host traffic monitoring with iftop, telegraf and influx (and grafana)
Hi there -
I spent some time looking through different solutions for host traffic monitoring. Eventually, I put something together that was simple that I thought I'd share. It uses iftop, telegraf, influx and grafana to give me host traffic flows. The basic idea is that every so often telegraf will run a script that calls iftop and then I scrape the results and put them in the right influx line format. I figured others might have feedback or use for this.
Here's the code on github.
Here's a picture of a graph, showing the host breakdown (in the bottom left corner)
Comments, feedback, contributions welcome.
More background if you care...
I'm still a newbie to pfSense and to influx queries. I did go down the path of ntopng to telegraf for a while but found I was spending lots of time figuring out how to get hostnames, etc. And ultimately I was replicating the Status Graph in pfSense. So I decided I liked that and just replicated it by sampling iftop and putting those data into influx via telegraf.
Also note you will need telegraf. I used to use a Netgate 3100 but eventually I gave up because not enough packages were available for it (it's 32 bit ARM). And I spent forever trying to compile stuff for it. Telegraf is based on go, for which there is no 32 bit ARM FreeBSD package for that I could find nor could I get to compile.