Re: [pfSense] Network Traffic Monitoring w/o Webgui
I tried hunting this package down in the webgui this morning and I wasn't able to find it. I ended up going to shell and changing the environment variable 'PACKAGESITE' using the following command 'setenv PACKAGESITE http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/`uname -m`/packages-8.1-release/Latest/. Once done, I was able to install iftop no problem. (Credit for the command goes to nooblet.org) On to the Cacti comment; that's a really good idea Walter. Having a way to manage historical data would be great. I'm fairly new to the BSD world still, how difficult is it to piece together one of these solutions. I understand that the webgui helps quite a bit but initially I've heard monitoring solutions can be a bit of a nightmare to get working properly initially. Is this something that could or should be combined with a syslog type solution so that we're not only gathering network data but also logs/health from the routers themselves? Any tips here before I dive headlong into this? Thanks, James From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chuck Mariotti Sent: April-07-14 1:04 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Network Traffic Monitoring w/o Webgui It's been a few years, but a simple windows version... http://oss.oetiker.ch/mrtg/ From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Walter Parker Sent: April-07-14 2:06 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Network Traffic Monitoring w/o Webgui Sorry, FOSS = Free/Open Source Software (what MRTG, Linux, FreeBSD, pfSense are, as different from what Microsoft or HP sell) Cacti is a web based system, from http://www.cacti.net/, that uses the technology that powers MRTG to build a nice web based system that monitors network equipment. Unlike MRTG, which has to be configured by hand, Cacti allows you to add hosts through the web interface (like how pfSense does all the pf stuff through the web rather than requiring you to edit config files). It is pretty simple to setup, assuming you have a FreeBSD or Linux systems and can install the package or port. I've used it on networks to monitor all of the traffic on the routers, on the servers and even on the switch ports (that requires a switch with SNMP counters, usually known as a managed switch). There are also commercial systems that do the same thing, but they quickly become expensive (1000's to 10,000's dollars) as the size of your network grows. Walter On Mon, Apr 7, 2014 at 10:47 AM, Brian Caouette bri...@dlois.commailto:bri...@dlois.com wrote: What is Cacti? FOSS? On 4/7/2014 1:42 PM, Walter Parker wrote: I'd expect that you should be able to enable SNMP, set a non default password (please don't use public) and add a firewall rule to allow UDP on port 161 to/from your mrtg server. I'd recommend using Cacti as your mrtg server (if you want a FOSS solution). Walter On Mon, Apr 7, 2014 at 10:23 AM, Brian Caouette bri...@dlois.commailto:bri...@dlois.com wrote: What about using mrtg to graph the various interfaces? Does PF support this? On 4/7/2014 12:54 PM, Jim Pingle wrote: On 4/7/2014 12:29 PM, James Caldwell wrote: Happy Monday list... Does anyone have a preferred way of monitoring over all traffic throughput for various interfaces via shell/putty instead of having to remain logged in to the webgui? I have several alix based appliances that have had their ISP connections upgraded and I am trying to remain outside the web interface as much as possible due to the load that it puts on the system. Any thoughts or experience is appreciated. The iftop package is great for this. Install it from the GUI and then from the shell run it like so: iftop -nNpPi vr0 (Serving suggestion, salt to taste) Jim ___ List mailing list List@lists.pfsense.orgmailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.orgmailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.orgmailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.orgmailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Network Traffic Monitoring w/o Webgui
I've installed in the past. We had 2-3 years of data before we switched providers (and therefore need to start over). I will be installing on FreeBSD 10 in the near future and I plan on using the port at /usr/ports/net-mgmt/cacti. As I recall the docs are not too bad, and there is now a book out on it. The big thing you will need to do is enable SNMP on the pfSense routers (change the community string). Then on Cacti, add those systems as data sources. After 15 minutes, there will be enough data for the first graphs to show up. I'd use Cacti's grouping features to organize the routers into groups. If system running Cacti will talk to the pfSense routers from the WAN port, then you need to allow that on psSense. Once you get this working with the routers, you can get it working with your systems (FreeBSD, Linux, Windows). On Unix like systems, the SNMP daemon supports all sorts of features (CPU, Disk space, Processes running, even kicking off scripts). Cacti supports the basic modes and you can use the command snmpwalk to figure out what options you wosh to monitor, but note that there is a lot of information. Try not to get overwhelmed and stick to the simple stuff until you have a handle and then try adding pieces at time. On Tue, Apr 8, 2014 at 9:27 AM, James Caldwell jamescaldw...@hurricanecs.com wrote: I tried hunting this package down in the webgui this morning and I wasn't able to find it. I ended up going to shell and changing the environment variable 'PACKAGESITE' using the following command 'setenv PACKAGESITE http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/`unamehttp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/uname-m`/packages-8.1-release/Latest/. Once done, I was able to install iftop no problem. (Credit for the command goes to nooblet.org) On to the Cacti comment; that's a really good idea Walter. Having a way to manage historical data would be great. I'm fairly new to the BSD world still, how difficult is it to piece together one of these solutions. I understand that the webgui helps quite a bit but initially I've heard monitoring solutions can be a bit of a nightmare to get working properly initially. Is this something that could or should be combined with a syslog type solution so that we're not only gathering network data but also logs/health from the routers themselves? Any tips here before I dive headlong into this? Thanks, James *From:* List [mailto:list-boun...@lists.pfsense.org] *On Behalf Of *Chuck Mariotti *Sent:* April-07-14 1:04 PM *To:* pfSense Support and Discussion Mailing List *Subject:* Re: [pfSense] Network Traffic Monitoring w/o Webgui It's been a few years, but a simple windows version... http://oss.oetiker.ch/mrtg/ *From:* List [mailto:list-boun...@lists.pfsense.orglist-boun...@lists.pfsense.org] *On Behalf Of *Walter Parker *Sent:* April-07-14 2:06 PM *To:* pfSense Support and Discussion Mailing List *Subject:* Re: [pfSense] Network Traffic Monitoring w/o Webgui Sorry, FOSS = Free/Open Source Software (what MRTG, Linux, FreeBSD, pfSense are, as different from what Microsoft or HP sell) Cacti is a web based system, from http://www.cacti.net/, that uses the technology that powers MRTG to build a nice web based system that monitors network equipment. Unlike MRTG, which has to be configured by hand, Cacti allows you to add hosts through the web interface (like how pfSense does all the pf stuff through the web rather than requiring you to edit config files). It is pretty simple to setup, assuming you have a FreeBSD or Linux systems and can install the package or port. I've used it on networks to monitor all of the traffic on the routers, on the servers and even on the switch ports (that requires a switch with SNMP counters, usually known as a managed switch). There are also commercial systems that do the same thing, but they quickly become expensive (1000's to 10,000's dollars) as the size of your network grows. Walter On Mon, Apr 7, 2014 at 10:47 AM, Brian Caouette bri...@dlois.com wrote: What is Cacti? FOSS? On 4/7/2014 1:42 PM, Walter Parker wrote: I'd expect that you should be able to enable SNMP, set a non default password (please don't use public) and add a firewall rule to allow UDP on port 161 to/from your mrtg server. I'd recommend using Cacti as your mrtg server (if you want a FOSS solution). Walter On Mon, Apr 7, 2014 at 10:23 AM, Brian Caouette bri...@dlois.com wrote: What about using mrtg to graph the various interfaces? Does PF support this? On 4/7/2014 12:54 PM, Jim Pingle wrote: On 4/7/2014 12:29 PM, James Caldwell wrote: Happy Monday list... Does anyone have a preferred way of monitoring over all traffic throughput for various interfaces via shell/putty instead of having to remain logged in to the webgui? I have several alix based appliances that have had their ISP connections upgraded and I am
Re: [pfSense] Network Traffic Monitoring w/o Webgui
What about using mrtg to graph the various interfaces? Does PF support this? On 4/7/2014 12:54 PM, Jim Pingle wrote: On 4/7/2014 12:29 PM, James Caldwell wrote: Happy Monday list... Does anyone have a preferred way of monitoring over all traffic throughput for various interfaces via shell/putty instead of having to remain logged in to the webgui? I have several alix based appliances that have had their ISP connections upgraded and I am trying to remain outside the web interface as much as possible due to the load that it puts on the system. Any thoughts or experience is appreciated. The iftop package is great for this. Install it from the GUI and then from the shell run it like so: iftop -nNpPi vr0 (Serving suggestion, salt to taste) Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Network Traffic Monitoring w/o Webgui
What is Cacti? FOSS? On 4/7/2014 1:42 PM, Walter Parker wrote: I'd expect that you should be able to enable SNMP, set a non default password (please don't use public) and add a firewall rule to allow UDP on port 161 to/from your mrtg server. I'd recommend using Cacti as your mrtg server (if you want a FOSS solution). Walter On Mon, Apr 7, 2014 at 10:23 AM, Brian Caouette bri...@dlois.com mailto:bri...@dlois.com wrote: What about using mrtg to graph the various interfaces? Does PF support this? On 4/7/2014 12:54 PM, Jim Pingle wrote: On 4/7/2014 12:29 PM, James Caldwell wrote: Happy Monday list... Does anyone have a preferred way of monitoring over all traffic throughput for various interfaces via shell/putty instead of having to remain logged in to the webgui? I have several alix based appliances that have had their ISP connections upgraded and I am trying to remain outside the web interface as much as possible due to the load that it puts on the system. Any thoughts or experience is appreciated. The iftop package is great for this. Install it from the GUI and then from the shell run it like so: iftop -nNpPi vr0 (Serving suggestion, salt to taste) Jim ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list