Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic that occurred in the past.

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? Offline
      A Former User
      last edited by

      is it possible to look at the logs in pfsense that show me which connections were made at an earlier time? for example, i am looking at the rrd graphs and see that my connection was heavily used between 4-5am, but i don't know how i can see who was using the connection at that time. i am not looking for it to tell me someone was streaming youtube (although, that would be nice), i would want to see the LAN IP and what IP it was connected to, or something along those lines.

      do i need to implement a syslog server and log everything to that?

      thanks.

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        check ntop package

        1 Reply Last reply Reply Quote 0
        • ? Offline
          A Former User
          last edited by

          @heper:

          check ntop package

          i'd have to enable it.

          and it seems that browsing that won't be very user friendly.

          "Enable historical data storage.
          WARNING: This feature consumes HUGE amount of disk space. Also, browsing the historical data is VERY slow.
          The historical interface is considered abandoned by upstream, pending more usable replacement."

          EDIT- i am experimenting with my pfsense box at home. unfortunately, when i am reviewing the data, i don't know what time it is. for example, even though i did select a specific time, when reviewing the data, i don't see date/time. it does show throughput, but it seems like there should be an easier way. if there was a date/time column, that might be a good start.

          EDIT2- ok, this is better than nothing, i guess i just need to be as specific as possible with the search and then look at the amount of data consumed, that is way better than nothing at all.

          is there a place to set how much storage can be used by ntop? will it recycle storage when it needs more space? i want to make sure i don't crash my box by letting the hard drive pfsense runs on fill up.

          thanks.

          1 Reply Last reply Reply Quote 0
          • ? Offline
            A Former User
            last edited by

            @tdhuck:

            @heper:

            check ntop package

            i'd have to enable it.

            and it seems that browsing that won't be very user friendly.

            "Enable historical data storage.
            WARNING: This feature consumes HUGE amount of disk space. Also, browsing the historical data is VERY slow.
            The historical interface is considered abandoned by upstream, pending more usable replacement."

            EDIT- i am experimenting with my pfsense box at home. unfortunately, when i am reviewing the data, i don't know what time it is. for example, even though i did select a specific time, when reviewing the data, i don't see date/time. it does show throughput, but it seems like there should be an easier way. if there was a date/time column, that might be a good start.

            EDIT2- ok, this is better than nothing, i guess i just need to be as specific as possible with the search and then look at the amount of data consumed, that is way better than nothing at all.

            is there a place to set how much storage can be used by ntop? will it recycle storage when it needs more space? i want to make sure i don't crash my box by letting the hard drive pfsense runs on fill up.

            thanks.

            after testing it some more, something isn't right with ntop…

            i loaded data from a few hours ago (took a screen shot of a lookup i did to compare the data if i were to look at it hours later) and once the data loaded from my most recent lookup, the history wasn't there/didn't match. i also noticed that if you try to load the same date/time that was previously loaded, ntop crashes and it needs to be restarted.

            i could be doing something wrong, not sure, but so far, ntop isn't working that great.

            1 Reply Last reply Reply Quote 0
            • ? This user is from outside of this forum
              Guest
              last edited by

              is it possible to look at the logs in pfsense that show me which connections were made at an earlier time?

              From the WLAN & LAN to the WAN I would imagine you could install Squid with user authentication
              and SARG for reporting then. It all depends on the traffic it selfs and the amount of log files that will
              be produced. But if all is going through the Squid proxy w/ user authentication you will exactly knowing
              who was doing what and at which time.

              for example, i am looking at the rrd graphs and see that my connection was heavily used between 4-5am, but i don't know how i can see who was using the connection at that time.

              That is more then a real time monitoring but you was asking for a longer time ago usage first.
              What you want exactly now? Or both?

              i am not looking for it to tell me someone was streaming youtube (although, that would be nice), i would want to see the LAN IP and what IP it was connected to, or something along those lines.

              It would be able to realize but then the WLAN should be secured by a radius server and for guests
              over a Captive Portal otherwise or if this be an open WLAN as a HotSpot you will never be ale to see
              who was it, if the whole street is surfing over your AP or pfSense.

              do i need to implement a syslog server and log everything to that?

              A small RaspBerry PI 2.0 with the new WD 314 GB HDD one will be sufficient to realize many more things  together with;

              • syslog-ng, MRTG & CACTI
              • ELK (ElasticSearch, Logstash, Kibana)
              • on pfSense directly w/ Squid & SquidGuard & SARG

              is there a place to set how much storage can be used by ntop? will it recycle storage when it needs more space? i want to make sure i don't crash my box by letting the hard drive pfsense runs on fill up.

              Then add a bigger HDD/SSD or set up a small Intel NUC connected to a monitor where you can install or
              run the following things.

              • PRTG Network Monitor
              • Scrutinizer
              • WireShark
              • F.l.a.v.i.o.
              • Splunk

              I would more have a look for the following two thinks

              • Squid & SquidGuard + SARG plus
              • PRTG on an Intel NUC or ELK
              • syslog-ng & MRTG & CACTI on a RAPI
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.