pfsense Monitoring (rate vs. darkstat vs. bandwidthd)

So now that we have our first pfsense box up and running, I’ve been comparing and contrasting what options I have as far as monitoring goes.  I’ve loaded rate and darkstat on one box and bandwidthd  on another.

I’ve had a lot of trouble with rate.  It installs ok, but it seems temperamental in regards to browser. (Firefox seems to work way better then IE here.) This may be due to the requirement for the Adobe SVG viewing plugin, but I can’t really tell.  Unlike the other two tools that add themselves as new option to the menus, rate plugs into the built in Status –> Traffic Graph item.  When it’s working it’s ok, but the numbers seem to change so fast that it’s not as useful as the other tools which are more focused on long term trending.  As Adobe has discontinued support for the Adobe SVG viewer I’d probably lean away from this tool anyhow.

darkstat is nice, but as it runs on port 666 it’s generally something I only open up from the inside interface.  That limits it a bit for me as I do a fair amount of remote monitoring.  However, it has a “hosts” page which breaks down traffic by IP which is very useful.  You can even sort by traffic in, traffic out and total traffic. You can find it under diagnostics, darkstat.

 image courtesy of the dartstat website

 

bandwithd is probably my favorite of these tools.  It’s nests itself under the https port so you can use it remotely. It drops your top 20 IP’s in a list for easy inspection and it breaks the traffic down into individual graphs for a variety of services.

As you can see there are quite a few options to slice data in pfsense.  The built in Status –> RRD Graphs are also excellent for long term trending.  pfsense has proven to provide more capabilities in regard to traffic monitoring and collection then I had with my old PIX.

Happy firewalling!