I am looking for a package that will log the bandwidth used, both download and upload, by device on my network. Most of my devices have static IP addresses.
I would like to know:
how much download and upload each device is transferring from and to the WAN (internet)
daily, weekly, and monthly graphs / charts would be nice
big plus would be the ability to notify me if a certain device goes over a threshold (ie. 100GB)
Any recommendations on a pfsense package that can do this?
Pfsense isn’t the tool for this.
Use Netflow with a netflow collector.
Any addon tool for Pfsense quite honestly wouldn’t br adequate for what you are asking
Try out ntopng. It frankly does more than what you’re asking for because it will identify specific applications being used, but you should be able to add up all traffic per client. The free license should be fine for you.
While pfsense does have NTOP it may not be as full featured as you are looking for. If you are using pfsense+ 24.03 it does have Netflow & IPFIX export options
Thanks @LTS_Tom for the suggestions.
I just went through your ntopng video and set this up on pfsense. After configuring with the settings you suggested, I started to play around with the interface. At the top header next to the real-time download/upload graph, I see some alert icons. ‘Alerted Flows’ and ‘Dangerous Flows’. Looking at each page, its a bit confusing. Not sure if I should be concerned or not.
If I hover over the yield icon under the ‘Protocol’ column, it states what the alert type is - I put these in parenthesis () below.
Here are some examples:
“Alerted Flows”
“Dangerous Flows”
I did some Googling on these alerts and I couldn’t find much discussion about them, just some help pages ntopng. Do you have any videos or forum discussions about these Alerts? Any thoughts on this?
Thank you.
I have not really dug into those, but I assume it labels unidentired traffic as dangerous as it does not match any built in patterns.