LibreNMS ability to sniff interface packets

Dru_Mi · 6 June 2019 12:50

I’m curious if LibreNMS has the ability to ‘monitor’ inbound and outbound traffic from the wan interface on our Cisco 1921 routers. I’ve had LibreNMS up and running for about 9 months now and have enabled alerting for outages on specific devices but now I’m tasked with cleaning up clusterf*ck that is our infrastructure. We have DNS zones that appear to have not been in use for some time and I’d like to monitor all in/out traffic to see if any IP addresses associated with those zones are still being accessed. I know I can export traffic from our routers and dive through that using wireshark but I need something that’s running 24/7 (buffer on the router gets full too fast).

anyone know if this type of setup is available in Librenms?

murrant · 6 June 2019 13:13

You can try nfsen, it integrates with LibreNMS.

SniperVegeta · 6 June 2019 13:32

Os maybe:

is it ( if u log syslog)
DNS -> ‘DNS_IP_HERE’ inquire ‘name here’

So u can make alert who is using DNS X to inquire Y
?

Dru_Mi · 6 June 2019 14:38

Interesting, never heard of this. The install and config page on this seems to show that it has it’s own UI. I don’t see anything about integrating with LibreNMS.

Kevin_Krumm · 6 June 2019 16:35

see the docs https://docs.librenms.org/Extensions/NFSen/

Dru_Mi · 6 June 2019 16:51

Awesome, thanks for this.