Vnstat "like" package to monitor bandwidth usage PER LAN IP {NOW $280USD}
-
I was asked to elaborate on my earlier post about flow tools to get per IP usage stats.
pfSense needs a flow collector installed. I used pfflowd. pfflowd sends flow records to a collector. I used flow-capture from the flow-tools package which I installed on a Linux system. flow-capture stores its flow records in directories, one for each day. Mostly I'm interested in finding out who has used the most data during a day so I can take appropriate action if the monthly download quota looks like being exceeded. My ISP makes available daily usage stats and from them I can see about 9GB was downloaded on 19 Nov. So to see who was downloading and from where on the Linux system holding my flow records I can:
[root@sme ~]# pushd /var/db/flows/2011/2011-11/2011-11-19/
/var/db/flows/2011/2011-11/2011-11-19 ~
[root@sme 2011-11-19]# flow-cat * | flow-report -v TYPE=ip-source/destination-address/ip-source/destination-port -v SORT=+octets | more
# –- ---- ---- Report Information --- --- ---build-version: flow-tools 0.68
name: default
type: ip-source/destination-address/ip-source/destination-port
options: +header,+xheader,+totals
ip-src-addr-type: address
ip-dst-addr-type: address
sort_field: +octets
fields: +key1,+key2,+key3,+key4,+flows,+octets,+packets,+duration,+other
records: 165068
first-flow: 1321624808 Sat Nov 19 00:00:08 2011
last-flow: 1321711187 Sat Nov 19 23:59:47 2011
now: 1322602258 Wed Nov 30 07:30:58 2011
mode: streaming
compress: off
byte order: little
stream version: 3
export version: 5
# ['/usr/bin/flow-rptfmt', '-f', 'ascii']
ip-source-address ip-destination-address ip-source-port ip-destination-port flows octets packets duration
64.188.166.206 192.168.211.244 6881 6881 4 282428402 205832 4594000
173.194.28.84 192.168.211.244 80 51905 2 52110568 35902 468000
58.174.20.228 192.168.211.244 25565 58525 2 38788562 61226 2782000
12.129.255.100 192.168.211.244 3724 56975 2 31560842 357082 7366000
74.125.109.182 192.168.211.244 80 52042 2 25368268 17660 376000
125.252.225.176 192.168.211.244 80 58396 2 25020948 17238 978000
117.121.249.80 192.168.211.244 80 52876 2 23684584 16464 522000
195.8.214.79 192.168.211.244 80 50283 2 21343766 14708 578000
12.120.15.208 192.168.211.244 80 52877 2 21147556 14578 520000
125.252.225.176 192.168.211.244 80 58423 2 18952452 13060 2258000
125.252.225.176 192.168.211.244 80 58380 2 18219946 12566 866000
117.121.249.75 192.168.211.244 80 57241 2 17291682 11948 462000
173.194.28.106 192.168.211.244 80 51947 2 16064040 11196 392000
195.8.214.37 192.168.211.244 80 58489 2 15804278 10890 445000
117.121.249.81 192.168.211.244 80 52620 2 15645356 10894 386000
125.252.225.151 192.168.211.244 80 52377 2 14250122 9828 354000
12.120.14.206 192.168.211.244 80 52606 2 14162172 9764 422000
125.252.225.152 192.168.211.244 80 52431 2 13742162 9576 466000
125.252.225.152 192.168.211.244 80 52432 2 13539082 9430 466000
74.125.109.143 192.168.211.244 80 49399 2 13522672 9392 298000
125.252.225.151 192.168.211.244 80 52874 2 11739240 8098 526000
74.125.10.15 192.168.211.244 80 49470 2 11368880 7976 278000
125.252.225.152 192.168.211.244 80 52600 2 11335216 7818 450000
192.168.211.244 222.154.97.65 6881 6881 22 10993548 13430 4250000
64.233.183.132 192.168.211.216 443 42135 2 10846542 7822 1804000
192.168.211.244 64.188.166.206 6881 6881 4 10631398 207608 4594000
121.223.82.76 192.168.211.244 6881 6881 2 10495864 9388 3062000
125.252.225.151 192.168.211.244 80 52397 2 9478840 6536 360000
12.129.255.91 192.168.211.244 3724 57334 2 9141684 103534 2410000
192.168.211.244 12.129.255.100 56975 3724 2 8131908 178936 7366000
222.154.97.65 192.168.211.244 6881 6881 20 7941028 13162 4184000
195.8.214.22 192.168.211.244 80 58467 2 6694386 4618 440000
173.194.28.113 192.168.211.244 80 51989 2 6375462 4456 344000
125.252.225.151 192.168.211.244 80 53094 2 5851168 4186 1024000flow-cat reads a bunch of flow files and removes headers and writes a stream of flow records to stdout. There is a flow-nfilter program which can strip specified flow records from the stream (e.g. flows between LAN and OPT1, flows over specified time intervals). flow-report has a number of reporting and sorting options. There are more advanced reporting options discussed in the book including graphing options.
I would like to take a look at software described in http://www.manageengine.com/products/netflow/ which seems to have much more extensive reporting capability. It is commercial software but there is a free edition which handles a limited number of interfaces.
-
If you sort this forum but Most views count this topic is at the top of the list under the sticky's .
Any response from the pfsense team?
Is there a chance you could work this feature into the OS. I'm sick of running 2 computers just to monitor bandwidth. I just want a list per month of all lan too wan traffic sorted by lan IP.
If you commit I'll send the coin asap! -
im ready to pledge some more coins if some1 seriously is willing to complete this and im sure others will add more of the coins once we know what it would take to complete it
-
As I understand it, said package would monitor total bandwidth by IP across multiple NICs, so if I have multiple internal subnets routing through pfsense, I can monitor how much IPs on the multiple LANs are transferring in and out across my WAN link(s). If this understanding is accurate, count me in for $50 if said package would also support IPv6/pfsense 2.1. I need IPv6 accounting as well.
-
Well It's been just over 1 year and over 7000 views on this topic . And not one hint of anything from the pf team.
-
To achieve this I use pfSense as a netflow collector (using softflowd) exporting the data to nfsen (running on another machine). This gives me full analyzing capabilities using a web GUI. This gives you all the capabilities that is asked for here in a free open source way.
But the goal is perhaps to use pfSense only.
-
But the goal is perhaps to use pfSense only.
Exactly! Why do we need two power sucking devices for this 1 job
-
I'd like to contribute $50 towards this project.
This would be very useful to me. -
But the goal is perhaps to use pfSense only.
Exactly! Why do we need two power sucking devices for this 1 job
I thought the same thing, but then looked at the 2 suggestions (have to go back and see if supported in freebsd). It would work, and has many many features (maybe overkill).
Could we not get what we all want if these 2 were bundled up in a pfsense package with some default options setup?).
It may not be good for the embedded buys, but lately my hardware can more than handle this.
It could be the only way we get what we all want.??
-
Does anyone know what it would cost and how much time it would take to get this sort of thing built in to pfsense or for someone to do an addon package?
Maybe the reason there hasnt been much movement is the cost and timescales especially if it would mean having to rewrite a large part of pfsense's core?
I'd chip in a reasonable amount if need be, but some idea of costs & timescales would be useful to begin with imo.
-
I've been working commercially with netflow for some years now and have implemented systems which cope with billions of flows per day, calculating hundreds of customers data plans. While those systems run from cisco routers, this can be done under FreeBSD fairly easily and can monitor all the interfaces individually and then filter/aggregate them based on subnets, IP's, ports etc. The only failing currently with flow tools is no IPv6 support. I have built netflow v9 gernerator/capture software (which supports IPv6) in php to gain an understanding of it. Based on all of this knowledge, I am sure I can contribute something to the pfSense project, if so desired.
I would love to load this even if it were outside of pf. Chris B suggested nfsen - what is yours based upon?