RRD graph suggestion: blocked pps
-
I wanted to make a suggestion for the "packets" graphing section. I have a Soekris 5501 that's been on firewall duty for a long time. It's been running OpenBSD till very recently. I used to do a number of things with it, and I find that the only thing I really miss having is a "blocked packets per second" RRD graph. I've found having a graph of blocked packets per second very useful, especially for detecting portscans. I know snort can sort of do the same thing, but it's way too prone to false positives for my taste. in my opinion, seeing a massive spike in blokced pps over a very short period in time is a dead giveaway, and I miss being able to scan over my graphs and see it. Would it be difficult to implement such a thing? perhaps a dropdown in the "packets" section of the RRD graphs for "blocked" in and out.
-
pfSense simply provides a "GUI" to the RRDtool.
If you want new functionality you better look here: http://oss.oetiker.ch/rrdtool/ -
In 2.0 there is not sure it was backported.
-
It is only in 2.0 since it requires rather intrusive reworking of the RRD file format and layout as well as changes in the backend and front end.
