Netflow collector



  • I am considering changing from Untangle to pfSense as the router at church. Untangle allows me to capture web traffic info in a PostgreSQL database that I can then run my own queries against, and keep it all on the router itself.  How could I configure something like pflow/netflow or something similar to do the same.  I really want the netflow collector to use a PostgreSQL database and be installed on the router like I do with Untangle  (There are several reasons for this, but I don't want to go into them here).  The server is an HP DL360 G6 with 2 quad-core Xeon and 16GB RAM (a donation from my workplace), so I know it can handle this.

    The real question boils down to 2 points:

    1. how do I get PostgreSQL installed on the pfSense server?
    2. how do I get a collector installed on the server?

    I believe I can do the rest my self since I did get a 2 server setup like this going already.  I just don't know how to get it all on the one server.

    Environment notes:

    about 800 wireless users on any given Sunday.  pretty much dead the rest of the week
    currently we have a 10Mbit DSL connection, but the ISP is getting ready to deploy 30Mbit fiber in a few months

    I just got pfSense up and running at home on a Dell c6100 cloud server and reall like it so far.



  • bump.  Is there no one who knows how to install PostgreSQL on a pfsense box?



  • I don't know if untangle can work in this way, but I frequently use the following setup for logging:
    Install a free hypervisor (vsphere) on the server an create a regular pfsense Firewall VM.
    Then mirror the physical switchport and let an untangle VM see a copy of the traffic on a different vswitch in promiscous mode.
    This separates the two systems and allows you to gain much better performance and independent upgradeability.



  • I have come across others recommending a similar setup.  I just figured out how to use the pkg command to enable the freBSD repos and install the database from there.  I know that your suggested configuration is probably more reliable in terms of upgrades, but I think it is still overkill for my current needs.

    Thank you for the reply though.



  • @drick78:

    … HP DL360 G6 with 2 quad-core Xeon and 16GB RAM ...

    @drick78:

    I know that your suggested configuration is probably more reliable in terms of upgrades, but I think it is still overkill for my current needs.

    And the machine you're running isn't overkill?  It would make a great ESXi server.  You could run up pfSense, untangle, a web server, mail server, NAS, whatever - all on one machine.



  • Yes, my machine is overkill.  It was a BlackBoard database server at the university I work at.  I just hate to introduce more software complexity than I really need.  It just so happens that the university is going to donate another HP server with 1 quad-core xeon, so I may yet end up with a 2 server setup for this after all.  It will be a couple weeks before we get a hold of this second server though.


  • Rebel Alliance Global Moderator

    maybe its just me, but installing non security, or very basic network functionality features (dhcp, dns) on my firewall seems like bad juju to me.

    I would go the VM route - this allows you to use the same hardware for lots of thing, but still isolate from installing stuff on your firewall OS.