Best Package for Bandwidth Usage per IP

  • Hi pfSensers,

    I'm an IT Pro with 15 year's experience, but a newbie to pfSense & *nix in general and I'm after some advice regarding which package is going to be the bet to meet my bandwidth monitoring needs.

    Basically my situation is that I am setting up pfSense as my new home firewall solution and I'd like to use it to monitor Internet usage for my home PCs etc.  The ISP usage plan is metered and has different costs per GB depending on the time of day (off or on peak).  Based on this I'd like to end up with the following:

    • Persistent Bandwidth Usage Monitoring (ie; total usage (incl up and downloads) per hour, per IP / host & possibly per port, but this is not a requirement)
    • Graphical reporting with drill-down links for further breakdown / detail per month, day, hour, IP etc
    • Switchable contexts (IP / host or time)

    In other words, ideally I'd like to start with a graph of usage over a period (say the last month), spot a high usage period (say one day) & be able to 'drill down' to discover which hour(s) & which IP(s) are the cause of the spike.  Similarly I'd like to be able to start with the totals per IP for any given period and drill down see more detail about time sub-periods.  (I hope that makes sense! :))

    I've installed nTop and have had a good look in it, but it seems to be mostly about instantaneous bandwidth utilisation rather than about accumulated usage.  Perhaps there is a way to configure nTop to give me what I'm after?  I've also had a brief look at vnStat, but this doesn't appear to have per-ip stats.  I understand that the best option for me may be to use NetFlow or the like with an external logging server, however I'd like to keep the entire bandwidth monitoring system self-contained on the pfSense firewall if at all possible.

    Any advice would be much appreciated.  Cheers :)

  • Rebel Alliance Developer Netgate

    I don't think any of the packages have such drill-down capabilities.

    BandwidthD does keep per-IP historical graphs, but I'm not sure of the other features you're asking about.

    You are right though the only way you will probably get that data in the format you want is by exporting to a netflow collector with software to store/analyze the data.

  • You can use the Traffic shaping feature to have some control of your throughput. You "might" be able to have a bandwidth cap using it but I am not willing to reset my traffic shaper just to see if you can. I use squid in combination with lightsquid and squidguard to control/monitor HTTP based traffic since most traffic is that it works well. Lightsquid does a good job of report which IPs use the most traffic with a timeline.

  • I use bandwidthd but the built in html reports are not very configurable and I haven't got round to figuring out how to analyze the cdf files to generate more useful reports. It also reads about 50% higher usage than my ISP reports. I would also love a self-contained package that met your requirements but haven't come across a solution as yet.

  • Thanks guys I appreciate the info.  I'll try some of your suggestions :)

  • Ok, I've looked at pretty much every traffic stat package for pfSense but unfortunately none do exactly what I want, so I'm now looking at NetFlow Analyzer apps.  However, while there are quite a few which have all the features I'm looking for, most are trials which are crippled in some way >:( and subsequently don't fit the bill!  'ManageEngine NetFlow Analyzer' seems to be fully functional, however it uses a GIG :o of RAM!!

    Does anyone have any suggestions for a good, moderately lightweight NetFlow Analyser app which isn't crippled to the point of non-functionality?

  • I have a similar need, and currently no ideas. We've got a shared connection for some people with a monthly cap, and each user is intended to pay their own monthly share. But it's not easy to tell who used what, each month.

  • This might be blasphemy when said here, but I have now actually defected to an Astaro firewall which has built-in traffic accounting, although to be honest there are a couple of outstanding bugs which make this not completely functional at the moment (incomplete capture of total volumes & a 12 hour time offset).

    Astaro is a really great free firewall which has all the features of pfSense and most of it's plugins in one complete package!

  • Thanks for the tip, Sambo.

Log in to reply