Pfsense – Monitoring Abilities, or lack therof?



  • I took a look through the SNMP section, but its a ghost town.. so hope you don't mind me posting this here.

    I've enabled SNMP on the Router.. and its active through 192.168.1.1 , off port 161

    I grabbed PRTG and just checked it out, and it picks up the NICS on the Router,.. but basically analyzes Traffic just overall bandwidth coming out of each NIC, nothing special.

    My question is..

    How much can you monitor on your network?

    I was under the impression with Pfsense, SNMP would be enabled in all its glory.  From there I could use a thirdparty monitor program of some sort to monitor the entire network from an overall view and an in-depth view.

    So far, all I can come up with are Bandwidth Traffic graphs off the LAN/WAN1 and WAN2 NICS.  (Whats already built into Pfsense's GUI) – While that is nice,.. I'd like to be able to monitor the packets flowing through all three of those NICS inbound and outbound.

    If 'possible', I'd also like to be able to put each computer under a microscope at will , so to speak, and monitor Bandwidth taken by each Computer.

    My setup --

    PFsense router, three NICS (WAN1,WAN2, and LAN) -- LAN goes to Switch, (Switch has an Access Point in it) -- 2 Computer run off the switch wired, and 2 computers run off the Wireless signal from the access point.

    4 Computers have DHCP leases.

    Is it just not possible to localize, and examine each computers bandwidth? Then further, what packets are coming in and out of that computer?

    Is there not some program than can go through the router, and pickup the addresses of those machines and monitor them?

    I would imagine that this is done all the time,.. So any program ideas/advice would be appreciated.

    Again, I'd like to be able to monitor things on a PC by PC basis (From one central location.. IE: Setup the monitor programs on one of my PC's,.. use it to monitor all the others) -- To see if PC 3 is using 20Kb of bandwidth or 200Kb at that moment,.. To examine packets and then map them to garner whatever type of information possible.

    None of this is 'spying' on other people, as this is all my equipment and my usage.. So its on the up and up.

    Thanks for any and all help.



  • SNMP isn't for full all out monitoring purposes. pfsense does about as much SNMP as anything. Nothing does SNMP like you describe.

    If you want serious per-host monitoring like you're describing, you're looking at the wrong thing. You want NetFlow, using the pfflowd package, with a NetFlow collector on another host.



  • @cmb:

    SNMP isn't for full all out monitoring purposes. pfsense does about as much SNMP as anything. Nothing does SNMP like you describe.

    If you want serious per-host monitoring like you're describing, you're looking at the wrong thing. You want NetFlow, using the pfflowd package, with a NetFlow collector on another host.

    Gotcha.. Sort of figured that, but just wanted to make sure.  Though I do know it is possible to monitor a network as in-depth as anyone can imagine.

    Obviously this is done by  placing a "collector" on the machine to be monitored, and use "Netflow" to link in with that machine through this 'client' program.

    Almost like a mini-network within the network just for monitoring purpsoes.  I guess like a Data Miner on the Networks… (Mining for Net info, not HD/DB ) -- I log in through whatever ports/names/pw's whatever from the computer with "Netflow" Host and I get what I want.

    Hrmm..

    So basically I need to get "Netflow" and put its Collector on all the machines.  This machine I am using now I will have the 'Host" program on,..

    So is this the type of thing where I can open Netflow, and say ok Connect to Computer A,B and C -- And constantly monitor them all.  Have 3 Windows up of each individual Computers activity, etc.

    Thanks,



  • Wikipedia does a good job of explaining NetFlow.
    http://en.wikipedia.org/wiki/Netflow

    You put a collector on a single system on your LAN, install the pfflowd package, and configure it with the IP of the collector. Then pfsense will send the NetFlow info over to your collector, and from there you can do whatever you want with it. There are tons of possibilities, and all kinds of software that can do various things with the collected NetFlow data. Sorta like SNMP (though data you can never get out of SNMP), but instead of your monitoring system polling pfsense as it would with SNMP, pfsense pushes the data over to your collector (monitoring machine).

    One quick, free way to get up and going if you run Windows is to try Scrutinizer. It does some good basic stuff that may be adequate for your needs. There's also a for-pay version with more features.
    http://www.plixer.com/products/free-netflow.php

    That will do full accounting for all traffic that traverses pfsense, which I assumed is the only thing you need to monitor.



  • I am currently using PFFLOWD with "NETFLOW Analyzer".  The collector is great but I am currentyl fighting a battle as NetFlow Analyzer is only showing IN Traffic and no OUT Traffic information.  I am not sure where the problem relies (pfflowd or Netflow A.)

    If you have any insight on how I could check what is actually happening on the PFSense router, meaning what pfflow is actually sending, it would be great.

    Thanks,  hope this can be helpful



  • dupuyol: I saw your post previously about only getting one direction of traffic. I haven't had time to look into it yet, but plan to do so as soon as I get a chance (might be a week or two).


Log in to reply