Hi Michael,
Yes, they are quite pretty to look at. I am not entirely sure why people are so much in love with them because many dashboards out there (not talking about anything specifically) do not transport much information. They just show that the “system is busy”. I am not sure whether that is useful information or not.
IPFire doesn’t have a very pretty stats section, but it does the job. The main job is to show what has happened over time. That is in recent history like “last week” or “yesterday” so that problems with the system can be spotted very easily; and showing trends over time so that people can see if bandwidth usage has “doubled” over a year or so. That would be information I care about.
We have a thing called collecty which is supposed to achieve that in IPFire 3. It collects various system statistics, but you can probably add unbound and some other sources, too. It is written in Python which makes it easier to extend - although it has a little C module to talk to hard drives. It potentially could be ported to IPFire 2.
Maybe it is worth having a look at that. IPFire 2 right now has loads of different scripts and tools that collect statistics. It would be nice to have this all in the same place and use it where ever we want to present this data.
Here is the code:
This is an example graph in SVG:
Right now, there is no mechanism to get the raw data, but that is trivial to add. We could store the last hour with a really high resolution to make JS graphs looks nice, too.
-Michael
I'm not saying current graphs don't do their job, I just wanted to integrate the graphs in the theme nicely, and in order to do so I need raw data; so I can have the graphs drawn by the framework.
This also means it'll be fairly easy to save lots of data (in a relational database), which can be queried easily. Then you can show trends over years, because saving a few numbers in a database is not very expensive in terms of performance and storage.
I agree on the single stats gathering entity, this makes it easier to maintain. The reason I'm so interested in the WUI, is that I want to be able to see what's happening on the network and be able to respond to that. For example if I'm seeing lots of egression to countries I don't trust, I want to be informed (automatically) and confirm the behavior in the WUI. As for DNS, if someone is visiting lots of untrustworthy sites, I'd like to be able to see that. Maybe I'm just curious out of bounds, that's possible too 😉 Plus I like to tinker, unbound stats was just a quick way of getting DNS stats, the dnstap plugin logs way more (async, so it shouldn't affect performance too much). That info can be stored in a database and queried whenever.
Finally there's the question of out-of-date information, is a cron job frequent enough to manage the network or should on-demand info be acquired for research? It all depends on the way the data, or information if you will, is going to be used.
I just thought DNS stats would be the easiest to gather, since the command provided me with simple stats. What stats and information is required for business still requires research, but since pihole stats were so popular I thought it would make for a good start. But I think firewall and IDS stats would be even more interesting for people to see/monitor.
Anyways, just thinking out loud here, from a SIEM point of view it seemed reasonable to also investigate DNS behavior. 😊 I will have a look at the collect solution and c-binary one.
Thanks for all the pointers!
Cheers,
Rachid