A few questions about logging and reporting tools
-
I'm making a pfSense to fit a purpose and it's going to have a few features such as multi-wan load balancing/failover, IPS solutions and a couple of other things, but I've yet to find a way to enable logging of, searching of and reporting of a few things that I need. Below are the questions I currently have:
- In load balancing, is there a way to monitor the uptime of connections (how long it's been up, if it's currently up etc and maybe historical uptime eg WAN1 went down 2 weeks ago for 5mins or anything similar to that)
- Monitoring of each device on the network for uptime, performance, outages etc - so far I'm leaning towards using darkstat, would that fulfill all the above needs and is there a native pfSense alternative? And is there a way to get historical data for all the above as session by session data is ok but I'd prefer something more long-term.
- Monitoring of network performance - Is there any way of logging data across multiple restarts? I need to measure downtime over an extended period of time, things like WAN outages, connection issues and anything else would apply
- Logging of all network traffic - is there a way to save these files so they're not gone upon restart? I want to be able to export them into other network analyser tools
I've looked into a syslog server but I'd prefer to keep in within pfSense if possible. I greatly appreciate any help given, I'd be happy to clarify any points above in later comments. Thanks all.
-
@templateunheard bump, still in need of answers if anyone's able
-
@templateunheard I personally like nfsen+nfdump.
You would need a server to install nfsen+nfdump..Then, you install softflowd in pfsense and export data to this server..
There were some limitations, but it was good to check all the flows you would need.
-
Yes exporting syslog and netflow data is the way to go for that.
Long term data is not intended to be held in pfSense directly.