Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Monitoring traffic w/notifications

    General pfSense Questions
    4
    4
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Visseroth
      last edited by

      I'm wondering if there is a way to monitor incoming connections and get notifications via email or some other way?
      I ask because I have a client who needs to monitor incoming successful connections and I would prefer to not be lifting through tons of logs.

      1 Reply Last reply Reply Quote 0
      • G
        georgeman
        last edited by

        I don't know any package that lets you do that directly on pfSense, but you can always log to a remote syslog server and then "do the magic" there

        If it ain't broke, you haven't tampered enough with it

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          @Visseroth:

          I'm wondering if there is a way to monitor incoming connections and get notifications via email or some other way?
          I ask because I have a client who needs to monitor incoming successful connections and I would prefer to not be lifting through tons of logs.

          I presume "incoming" means "incoming on WAN".

          You could setup firewall rules to log incoming connection attempts that are allowed. The firewall log is of limited size so you MIGHT need to add something to deal with overflow.

          Define "successful connections" - some data exchanged?

          You could log flow records (use pfflowd or softflowd) and analyse them.

          I doubt you would want an email on ALL "successful" incoming connection unless there is a guaranteed low maximum rate and low number.

          1 Reply Last reply Reply Quote 0
          • C
            ctsnet
            last edited by

            yeah, you'll need to define 'connections'

            even failed remote login attempts to the firewall are a connection (ack)

            if this is more of a "once XYZ interface hits XX Mbps" and if it is safe to assume you have a server/pc on the private side of your network, then fetch the free version of this: http://www.manageengine.com/network-monitoring/  the free version is full featured and does up to 10 devices, defined as IPs, so the single management IP of your device would only count as one device, regardless of the count of interfaces/subinterfaces/vlans.  do snmp polling of your interfaces and set it to email/page/sms/log based on a given interface or vlan hitting X Kbps/Mbps, etc.

            note, i'm hoping to get opmanager running against pf, haven't yet, but i use it in other sites and against other snmp capable hardware and software firewalls/routers.

            if you need to know when an IP behind the firewall is having a series of connections being passed, at a more granular level than just interface or subinterface, then flows (netflows/sflows) model will work.  but that's not free with opmanger.  try prtg for that.  http://www.paessler.com/tools  it's limited to "10 sensors" to remain free, but that includes 'each item monitored" like IPmon now solarwinds, so you can blow through that in one device pretty fast.

            both tools support alerting based on triggers.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.