Thoughts on reporting/monitoring package?

  • Something I was wondering about and I would really like to hear some feedback on this. At my office I have a Cisco PIX firewall. The one aspect I never really liked about the PIX was having to go through the syslogs to determine stuff. More importantly I never really had a good method to see usage etc.. That is until I found Adventnets Firewall Analyzer ( This program just blew the competition away with all its features in terms of being able to show graphically numerous aspects of the PIX. The one I love most is being able to see what protocals are using the most bandwidth. To my surprise our e-mail server was receiving a lot more than I ever thought it was.

    Which leads me to pfsense. Currently I have several boxes running m0n0wall, one has now been upgraded to pfsense for testing. I found m0n0wall to be the best firewall option, for me at least, out there. That is after looking at Astaro, IPCop, Endian, Smoothwall, etc..

    I saw somewhere, can not remember where, a discussion about what could make pfsense stand out. Well, one option I think would really be a plus would be to impliment some features similar to what Adventnets Firewall Analyzer does. I don't think by any means it would have to be any where near en xtensive. But it would be nice to have a package that would show the following:

    • Bandwidth over given time period (Day, week, month)
    • Protocal bandwidth used (How much is VOIP eating up my bandwith at home)
    • Time of day usage (What hours is the internet most used)
    • What LAN devices are using up the bandwidth, how much are they using.

    Now I remember seeing some projects that would read through and graph out logs (AWStats, etc.). I do not know if there is anything that could be directly put into a package form. Actually I have no clue whether this could even be implimented, or even the devs want to even go that route. I just thought that this
    might be a good topic to explore, since I think I lot of people would find having some form of reporting very helpful. Personally I think adding such features would most certainly make pfSense stand out amongst all the other firewall projects and give it an even more distinctive aspect.

  • Pfsense already does most of that stuff.  Use the package called Ntop.  And enable the rrd tool.  Takes heaps of looking around to find everything you want.  But if you click on a specific IP there is a little Icon that looks like a graph and it gives you all sorts of stats etc such as what you are looking for (that little icon took me about 8 days to find LOL).

    The only problem I have with the Ntop stats is I am unable to view the stats of a PC that has been turned off for a while.  I have to wait until it comes back online.  I could probably do it manually but I don't really care enough to go to the effort to find out how :).