Historical monitoring

[gsanchietti]

Historical monitoring allows the user to see how the firewall is behaving.
Since the firewall does not have enough storage space to retain such data, the statistics are sent to the controller and visible inside Grafana.

Retention: 1 month (configurable if possible)

Below are listed the possible dashboards.

Network Traffic

All Networks

• Total Daily Traffic Counter
• Daily Traffic Chart Histogram
• Traffic by Protocol Table + Graph
• Traffic by Application Table + Graph
• Remote Hosts Traffic Table + Graph
• Local Hosts Traffic Table + Graph

Single Host

• IP Address
• Hostname
• Total Daily Traffic Counter
• Daily Traffic Chart Histogram
• Traffic by Protocol Table + Graph
• Traffic by Application Table + Graph
• Remote Hosts Traffic Table + Graph

Connectivity

• List of Connectivities Interface name and device
• Connectivity Trend Table or equivalent (Connectivity over time)
• Current Status & Last 3 Downtime Dates

Per Connectivity

• Daily Traffic Amount
• Graphs (aligned and with same dimensions for correlation):
  • WAN Traffic Graph
  • Latency Graph to 2 Public Hosts (e.g., 8.8.8.8, 1.1.1.1)
  • Drop Rate Graph to 2 Public Hosts (e.g., 8.8.8.8, 1.1.1.1)

VPN

For Each RW Server:

• Hourly User Connections Histogram
• Total VPN-RW Traffic (Traffic per tunrw section)
• Top Traffic Users (Traffic per tunrw section)
• Total Client Traffic per Hour
• Traffic per Client per Hour

Security

• Total Number of Blocked Packets for the Day
• Number of Blocked Packets per Hour
• Malware by Direction Pie Chart (In/Out)
• Malware by Category Pie Chart
• Malware Geomap
• Number of Blocked Attacker IPs per Day
• List of Most Blocked Attacker IPs
• Blocked Attacker IPs per Hour Graph
• Attack Geomap

Other changes:

• send data to the controller only if a subscription is enabled
• add documentation to the administrator manual
• bump controller UI version
• bump controller version
• include latest controller version inside ns8-nethsecurity-controller

See also:

• NethSecurity Controller: add monitoring feature dev#7035

[gsanchietti]

Test case

• On NS8, install the latest version of the controller, follow the test case 1
• Configure the controller and make sure to set a valid Max Mind license during the configuration phase
• Install NethSecurity using the image 8-23.05.5-ns.1.2.99-alpha1-29-gadbb0fcc56 or newer
• On the NethSecurity, execute this command to circumvent the controller version check:

  version=2.0.0; sed -i '/^Package: ns-api$/,/^Version:/ s/^Version: .*/Version: '"$version"'/' /usr/lib/opkg/status
  

• Register the machine with a valid subscription, make sure the controller has a valid subscription too
• Connect the NethSecurity to the controller using the "Controller" page
• Wait at least 15 minutes for the unit to send data to the controller
• Access Grafana inside the controller, verify that all dashboards are working correctly

[github-actions]

Testing image version: 8-23.05.5-ns.1.2.99-alpha1-35-g294b21145f

[Tbaile]

Everything works fine, if the blessing from dpireport comes around