Netflow collector
-
I am considering changing from Untangle to pfSense as the router at church. Untangle allows me to capture web traffic info in a PostgreSQL database that I can then run my own queries against, and keep it all on the router itself. How could I configure something like pflow/netflow or something similar to do the same. I really want the netflow collector to use a PostgreSQL database and be installed on the router like I do with Untangle (There are several reasons for this, but I don't want to go into them here). The server is an HP DL360 G6 with 2 quad-core Xeon and 16GB RAM (a donation from my workplace), so I know it can handle this.
The real question boils down to 2 points:
1. how do I get PostgreSQL installed on the pfSense server?
2. how do I get a collector installed on the server?I believe I can do the rest my self since I did get a 2 server setup like this going already. I just don't know how to get it all on the one server.
Environment notes:
about 800 wireless users on any given Sunday. pretty much dead the rest of the week
currently we have a 10Mbit DSL connection, but the ISP is getting ready to deploy 30Mbit fiber in a few monthsI just got pfSense up and running at home on a Dell c6100 cloud server and reall like it so far.
-
bump. Is there no one who knows how to install PostgreSQL on a pfsense box?
-
I don't know if untangle can work in this way, but I frequently use the following setup for logging:
Install a free hypervisor (vsphere) on the server an create a regular pfsense Firewall VM.
Then mirror the physical switchport and let an untangle VM see a copy of the traffic on a different vswitch in promiscous mode.
This separates the two systems and allows you to gain much better performance and independent upgradeability. -
I have come across others recommending a similar setup. I just figured out how to use the pkg command to enable the freBSD repos and install the database from there. I know that your suggested configuration is probably more reliable in terms of upgrades, but I think it is still overkill for my current needs.
Thank you for the reply though.
-
… HP DL360 G6 with 2 quad-core Xeon and 16GB RAM ...
I know that your suggested configuration is probably more reliable in terms of upgrades, but I think it is still overkill for my current needs.
And the machine you're running isn't overkill? It would make a great ESXi server. You could run up pfSense, untangle, a web server, mail server, NAS, whatever - all on one machine.
-
Yes, my machine is overkill. It was a BlackBoard database server at the university I work at. I just hate to introduce more software complexity than I really need. It just so happens that the university is going to donate another HP server with 1 quad-core xeon, so I may yet end up with a 2 server setup for this after all. It will be a couple weeks before we get a hold of this second server though.
-
maybe its just me, but installing non security, or very basic network functionality features (dhcp, dns) on my firewall seems like bad juju to me.
I would go the VM route - this allows you to use the same hardware for lots of thing, but still isolate from installing stuff on your firewall OS.
