Training: Monitoring and Packages
📘 Netgate pfSense Training — Module 11
System Monitoring, Logging, and the Package System
Learning Objectives
By the end of this module, you should be able to:
| Objective | Description |
|---|---|
| Monitor system health | Use built-in Status pages, Traffic Graphs, and RRD Graphs to observe system performance. |
| Configure logging | Access system logs and export them to an external log aggregation server. |
| Understand SNMP | Enable and use SNMP for remote monitoring and integration with NMS tools. |
| Manage packages | Install, update, and remove packages to extend pfSense functionality. |
| Evaluate package maturity | Interpret version numbers (e.g., 0.x = young package) and assess stability. |
System Monitoring
Status Pages
pfSense provides many built-in Status pages that give real-time and historical insight into system behavior:
- Dashboard — customizable overview with widgets for system info, interfaces, services, and gateways.
- Traffic Graph — live view of traffic per interface.
- RRD Graphs — historical data for CPU, memory, interface traffic, packets, states, and quality.
- System Logs — consolidated logging for the firewall, DHCP, DNS, VPN, and other services.
RRD Graphs
RRDtool is integrated into pfSense to store and graph time-series data. Available graphs include:
| Category | Metrics |
|---|---|
| System | CPU usage, memory usage, swap usage, load average |
| Traffic | Inbound/outbound bytes and packets per interface |
| Packets | Passed, blocked, and error packet counts |
| Quality | Gateway latency and packet loss over time |
| States | Current firewall state table size |
SNMP Monitoring
pfSense includes an SNMP service (via bsnmpd) that allows remote monitoring with tools such as:
- Zabbix
- Nagios / Icinga
- Cacti
- PRTG
- LibreNMS
Enable SNMP under Services → SNMP and configure community strings, traps, and binding interfaces as needed.
Logging
System logs are available under the Status → System Logs menu. Key capabilities:
- View logs by category (Firewall, DHCP, DNS Resolver, VPN, etc.)
- Adjust log verbosity and retention
- Export logs to an external log aggregation server (e.g., Syslog, Graylog, ELK stack, Splunk) for centralized analysis
Package System
Overview
The Package System extends pfSense beyond the base installation. Packages are installed from the official Netgate repository via System → Package Manager.
Common and Popular Packages
| Package | Purpose | Category |
|---|---|---|
| pfBlockerNG | IP and DNS-based blocking for geo-location, threat feeds, and ad blocking | Security / Filtering |
| Suricata | High-performance Network IDS/IPS with rule-based threat detection | Security |
| Snort | Network intrusion detection and prevention system | Security |
| HAProxy | TCP/HTTP load balancer and reverse proxy | Traffic Management |
| Squid / SquidGuard | Web proxy with content filtering and access control | Proxy / Filtering |
| pfSense-pkg-FRR | Routing protocols (BGP, OSPF, RIP) | Routing |
| ntopng | Network traffic probe and flow analysis | Monitoring |
| NRPE / Zabbix Agent | Client agents for remote monitoring integration | Monitoring |
| ACME | Automatic SSL/TLS certificate issuance via Let's Encrypt | Certificates |
| Telegraf | Metrics collection agent for InfluxDB/Prometheus | Monitoring |
Package Installation Best Practices
- Pay attention to version numbers! A version of 0.n typically indicates a young or experimental package.
- Install packages only from the official repository or trusted sources.
- Use Backup / Restore to preserve package states for reinstallation after upgrades.
- Review package documentation before installing in production.
Backup and Restore for Packages
pfSense's built-in backup system includes an option to reinstall packages automatically after a restore. Ensure this option is enabled under Diagnostics → Backup