Ad Widget

**mitchm** · 11-01-2009, 13:56

Can anyone answer this question for me?

**Tenzer** · 12-01-2009, 10:16

Zabbix can handle loads of things, but it all depends on what information the source can put out, and if you can get that information from a linux/unix shell. If you are able to get the requested information in the shell, then you should be able to get it into Zabbix, which then can make graphs, history, etc. on the informations.

**mitchm** · 12-01-2009, 13:22

Well I have the Zabbix client running on the PFSense box, how do I monitor traffic by IP with that?

**Calimero** · 12-01-2009, 16:13

You could also you SNMP to get metrics from PFSense (from what I've read).

google: pfsense snmp

And there's a PFSense template on zabbix' wiki which may spare you hours of typing.

http://www.zabbix.com/wiki/doku.php?...ates&s=pfsense

**mitchm** · 12-01-2009, 16:21

Is there a howto on using the template anywhere? I have it installed, but see no option to monitor web traffic. The only web stuff I see requires me setting up 'steps' and I have no clue what those are.

**Calimero** · 12-01-2009, 16:42

I guess you're talking about zabbix' Web feature ?

That's for monitoring Web pages availability.

First step for you I think is on PFSense: find out how you can extract any useful information (be it through SNMP, scripting, ...) and then try and think how to load it into zabbix (which won't probably be a big issue).

**mitchm** · 12-01-2009, 16:47

My PFsense machine has the Zabbix client installed on it.

Can I just use that to monitor the traffic flow by IP address?

**Calimero** · 12-01-2009, 16:57

Yes, out-of-the-box zabbix_agent can monitor trafic per interface

net.if.in[<interface,<mode>]
and
net.if.out[<interface>,<mode>]

<interface> : interface name (eth0, eth1...)
<mode>: metric you want. can be bytes, packets, errors, dropped

You'll typically want to start with net.if.in[eth0,bytes] and net.if.out[eth0,bytes] (and use custom multiplier = 8 to get Mbits/s instead of MBytes/sec). Remember to set "Store value = Delta (speed per second)" to get throughput instead of the cumulative amount.

**mitchm** · 12-01-2009, 17:23

Would you be able to tell me where I set this up with the web interface for Zabbix?

**Calimero** · 12-01-2009, 17:35

Configuration > Items.
Choose your PFSense host in the Hosts dropdown list (upper right corner).
Then click "Create item".

**mitchm** · 12-01-2009, 17:53

When I create the item there is a section called 'Applications and I can select pfsense interaces, states, loginterfaces etc.

Which should I chose? Or can I choose them all?

**Tenzer** · 13-01-2009, 10:22

mitchm, just to clarify for you... Zabbix doesn't as such "find" the information you want to see, it rather just "collects" it. If you need to find out how to monitor the amount of traffic there's running to/from a certain IP address, you should probably ask on pfsense's forum about how to find that information in the first place.

When you have found out how to generate that information, we could possibly be of help on how to get it into Zabbix, which then can monitor the values and create graphs and histories of the information.

**mitchm** · 13-01-2009, 13:31

Originally posted by Tenzer

mitchm, just to clarify for you... Zabbix doesn't as such "find" the information you want to see, it rather just "collects" it. If you need to find out how to monitor the amount of traffic there's running to/from a certain IP address, you should probably ask on pfsense's forum about how to find that information in the first place.

When you have found out how to generate that information, we could possibly be of help on how to get it into Zabbix, which then can monitor the values and create graphs and histories of the information.

I appreciate the help you guys are giving me.

I have found that I can enable SNMP and pfflowd on my PFSense firewall. And what I did was installed a program called NetFlow Analyzer and was able to see the traffic by IP. However I don't believe NetFlow showed the information correctly. I say this because I made one of my PC's start downloading an openSUSE iso and the NetFlow showed that machine getting some of the traffic, but not as much as it should have been.

**troffasky** · 13-01-2009, 13:35

Originally posted by mitchm

Something similar to pftop but with an easier to use web based interface so I don't even have to ssh into the Linux machine but rather pull up a web frontend.

Have you looked at Ntop?

Can Zabbix handle this?

As others have mentioned, you'll need to get the data out of pfsense, and format it so that you can do something clever with it in Zabbix. I reckon you'd be a lot better off doing something with Ntop, because you'll probably spend hours and hours getting it working in Zabbix, and ending up with something that's not quite as good as Ntop :-)

Ad Widget

Can Zabbix Do This

Can Zabbix Do This

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment