Monitoring traffic w/notifications



  • I'm wondering if there is a way to monitor incoming connections and get notifications via email or some other way?
    I ask because I have a client who needs to monitor incoming successful connections and I would prefer to not be lifting through tons of logs.



  • I don't know any package that lets you do that directly on pfSense, but you can always log to a remote syslog server and then "do the magic" there



  • @Visseroth:

    I'm wondering if there is a way to monitor incoming connections and get notifications via email or some other way?
    I ask because I have a client who needs to monitor incoming successful connections and I would prefer to not be lifting through tons of logs.

    I presume "incoming" means "incoming on WAN".

    You could setup firewall rules to log incoming connection attempts that are allowed. The firewall log is of limited size so you MIGHT need to add something to deal with overflow.

    Define "successful connections" - some data exchanged?

    You could log flow records (use pfflowd or softflowd) and analyse them.

    I doubt you would want an email on ALL "successful" incoming connection unless there is a guaranteed low maximum rate and low number.



  • yeah, you'll need to define 'connections'

    even failed remote login attempts to the firewall are a connection (ack)

    if this is more of a "once XYZ interface hits XX Mbps" and if it is safe to assume you have a server/pc on the private side of your network, then fetch the free version of this: http://www.manageengine.com/network-monitoring/  the free version is full featured and does up to 10 devices, defined as IPs, so the single management IP of your device would only count as one device, regardless of the count of interfaces/subinterfaces/vlans.  do snmp polling of your interfaces and set it to email/page/sms/log based on a given interface or vlan hitting X Kbps/Mbps, etc.

    note, i'm hoping to get opmanager running against pf, haven't yet, but i use it in other sites and against other snmp capable hardware and software firewalls/routers.

    if you need to know when an IP behind the firewall is having a series of connections being passed, at a more granular level than just interface or subinterface, then flows (netflows/sflows) model will work.  but that's not free with opmanger.  try prtg for that.  http://www.paessler.com/tools  it's limited to "10 sensors" to remain free, but that includes 'each item monitored" like IPmon now solarwinds, so you can blow through that in one device pretty fast.

    both tools support alerting based on triggers.


Log in to reply