e6eeac51-f782-482b-8ad5-177e85e083d3-image.png

      I have also turned off all of the local stuff possible while just leaving the timeseries required for the DPI stuff above that is hosted on another system on the LAN.

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @bigjohns97
        last edited by

        @bigjohns97 what version of pfsense do you have this running on. The comments on the GIT page have some not able to get it working on 2.6.
        There are other issues with the docker stack as well. Just worried you may be running out of date and insecure software to get this data.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        B 1 Reply Last reply Reply Quote 0
        • B
          bigjohns97 @michmoor
          last edited by

          @michmoor 24.03 the latest release

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @bigjohns97
            last edited by

            @bigjohns97 if you got it working it would help others if you posted how on git. There seems to be a fair amount of people struggling—just a suggestion.

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            B 1 Reply Last reply Reply Quote 0
            • B
              bigjohns97 @michmoor
              last edited by

              @michmoor I would be happy to, share what you found and I will help best I can.

              I found this solution on git under the ntopng project

              https://github.com/ntop/ntopng/issues/8174

              1 Reply Last reply Reply Quote 0
              • dennypageD
                dennypage @bigjohns97
                last edited by dennypage

                @bigjohns97 said in Ping monitoring:

                I was able to find this solution on my own using ntopng.

                Enabling alerts and then using the active monitoring section to setup a continuous ping measurement to my local host worked flawlessly.

                FWIW, I strongly recommend reading through the code before considering use of ntopng active monitoring, most especially on a firewall. It does things you might not expect or want, such as ssh probes.

                B 1 Reply Last reply Reply Quote 0
                • B
                  bigjohns97 @dennypage
                  last edited by

                  @dennypage Are you talking about the built in behavioral checks, because I disable all of those.

                  a82a0f34-10eb-41fb-8cc3-458a6744327f-image.png

                  dennypageD 1 Reply Last reply Reply Quote 0
                  • dennypageD
                    dennypage @bigjohns97
                    last edited by

                    @bigjohns97 said in Ping monitoring:

                    @dennypage Are you talking about the built in behavioral checks, because I disable all of those.

                    The ssh probes are from the os fingerprinting system and cannot be separately disabled.

                    Enabling active mode gives ntopng license to do things that have no business being on a firewall. I actually would have disabled it in the package if there were a command line option to do so.

                    B 1 Reply Last reply Reply Quote 0
                    • B
                      bigjohns97 @dennypage
                      last edited by

                      @dennypage Help me understand what the risks are here, to me this is nothing more than what an nmap scan would do.

                      dennypageD 1 Reply Last reply Reply Quote 0
                      • dennypageD
                        dennypage @bigjohns97
                        last edited by

                        @bigjohns97 said in Ping monitoring:

                        Help me understand what the risks are here, to me this is nothing more than what an nmap scan would do.

                        Ntopng is an autonomous agent, whereas nmap is not. Consider that. You should look at the ntopng code and decide for your self. The best I can tell you is that I have, and I recommend against enabling it.

                        FWIW, you may have different views on network security that I do.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post