GUI/Web browser based monitoring?
-
I am moving away from Watchguard firewalls with I hope pfSense in the near future. One of the problems I have is that I've gotten VERY used to the HostWatch monitoring tool which comes with watchguards.
Does anyone know of any addons for pfSense which might give me the same/similar graphical overview of what's going on for in/out traffic. I've tried to get used to the command line F9 and other built in functions but they pale compared to what I'm used to.
Thanks very much for any leads you can offer.
Mike
-
Did you take a look at the
status –>RRD graphs?
Also the
status --> Traffic graphThe dashboard can show you a summary of some numbers quite nice too.
-
Did you take a look at the
status –>RRD graphs?
Also the
status --> Traffic graphThe dashboard can show you a summary of some numbers quite nice too.
So far, there isn't anything like HostWatch which is what I've been used to. I can take a quick peek at any given time and see live traffic as it's moving in and out. On pfSense, it seems there are plenty of graphs and such, and states and status but nothing much which shows real time activity short of ongoing refreshes.
Am I missing something?
Mike
-
status –> Traffic graph
Well more real time and it would be a peak at the future.
-
status –> Traffic graph
Well more real time and it would be a peak at the future.
I'm looking for real time connections, not graphs. The watchguard has a tool called HostWatch which is a real time (2 seconds min) updated list of up to 600 connections. It is so easy to look over and see what's going on for in/out connections.
Mike
-
So something like Diagnostics -> States
A picture of what overview your looking for might help.
-
So something like Diagnostics -> States
A picture of what overview your looking for might help.
It's hard to explain if you've never seen HostWatch but basically, it's an almost real time display of all traffic on the firewall. So, the order is;
Source IP/DNS name, Destination, Port, Direction, Connection status (Normal or Denied), Details.
It's pretty much similar to F9 but the port is very important to me, along with the new connections being at the top at most times, denied at the bottom. There is also a top window which shows lines between the connections for a quick visual.
Like I say, F9 is similar but I don't need the PKTS, BYTES, AGE, EXP, I can get all of those things in stats later. What I need is a real time display, a quick visual of what's going on.
By the way, I'm guessing that logs can be sent to a central logger right? If that's the case, I could even use some external tool, snort, or others, which could show me what I'm looking for.
Mike
-
Maybe what I'm looking for is already there or almost is. Sometimes it takes getting used to new things. I've been looking, it seems to come close.
By the way, using F9 from an ssh connection, the connection seems to consistently drop after a while. It's pretty random but it does seem to drop it.
Mike
-
Maybe what I'm looking for is already there or almost is. Sometimes it takes getting used to new things. I've been looking, it seems to come close.
By the way, using F9 from an ssh connection, the connection seems to consistently drop after a while. It's pretty random but it does seem to drop it.
Mike
You could always set up pfflowd and export flows to a flow collector and view it that way. You'll be more standardized, have a centralized view (using something like nfdump/nfsen on a collector host) and best of all you can add anything that supports flow export to it (routers, different types of border devices, etc.)
-
Maybe WallWatcher could interest you?
http://sonic.net/wallwatcher/ -
http://ex-parrot.com/~pdw/iftop/
Iftop is nice .. real time traffic monitoring/graphing. I installed it on pfsense 1.2 by downloading the binary package for iftop from a freebsd 6.2 mirror somewhere
its not a gui app though, have to use it from ssh or console