Network monitoring with pfSense 2.1/BSD8.3
-
There are a variety of packages ntop, darkstat, bandwidthd that seem to have at the very least overlapping functionality. I'm just curious if there are particular reasons to prefer one over the others in the context of pfSense 2.1/BSD 8.3
Reasons to prefer would include, but aren't limited to, adapted to the new package system, higher efficiency in the use of system resources, etc.
In essence, I need something that goes beyond RRD graphs, particularly I like to be able to track IP addresses, just in case I need to block some, and traffic patterns.
-
It really depends on the resources you want to dedicate to it.
darkstat/bandwidthd - probably about the same in terms of resources usage and reporting, though I prefer bandwidthd's graphs
ntop - the 800 pound gorilla of monitoring, tons of detail but also takes a bit of resources to track everything.
If you want the best of both worlds, export netflow to an external box and do reporting on flows there using some other netflow analysis software.
-
Thanks, I think I'll try ntop for a while.
Currently my CPU is idling around 1% of usage, memory is not an issue (4GB for what is more or less comparable to a home network with some added services), so until I notice the system slowing down or having a significant load, I think ntop should be OK. I can always switch later.
Also, ntop is already at least a package designed for pfSense 2.0 while the other two are still pfsense 1.x packages, so there are more likely installation/upgrade issues, I would speculate.
-
That isn't really an accurate label (1.x vs 2.x) that just indicates the lowest possible version the package can run on.
-
That isn't really an accurate label (1.x vs 2.x) that just indicates the lowest possible version the package can run on.
Uhm, I see. I always interpreted that the latest version a package is supported/tested on.
Maybe it would be useful to add a column like that?
It's really kind of hard to figure out what works or doesn't work, even when not dealing with snapshots…This might get worse with the new package system being introduced with 2.1...
-
If a package doesn't work for a platform/version, we remove it from the list. We only list the packages that are available for a given platform, if you see it, it's supposed to work.
For example, on NanoBSD many packages are not shown because they do not work well with NanoBSD. And the list can be slightly different between amd64 and i386.
-
"If a package doesn't work for a platform/version, we remove it from the list"
Not sure I would completely agree with that - you can get the vnstat2 package to kind of work with some extra work on your own. But the frontend has errors and does not work.
So why is it listed for 2.1?
PHP Errors:
[30-May-2012 13:01:39 UTC] PHP Deprecated: Function split() is deprecated in /usr/local/www/vnstat2/vnstat.php on line 130
[30-May-2012 13:01:39 UTC] PHP Deprecated: Function split() is deprecated in /usr/local/www/vnstat2/vnstat.php on line 130
[30-May-2012 13:01:39 UTC] PHP Notice: Undefined index: totalrx in /usr/local/www/vnstat2/index.php on line 77
[30-May-2012 13:01:39 UTC] PHP Notice: Undefined index: totalrxk in /usr/local/www/vnstat2/index.php on line 77
[30-May-2012 13:01:39 UTC] PHP Notice: Undefined index: totaltx in /usr/local/www/vnstat2/index.php on line 78
[30-May-2012 13:01:39 UTC] PHP Notice: Undefined index: totaltxk in /usr/local/www/vnstat2/index.php on line 78
[30-May-2012 13:01:48 UTC] PHP Deprecated: Function split() is deprecated in /usr/local/www/vnstat2/vnstat.php on line 130
[30-May-2012 13:01:48 UTC] PHP Deprecated: Function split() is deprecated in /usr/local/www/vnstat2/vnstat.php on line 130
[30-May-2012 13:01:48 UTC] PHP Notice: Undefined index: totalrx in /usr/local/www/vnstat2/index.php on line 77
[30-May-2012 13:01:48 UTC] PHP Notice: Undefined index: totalrxk in /usr/local/www/vnstat2/index.php on line 77
[30-May-2012 13:01:48 UTC] PHP Notice: Undefined index: totaltx in /usr/local/www/vnstat2/index.php on line 78
[30-May-2012 13:01:48 UTC] PHP Notice: Undefined index: totaltxk in /usr/local/www/vnstat2/index.php on line 78 -
2.1 is in development so it's a special case. Packages there are far from stable in most cases.
The packages are listed there so people can find/fix bugs to make them work on 2.1.
-
Yeah - I am not expecting packages to work in 2.1, and yup its a good idea to leave them so they can be tested.. Just a bit of ribbing on the "If a package doesn't work for a platform/version, we remove it from the list" comment is all ;)
-
If you want the best of both worlds, export netflow to an external box and do reporting on flows there using some other netflow analysis software.
Pf 2.1 should have a netflow analysis package!. Why use another box sucking more power.
-
If a package doesn't work for a platform/version, we remove it from the list. We only list the packages that are available for a given platform, if you see it, it's supposed to work.
Thanks for the explanation, as I too was unsure. Given what you write (and accepting that dev snaps might violate expectations), the version column is quite superfluous and could be removed. Simplicity is always good if possible.
-
If a package doesn't work for a platform/version, we remove it from the list. We only list the packages that are available for a given platform, if you see it, it's supposed to work.
Thanks for the explanation, as I too was unsure. Given what you write (and accepting that dev snaps might violate expectations), the version column is quite superfluous and could be removed. Simplicity is always good if possible.
Maybe replace it with "package type" at least for whatever time it takes until packages are using the new package system…
