Hello all,
I have been reviewing NTOPNG as a potential solution, but it seems if I do not run it on the OPNsense platform I cannot gather all relevant info for subnets. Its only looking at the subnet where NTOPNG is running. Are you using NTOPNG as your solution or is there a better solution out there? I am trying to stay open source and free but am willing to pay some money to something that allows me visibility into my network.
If you are using NTOPNG, but have it on a seperate device/VM do you just mirror the firewall port to get all relevant info? In my use case I am running mostly vlans and they are connected to physical NICs on my OPNsense device(4 port NIC).
Thanks,
Steve
I use zabbix, I have the server on a Raspberry Pi 4, then there is the plugin for OPNsense. You can even install proxy plugin in case you want to retrieve info of devices on different vlans without opening the fw rules
Which network do you have your PI on?
Quote from: spetrillo on October 27, 2020, 05:41:50 PM
Which network do you have your PI on?
on a network I call "management network" in a dedicated interface of the OPNsense
Hobby/Private: Monit
Work: Icinga2
Quote from: siga75 on October 27, 2020, 05:49:07 PM
Quote from: spetrillo on October 27, 2020, 05:41:50 PM
Which network do you have your PI on?
on a network I call "management network" in a dedicated interface of the OPNsense
Ahh so you are using the default LAN interface, and then everything else is vlan on other interfaces? Are you using a switch to connect the LAN interface and the PI or are you directly connecting the PI to the physical interface of your OPNsense device?
Quote from: pmhausen on October 27, 2020, 05:54:44 PM
Hobby/Private: Monit
Work: Icinga2
How do you like Icinga2? I have heard good things about it.
Quote from: spetrillo on October 27, 2020, 06:03:56 PM
Quote from: siga75 on October 27, 2020, 05:49:07 PM
Quote from: spetrillo on October 27, 2020, 05:41:50 PM
Which network do you have your PI on?
on a network I call "management network" in a dedicated interface of the OPNsense
Ahh so you are using the default LAN interface, and then everything else is vlan on other interfaces? Are you using a switch to connect the LAN interface and the PI or are you directly connecting the PI to the physical interface of your OPNsense device?
Actually my configuration is a bit more complex, I have 2 interfaces in link aggregation and connected to a switch, this link is a trunk of several vlans. Then I have the management LAN untagged and connected to another switch. On this management network I have several stuff, my NTP servers, monitoring, openvas security scanner, and all management related stuff. But this is not significant, you can call it "default LAN" if you like
Quote from: spetrillo on October 27, 2020, 06:04:25 PM
How do you like Icinga2? I have heard good things about it.
Capable, complex, the engine scales very well, but we are not quite satisfied with the web interface. I you have hundreds of hosts, scheduling downtimes or acknowledging problems can get tedious.
We plan an internal project where we evaluate refactoring our Icinga configuration to leverage hierarchy and dependencies vs. switching to Zabbix.
It's all Ansible managed so we need a serious effort to improve the handling via UI.
HTH,
Patrick
If you're looking for something simple, like point to your switch SNMP details simple then try checkmk: https://checkmk.com/open-source-monitoring.html
Bart...
Quote from: bartjsmit on October 28, 2020, 10:56:39 AM
If you're looking for something simple, like point to your switch SNMP details simple then try checkmk: https://checkmk.com/open-source-monitoring.html
Bart...
Thanks for this. I am going to test it on my home virt lab.
Quote from: siga75 on October 27, 2020, 06:39:26 PM
Quote from: spetrillo on October 27, 2020, 06:03:56 PM
Quote from: siga75 on October 27, 2020, 05:49:07 PM
Quote from: spetrillo on October 27, 2020, 05:41:50 PM
Which network do you have your PI on?
on a network I call "management network" in a dedicated interface of the OPNsense
Ahh so you are using the default LAN interface, and then everything else is vlan on other interfaces? Are you using a switch to connect the LAN interface and the PI or are you directly connecting the PI to the physical interface of your OPNsense device?
Actually my configuration is a bit more complex, I have 2 interfaces in link aggregation and connected to a switch, this link is a trunk of several vlans. Then I have the management LAN untagged and connected to another switch. On this management network I have several stuff, my NTP servers, monitoring, openvas security scanner, and all management related stuff. But this is not significant, you can call it "default LAN" if you like
Yours is not very far off from mine. Originally I LACP'ed four physical links and then ran vlans on top. Now I have separated the LACP and running vlans on top of physical interfaces. My 'LAN' or default interface is not doing anything. Its just there so system services, like Unbound, can work properly. Not even running DHCP on it.
I might do as you indicate and put out a small switch to connect the LAN interface and my virtualization server. Then I can have the system services running there. My question to you is how you get Zabbix to discover the vlans and the devices on the vlans?
Thanks,
Steve
I don't know a way to discover new VLAN, but I am far to be an expert of zabbix
To discover new devices I opened the ping from zabbix server to any and configured zabbix like this (see attachment)
at work we use Zabbix, but i am switching away to Prometheus/Grafana.
OPNSense comes with node_exporter, so that shouldnt be too much of an issue :)
Quote from: Jhjacobs81 on November 05, 2020, 11:53:10 AM
at work we use Zabbix, but i am switching away to Prometheus/Grafana.
OPNSense comes with node_exporter, so that shouldnt be too much of an issue :)
How do you implement escalation notifications there? Is this possible with it?
To be honest, most our "escalation notifications" are non-existant.. But i believe Grafana/Prometheus do alerting, its still something im looking into :)
I've been using Nagios Core https://www.nagios.org/downloads/nagios-core/ (https://www.nagios.org/downloads/nagios-core/) for a few years in my RPi farm. Like most utilities, a little bit of planning (to structure the relationships of the "objects") goes a long way in juggling the reactions to the alerts! The plug-ins that do the monitoring are varied. I would recommend the solution for modest RPi farms if one can "buy" into the design/philosophy granularity.
There is an Enterprise version too with more active support + community but I have not used it.
Hi Bart, how can I implement in OPNsense? Thank you so much!
Quote from: spetrillo on November 04, 2020, 05:44:53 PM
Quote from: bartjsmit on October 28, 2020, 10:56:39 AM
If you're looking for something simple, like point to your switch SNMP details simple then try checkmk: https://checkmk.com/open-source-monitoring.html
Bart...
Thanks for this. I am going to test it on my home virt lab.
Quote from: mayo on January 05, 2021, 06:24:38 AM
Hi Bart, how can I implement in OPNsense? Thank you so much! Quote from: spetrillo on November 04, 2020, 05:44:53 PM
You would run a separate instance of Checkmk that runs SNMP queries against OPNsense. Although the Checkmk website states compatibility with "unix-like" systems, all the download links are for Linux and Docker. I don't know of any ports to FreeBSD.
I think you'll need to spin up a separate server for it, rather than be able to integrate it into your firewall.
Bart...