Netflow collector

drick78 · Feb 6, 2015, 4:35 AM

I am considering changing from Untangle to pfSense as the router at church. Untangle allows me to capture web traffic info in a PostgreSQL database that I can then run my own queries against, and keep it all on the router itself. How could I configure something like pflow/netflow or something similar to do the same. I really want the netflow collector to use a PostgreSQL database and be installed on the router like I do with Untangle (There are several reasons for this, but I don't want to go into them here). The server is an HP DL360 G6 with 2 quad-core Xeon and 16GB RAM (a donation from my workplace), so I know it can handle this.

The real question boils down to 2 points:

1. how do I get PostgreSQL installed on the pfSense server?
2. how do I get a collector installed on the server?

I believe I can do the rest my self since I did get a 2 server setup like this going already. I just don't know how to get it all on the one server.

Environment notes:

about 800 wireless users on any given Sunday. pretty much dead the rest of the week
currently we have a 10Mbit DSL connection, but the ISP is getting ready to deploy 30Mbit fiber in a few months

I just got pfSense up and running at home on a Dell c6100 cloud server and reall like it so far.

drick78 · Feb 13, 2015, 8:50 PM

bump. Is there no one who knows how to install PostgreSQL on a pfsense box?

keyser · Feb 13, 2015, 9:22 PM

I don't know if untangle can work in this way, but I frequently use the following setup for logging:
Install a free hypervisor (vsphere) on the server an create a regular pfsense Firewall VM.
Then mirror the physical switchport and let an untangle VM see a copy of the traffic on a different vswitch in promiscous mode.
This separates the two systems and allows you to gain much better performance and independent upgradeability.

drick78 · Feb 13, 2015, 9:58 PM

I have come across others recommending a similar setup. I just figured out how to use the pkg command to enable the freBSD repos and install the database from there. I know that your suggested configuration is probably more reliable in terms of upgrades, but I think it is still overkill for my current needs.

Thank you for the reply though.

biggsy · Feb 14, 2015, 12:01 PM

@drick78:

… HP DL360 G6 with 2 quad-core Xeon and 16GB RAM ...

@drick78:

I know that your suggested configuration is probably more reliable in terms of upgrades, but I think it is still overkill for my current needs.

And the machine you're running isn't overkill? It would make a great ESXi server. You could run up pfSense, untangle, a web server, mail server, NAS, whatever - all on one machine.

drick78 · Feb 17, 2015, 4:38 PM

Yes, my machine is overkill. It was a BlackBoard database server at the university I work at. I just hate to introduce more software complexity than I really need. It just so happens that the university is going to donate another HP server with 1 quad-core xeon, so I may yet end up with a 2 server setup for this after all. It will be a couple weeks before we get a hold of this second server though.

johnpoz · Feb 17, 2015, 4:46 PM

maybe its just me, but installing non security, or very basic network functionality features (dhcp, dns) on my firewall seems like bad juju to me.

I would go the VM route - this allows you to use the same hardware for lots of thing, but still isolate from installing stuff on your firewall OS.