Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Some newbie questions about monitoring traffic
« previous
next »
Print
Pages: [
1
]
Author
Topic: Some newbie questions about monitoring traffic (Read 863 times)
beneix
Newbie
Posts: 45
Karma: 2
Some newbie questions about monitoring traffic
«
on:
February 26, 2023, 12:34:48 pm »
I am a relative newcomer to OPNSense. I use it in a home network setting and have modest hardware (APU2E4 with 4-core AMD GX-412TC SOC, 4GB RAM). I have a couple of questions relating to keeping an eye on traffic:
1. Are there any add-on solutions to improve the reporting/visibility of traffic, for example to see common web sites for outgoing traffic from a specific LAN IP? Any solution needs to either work on my modest hardware or on e.g. a RPi on the LAN, or on my QNAP x86 with Celeron 4-core J3455 and 8GB RAM. I have investigated ELK etc. but it seems these are too HW-demanding.
2. The other day my QNAP reported a suspicious connection attempt, even though I don't believe there should be a way for traffic from the WAN to get through the OPNSense FW. To check, I went to the OPNSense FW log file, plain view, and searched for the external IP of the suspicious attempt. That just left the interface saying "Loading..." forever. Initially, CPU use was quite high, but even after it had dropped back to ~5% the log file search screen still said "Loading...". The same happens if I search on an interface, such as wg1. Why is this?
Logged
OPNsense 24.7.7-amd64 on APU2E4 using ZFS
bartjsmit
Hero Member
Posts: 1999
Karma: 193
Re: Some newbie questions about monitoring traffic
«
Reply #1 on:
February 27, 2023, 10:03:13 am »
Ad 1. Check out LibreNMS
https://www.librenms.org/
which will run on a Pi or a docker container on QNAP.
Ad 2. If you don't have a port forwarding rule, there is no way to directly access your NAS from the outside. If these attempts are predictable (same time, source IP, etc.) you can run a packet capture to get more info.
Bart...
Logged
beneix
Newbie
Posts: 45
Karma: 2
Re: Some newbie questions about monitoring traffic
«
Reply #2 on:
February 28, 2023, 07:51:19 am »
Thanks Bart. On my second question, I was really wondering why typing an interface name or partial IP address into the search field on the plain firewall log sends the GUI into an endless "Loading..." loop.
I will look at LibreNMS. Does that log all traffic for later inspection?
I have also done some further research and am considering using telegraf on OPNSense to send data to an influxDB on the QNAP and then use Grafana on a laptop to interrogate the influxDB. That way, I am thinking I can leverage the CPU and RAM of the laptop just when I want to get the analytics but keep collecting the underlying data on the QNAP without straining either the QNAP or the OPNSense box.
Logged
OPNsense 24.7.7-amd64 on APU2E4 using ZFS
Patrick M. Hausen
Hero Member
Posts: 6604
Karma: 560
Re: Some newbie questions about monitoring traffic
«
Reply #3 on:
February 28, 2023, 09:36:22 am »
Quote from: beneix on February 28, 2023, 07:51:19 am
I will look at LibreNMS. Does that log all traffic for later inspection?
No. It logs SNMP
counters
of your traffic, not the traffic itself.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Some newbie questions about monitoring traffic