How to achieve a Traffic Analysis presentation similar to Ubiquiti EdgeMAX?

Started by verulian, August 09, 2022, 10:12:37 AM

Previous topic - Next topic
I need to figure out a way to achieve a friendly at-a-glance traffic analysis tool-like presentation of host traffic utilization similar to the Ubiquiti EdgeMAX "Traffic Analysis" tab in OPNsense:

If you hover over any of these hosts you will also see a presentation of the various services that EdgeMAX is able to detect and how much bandwidth each is using by known protocols or services and sites. Example:

How can I achieve something similar here in OPNsense?

Possibly with this:
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Thank you. That looks really interesting. I suppose I am in a pickle though since I needed to integrate it directly on OPNsense itself. I suppose I will rethink my strategy and probably run OPNsense through a virtual machine since I don't think I'm going to be able to get by with additional hardware presently due to some limitations out of my control.

You can run this on a Linux VM anywhere ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Very true, but (given some peculiar circumstances I'm dealing with) I have to run everything from a single server machine. I simply don't have the luxury to isolate OPNsense and a Linux system to do both tasks. I guess Proxmox or ESXI will end up being required. Had hoped to keep OPNsense in a dedicated setup, but it's just not going to be permitted for this scenario. Either that or I just have to go ahead and go back with Ubiquiti's solution and dump OPNsense for this particular scenario.  :'(

I guess I foobarred this since I went in selling OPNsense as being everything and more than Ubiquiti's EdgeMax distribution offerings on the monitoring and visualization front.

Sorry, but one does not simply run long-term logging and visualisation on the firewall device itself. But you do you, I guess.

About every commercial offer requires a dedicated admin server installation, first and foremost Ubiquiti - if you want to use any of the advanced "insight" features.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

I am confused by your disdainful tone here. I would suppose that the customer base for Ubiquiti and other similar devices is at least in the tens of thousands if not hundreds of thousands or more. This is a common functionality and for you to relegate it as you have really is strange and shocking. Do you really have the best interest of OPNsense in your heart??? Your remark does not feel objective here.

Have you not seen EdgeMAX administrative interfaces before? It's okay if you have not, but I don't think you should be so quick to discount and poo poo such things as you feel to have done.

Thank you for your time. I will think about this and probably just go back to EdgeMAX for this particular situation after this kind of interaction for this particular use case scenario since I need this functionality in an integrated fashion.

I run multiple switches and access points from Ubiquiti and all require the UNMS installed somewhere in the network to do anything useful. If there's yet another product line bei UI that I have not yet layed my hands on, I apologize.

It is my general experience that most commercial solutions indeed require a dedicated management and monitoring workstation.

And it is my advice not to perform long term logging on any device but always use a dedicated loghost.

Sorry if that came a cross as condescending.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)