Traffic analysis capabilities

[michmoor]

Hello everyone,
Strongly leaning going back to opnsense from pfsense for one main reason. I need some form of basic analytics when it comes to top talkers and reporting.  Right now I am hunting high bandwidth users on pfsense and there are absolutely no good tools for reporting of that info on pfsense. I see that OPNsense has a built in Netfllow collector which is peaking my interest greatly. How good is it?
I also see there is support for dns sinkholing now which is great. Can I add my custom white/black list?

[cookiemonster]

In my opinion the analytics are basic, points on a graph. No reporting attached to it, more of at a glance of what is happening at any given time. For data collection for anylysis later, separate tools are required ie graphana, etc.
That said, Netflow is good, just perhaps not what you need.
For DNS sinkholing you would be better served by using the AdGuard add-on, still running on OPN but not relying on Unbound block lists that can be in my opinion from what I've seen, temperamental.

[bunchofreeds]

I agree with @cookiemonster for anything real-time or near-time, this traffic view looks great in OPNsense but is quite hard to make use of.
There is also the Reporting>Insight (uses captured Netflow) that allows historical searching for heavy users of bandwidth.
It's pretty good and may do what you need?
You give it a date range on the details TAB, select an interface and then refresh. It orders the highest users within that range showing Service, Source, Destination and Bytes.