In Part One of this series, we established a working definition of our target, i.e. what has to be done, and in what order, to Cerberus the lowly IDS firewall to make it a UTM Appliance. In Part Two, we started the conversion by installing and configuring multi-WAN support, Squid, IDS and anti-virus features. In Part 3, we added and configured Content Filtering, Traffic Control, Load Balancing and Failover.
In this last part, we'll wrap things up with Monitoring and Logging configuration, performance testing, final grading and reflection on the whole process.
Monitoring and Logging
There are numerous packages for logging and interfaces to external monitoring packages, summarized in Table 1.
Capability | Explanation | Features |
---|---|---|
Built-in Logging | Protocols for logging system events | SNMP, Syslogd, WebGui |
RRD Graphs | System Resources Graphic Monitoring Tool | CPU Load, Traffic Throughput, Quality Handling, and Shaping Queues |
Snort | Alert Tracking and Status | Barnyard2 package interface, Dashboard Widget |
Squid | Web and Cache statistic | LightSquid |
System Status | Hardware and Package Status | Dashboard, PHPsysinfo, WebGui, BandwidthD |
External Interfaces | Monitoring and Management Agents | Zabbix, Radius, ntop |
Table 1: Logging and monitoring packages
Several of these are built in, RRD Graphs are available is available from the Status menu, SyslogD can be configured there too, under Status->System Logs->Settings. SNMP is a built-in, find it under Services->SNMP.
Installing the others is straightforward, and can be found in the packages menu, these include LightSquid, BandwidthD, PHPsysinfo, and the Dashboard, including several dashboard widgets (Snort, Havp status). The interface to Barnyard2 is included with Snort.
The only issue with a couple of these packages, LightSquid, ntop and BandwidthD, is that they are not fully integrated into the pfSense webGui - the pfSense banner and menus disappear, but backing out of the reports will lead you back to the web GUI.
Here are some screenshots of some of the logging and reporting options: