The situation at work was that there was an increase of upload throughput overnight on a 1Gbps DIA circuit. Using Palo Alots ACC it was just a matter of reviewing the timestamp and seeing top talker activity and what application was identified. Simple after that to trace the owner of the server.
Now I know pfsense does not have any built-in tool for historical bandwidth tracking (bandwidthd does not count and ntopng is ok-ish for active flows) but it does have the ability to send to an sflow collector.
Can anyone recommend a collecter to try for demo purposes? I see Scrutinizer but i have to provide info to marketing. ugh. Any other choices out there?
