OPNsense Forum
English Forums => General Discussion => Topic started by: beneix on February 26, 2023, 12:34:48 pm
-
I am a relative newcomer to OPNSense. I use it in a home network setting and have modest hardware (APU2E4 with 4-core AMD GX-412TC SOC, 4GB RAM). I have a couple of questions relating to keeping an eye on traffic:
1. Are there any add-on solutions to improve the reporting/visibility of traffic, for example to see common web sites for outgoing traffic from a specific LAN IP? Any solution needs to either work on my modest hardware or on e.g. a RPi on the LAN, or on my QNAP x86 with Celeron 4-core J3455 and 8GB RAM. I have investigated ELK etc. but it seems these are too HW-demanding.
2. The other day my QNAP reported a suspicious connection attempt, even though I don't believe there should be a way for traffic from the WAN to get through the OPNSense FW. To check, I went to the OPNSense FW log file, plain view, and searched for the external IP of the suspicious attempt. That just left the interface saying "Loading..." forever. Initially, CPU use was quite high, but even after it had dropped back to ~5% the log file search screen still said "Loading...". The same happens if I search on an interface, such as wg1. Why is this?
-
Ad 1. Check out LibreNMS https://www.librenms.org/ which will run on a Pi or a docker container on QNAP.
Ad 2. If you don't have a port forwarding rule, there is no way to directly access your NAS from the outside. If these attempts are predictable (same time, source IP, etc.) you can run a packet capture to get more info.
Bart...
-
Thanks Bart. On my second question, I was really wondering why typing an interface name or partial IP address into the search field on the plain firewall log sends the GUI into an endless "Loading..." loop.
I will look at LibreNMS. Does that log all traffic for later inspection?
I have also done some further research and am considering using telegraf on OPNSense to send data to an influxDB on the QNAP and then use Grafana on a laptop to interrogate the influxDB. That way, I am thinking I can leverage the CPU and RAM of the laptop just when I want to get the analytics but keep collecting the underlying data on the QNAP without straining either the QNAP or the OPNSense box.
-
I will look at LibreNMS. Does that log all traffic for later inspection?
No. It logs SNMP counters of your traffic, not the traffic itself.