Per IP bandwidth monitoring
-
Probably I'm just a noob at searching the forum. I tried but didn't find previous questions covering my issue.
I'm having an Alix-powered pfsense-router and -firewall with a semi-high throughput (~50 mbit in avg) and therefore I want to free some ressources. I decided to start with bandwidth-monitoring.
Initially I decided to go with the build-in BandwidthD-option with an external server but after a lot of struggle with the psql-server (never had these kind of issues with MySQL) I've decided to use Cacti. I've already got a cacti-server running monitoring several servers so I figured that it wouldn't be a big deal adding the pfsense probes to it. Well, it wasn't and the Cacti-server is now monitoring CPU-load, memory load and interface statistics but I realized that it does not register which IP is generating which traffic. It would be awesome if I could pull the traffic type via SNMP from pfsense too, but to be able to just pull the amount of traffic from any given IP would be a great start! So my questions are:
- Is it possible to pull IP-based traffic statistics from pfsense using SNMP?
- Is it possible to pull IP-based traffic statistics including traffic type statistics from pfsense using SNMP?
- Is it possible to monitor rules?
- Is it possible to monitor when a given port is used? I've got quite some forwards and would like to be able to see unusual patterns in port activity.
- Is it possible to pull queue statistics from the traffic shaper?
I hope that you're able to answer my questions. I've spent quite some time on Google trying to get some answers but unfortunately without any luck.
-
Have you read this docs page?:
https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usageSteve
-
The information available via SNMP depends on what SNMP modules you have enabled and what they are capable of. You can get a list by checking out the SNMP service page on your pfsense. Below is what I currently have. I think probably some of the things you want via SNMP may not be monitored/available without something third party.
The traffic graph shows what IP the generated traffic is coming from. I am not sure where it is looking or with what at the moment but you could have a look at where its getting its data from. After you can figure out how it could be piped via SNMP
SNMP Modules MibII Netgraph PF Host Resources (Requires MibII) UCD Regex