What uses storage space for pfsense?
-
@denitrosubmena I don't know that software.
From my investigations NtopNG is the cheapest tool that delivers "almost everything". But at scale even that becomes expensive (from a private consumer perspective).
-
@keyser said in What uses storage space for pfsense?:
I don't know that software.
you should check it out, may be a good find, or not
yeah will have a look at the ntopng more and try to understand what the nprobe and clickhouse setup thing is about and what i get more than the free ntopng i have on pfsense
-
@denitrosubmena Observium seems more like a combined monitoring system and logging destination than a network analytics system. I do my monitoring (including bandwidths on interfaces) in Zabbix.
nProbe is the datacapture part of NtopNG. So you can have a central NtopNG and have nProbes running in many places and send telemetry back to NtopNG.
nProbe can also collect Netflow from Netflow exporters (like pfFlow and SoftflowD) and enrich it before sending it to a NtopNG for display, analytics and if licensed - Rentention.
-
@keyser said in What uses storage space for pfsense?:
nProbe is the datacapture part of NtopNG. So you can have a central NtopNG and have nProbes running in many places and send telemetry back to NtopNG.
nProbe can also collect Netflow from Netflow exporters (like pfFlow and SoftflowD) and enrich it before sending it to a NtopNG for display, analytics and if licensed - Rentention.
i just need this for pfsense since it is gateway to and from internet for my setup
so the solution i need will be just for pfsense
so does that mean ntopng will have that all done and i dont need to worry about nprobe? in multiple places? -
@denitrosubmena said in What uses storage space for pfsense?:
@keyser said in What uses storage space for pfsense?:
nProbe is the datacapture part of NtopNG. So you can have a central NtopNG and have nProbes running in many places and send telemetry back to NtopNG.
nProbe can also collect Netflow from Netflow exporters (like pfFlow and SoftflowD) and enrich it before sending it to a NtopNG for display, analytics and if licensed - Rentention.
i just need this for pfsense since it is gateway to and from internet for my setup
so the solution i need will be just for pfsense
so does that mean ntopng will have that all done and i dont need to worry about nprobe? in multiple places?If all the traffic you worry about goes through this one pfSense, then yes, you just need a NtopNG recieving copies of all packets - either by running on pfsense itself, or on a switch mirrorport.
No need for nProbe - it is only needed if you had more WAN links in other locations to visualize in the same NtopNG - or if you want NtopNG to visualize Netflow data as it cannot ingest netflow directly (needs to be converted and enriched by nProbe).
The reason I keep saying bandwidth might need another tool is:
NtopNG creates a full bandwitdh history for all involved and active elements (hosts, interfaces and such). So for as long as your retention is setup, you can see bandwitdth statistics for your interface, and for all active hosts. The problem is that once a host goes inactive, NtopNG removes the client from memory (all its data is still on disk) and you can no longer recall any statistics on that specific host.
To see its historical data (have NtopNG read it from disk) the host needs to be connected to the networks again and become active.
So NtopNG has the data you are asking for (historical bandwidth details), but you cannot see it unless the client is active. It makes no sense - i Know, but thats how it is. -
so what happens lets say i have 4 instances of pfsense in 4 different locations, is it better to setup ntopng for each one or have one ntopng to monitor all 4?
all pfsense will have 1 x WAN and 1 x LAN interfaces
as you recommended monitor only the LAN interface so totla 4 LAN interfaces to monitoreven if i want to pay for ntopng will the ntopng pro provide what i need to retain data on my own server for as long as i want?
i do have grafana prometheus/victoriametrics and loki/victorilogs so whatever i can ship to that am ok with
i prefer not have another logging with graylog
am sure there will be community dashboards support for network monitoring if i search -
@denitrosubmena said in What uses storage space for pfsense?:
so what happens lets say i have 4 instances of pfsense in 4 different locations, is it better to setup ntopng for each one or have one ntopng to monitor all 4?
In the free NtopNG version there is only a local install on each pfsense as an option.
If you start licencing NtopNG - which is also needed to store session history, It's a matter of preference. If you want you can have one central NtopNG instance showing the interface of all 4 LAN links on the different boxes. This will either require a manual install of nProbe on each pfSense (not recommended), or a mirrorport on each location to nProbe machines there.
Alternatively you can install a full NtopNG on each location using a mirrorport.
even if i want to pay for ntopng will the ntopng pro provide what i need to retain data on my own server for as long as i want?
NtopNG Pro does offer logging of flows. But it is rather feature limited in some scenarios. That is why I prefered an enterprise edition.
https://www.ntop.org/products/traffic-analysis/ntop/i do have grafana prometheus/victoriametrics and loki/victorilogs so whatever i can ship to that am ok with
The built in pfFlow netflow exporter or SoftflowD can export to all capable Netflow recievers.
i prefer not have another logging with graylog
am sure there will be community dashboards support for network monitoring if i searchLike I said, I use Zabbix for that. an EXCELLENT free monitoring system that really can do everything.
-
@keyser said in What uses storage space for pfsense?:
Like I said, I use Zabbix for that. an EXCELLENT free monitoring system that really can do everything.
i actually have zabbix still running i was using to monitor mikrotik router before i moved to fortigate
i dont like zabbix dashboard, except if they updated their dashboard UI to something modern, that thing is like 1990s widgets. i mean it is not the worst looking but they need to make it more modern like ntopng and other monitoring tool
so honestly i will pass on zabbix, and just look for one tool that will provide whatever zabbix will and other features am after for a few, wont mind paying. afterall forticloud is not free and one also need to have support for the fortigate so fortigate is out of question
so gotta make this pfsense thing work with ntopng.
ntopng enterprise M license is 499.95 euro per year, that is crazy for someone just trying to setup for personal to semi small app operationbut i get the pricing strategy because most people will use free and they want to charge people that some how need more than free to help pay for the free users :(
-
@denitrosubmena Yeah, with your interface speeds its going to be expensive. For me the Embedded NtopNG Enterprise M for 149€ is enough as a Raspberry Pi 5 i just fine for my 1 Gbit needs.
-
@denitrosubmena Also - doing packet capture and analytics at 40 and 100Gbe speeds (like your interfaces), is going to require some potent hardware.
Not to mention you will have to license pfring ZC also. Otherwise there is no chance of NtopNG keeping up with those traffic speeds -
@keyser said in What uses storage space for pfsense?:
@denitrosubmena Also - doing packet capture and analytics at 40 and 100Gbe speeds (like your interfaces), is going to require some potent hardware.
Not to mention you will have to license pfring ZC also. Otherwise there is no chance of NtopNG keeping up with those traffic speedsyeah am not going to be pushing anything close to 10Gbps talk less 100Gbps
everyone, including just loves the idea of having 100G just for the hell of it :)
pushing 10G will be all i need for a while
nothing will be connected to the 100G just yet, probably wont even add the card to the pfsense yet. WAN and LAN will be at 10G
-
Logs. If you use a proxy package cache items also. Also boot environments if you have multiple of them each is a huge file.
-
@JonathanLee said in What uses storage space for pfsense?:
boot environments
what are those?
@JonathanLee said in What uses storage space for pfsense?:
Logs. If you use a proxy package cache items also
nopes, will not be using any proxy cache on pfsense
this will be in datacenter not homelab
firewall and router for servers -
@denitrosubmena if you’re rocking official Netgate gear you get multiple boot options for testing environments
-
there is one thing i am looking for and wanted to ask if you have some ideas
what i really want to have access to is the historical bandwidth usage but i want the graph that will show the proper real values and not log values
i know this is not just about bandwidth but with any graphs or utilization graphs
you usually have to zoom in to specific periods to see the closer to real values. For example a monthly usage view can have peak bandwidth at 10Mbps and then you zoom in and then you see peak is like 500Mbps during a short burst
is there a graphing tool that can either do this or both
#1. at least show me the real max and min values in the reporting data below the graphs even if not shown in the graph.
#2. show the real max and min values i dont care how ugly looking or jagged up the graph looks, i want that graphso if i cant get both then at least #1
this is to anyone else also, how can one view graphs without being converted to log format that hides real values. the graph then becomes almost useless as one always have to zoom in to have any say in validity
-
@denitrosubmena The problem is that most/any graphing tools that collects the data themselves does this smoothing of data (conversion of logvalues to graphing values) to save storage space.
Imagine this:You need to collect the bandwidthvalues every second - or faster - to actually get the peaks high/low values and so on. But that will take up a sizable chunk of storage to save every values years back in time. So all tools by default smooth that data into longer dataintervals over time - to save storage space.
To get what you want you will need either a montitoring tool that can you what you want - fx. Zabbix like i Suggested, og you need two tools. One that collects the data and saves ALL the second interval - fx. A SNMP monitoring tool with configurable storage policies.
Secondly you will need a visualization tool (fx. grafana) where you ask it to graph to values - but also makes fields with the higest and lowest values recorded.But I suggested Zabbix earlier on because it can do exactly what you are asking.
-
@keyser said in What uses storage space for pfsense?:
But I suggested Zabbix earlier on because it can do exactly what you are asking.
that is enough reason to get back to zabbix again then
you prefer zabbix to nagios?so will setup new zabbix instance and test out what i want and see how far i get
one other question, can one use ntop-ng with any firewall? like fortigate for example?
-
@denitrosubmena said in What uses storage space for pfsense?:
that is enough reason to get back to zabbix again then
you prefer zabbix to nagios?I prefer Zabbix, but for no other reason that it is the product I learned first/most about.
so will setup new zabbix instance and test out what i want and see how far i get
one other question, can one use ntop-ng with any firewall? like fortigate for example?
NtopNG is a standalone product when installed on another machine monitoring a Mirrorport in your switch. You can use it with whatever firewall product you like when setup like that.
In terms of installing it on the Firewall itself, it is not really recommended and it is only possible on pfSense/opnSense and any “selfmade” linux firewall you might setup.
