Darkstat
3.1.1
Diagnostics: Darkstat
darkstat
darkstat.sh
darkstat
Darkstat bandwidth monitoring daemon
installedpackages->package->$packagename->configuration->settings
/etc/inc/priv/
- https://packages.pfsense.org/packages/config/darkstat/darkstat.priv.inc
Darkstat Settings
/pkg_edit.php?xml=darkstat.xml&id=0
Access Darkstat
http://$myurl:666
enabled
Enable darkstat
enable
checkbox
Interface(s) to capture traffic on
capture_interfaces
(Default is LAN.)
]]>
interfaces_selection
loopback
3
true
lan
true
Darkstat web interface should listen on
bind_interfaces
(The default is to listen on all interfaces.)
]]>
interfaces_selection
3
true
Enable the "local network" feature
localnetworkenable
(The default behaviour is to only graph traffic to and from the local host.)
]]>
checkbox
localnetworkonly
localnetworkonly
Make the web interface ONLY display hosts on the "local network"
localnetworkonly
will only display hosts on the "local network" defined below.
]]>
checkbox
Define a "local network"
localnetwork
Traffic from/to the network/netmask of the selected interface will be considered as "local network".
interfaces_selection
(wan|loopback)
Do not use promiscuous mode to capture
nopromisc
or may later enter promiscuous mode, due to circumstances beyond darkstat's control.
This cannot be used when the "local network" feature is enabled above.
]]>
checkbox
Do not resolve IPs to host names
nodns
as an extra process is created for DNS resolution.
]]>
checkbox
Do not display MAC addresses in the hosts table
nomacs
checkbox
Do not display the last seen time in the hosts table
nolastseen
checkbox
Maximum hosts count
hostsmax
This is used to limit how much accounting data will be kept in memory.
(If filled in, the number must be greater than 'Maximum number of hosts to keep' below.)
]]>
input
5
Maximum number of hosts to keep
hostskeep
we clean out the hosts table, keeping only the top number of hosts, sorted by total traffic.
(If filled in, the number must be lower than 'Maximum hosts count' above.)
]]>
input
5
Maximum ports count
portsmax
This is used to limit how much accounting data will be kept in memory.
(If filled in, the number must be greater than 'Maximum number of ports to keep' below.)
]]>
input
5
Maximum number of ports to keep
portskeep
(If filled in, the number must be lower than 'Maximum ports count' above.)
]]>
input
5
Advanced traffic filtering options
advfilter
Example 1: We only want to account for SSH traffic.
Filter expression: port 22
Example 2: We don't want to account for traffic between internal IPs.
Filter expression: not (src net 192.168.0 and dst net 192.168.0)
NOTE: Filter syntax is beyond the scope of this description; please refer to
tcpdump(1),
pcap-filter(7)
and darkstat(8)
documentation.
WARNING: You are completely on your own with this! If misconfigured, darkstat will malfunction or even not start at all.
]]>
textarea
base64
65
5
0) && ($hostsmax > $hostskeep)) {
$start .= " --hosts-max {$hostsmax}";
}
if (($hostskeep > 0) && ($hostskeep < $hostsmax)) {
$start .= " --hosts-keep {$hostskeep}";
}
$portsmax = $darkstat_config['portsmax'];
$portskeep = $darkstat_config['portskeep'];
if (($portsmax > 0) && ($portsmax > $portskeep)) {
$start .= " --ports-max {$portsmax}";
}
if (($portskeep > 0) && ($portskeep < $portsmax)) {
$start .= " --ports-keep {$portskeep}";
}
$advfilter = $darkstat_config['advfilter'];
if ($advfilter != "") {
$start .= " -f " . escapeshellarg(base64_decode($advfilter));
}
write_rcfile(array(
"file" => "darkstat.sh",
"start" => $start,
"stop" => "/usr/bin/killall darkstat"
)
);
/* If the service is (being) disabled, stop it (if running) and do nothing else */
if (!($darkstat_config['enable'])) {
if (is_process_running("darkstat")) {
stop_service("darkstat");
}
return;
} else {
restart_service("darkstat");
}
conf_mount_ro();
}
function validate_input_darkstat($post, &$input_errors) {
if (($_POST['port']) && ($_POST['port'] < 1 || $_POST['port'] < 65535 || !is_numericint($_POST['port']))) {
$input_errors[] .= gettext("The value for 'Maximum number of ports' to keep' must be a positive integer between 1 and 65535.");
}
if (($_POST['hostsmax']) && ($_POST['hostsmax'] < 1 || !is_numericint($_POST['hostsmax']))) {
$input_errors[] = gettext("The value for 'Maximum hosts count' must be a positive integer.");
}
if (($_POST['hostskeep']) && ($_POST['hostskeep'] < 1 || !is_numericint($_POST['hostskeep']))) {
$input_errors[] .= gettext("The value for 'Maximum number of hosts to keep' must be a positive integer.");
}
if ($_POST['hostsmax'] || $_POST['hostskeep']) {
if ($_POST['hostsmax'] <= $_POST['hostskeep']) {
$input_errors[] .= gettext("'Maximum hosts count' must be greater than 'Maximum number of hosts to keep'.");
}
}
if (($_POST['portsmax']) && ($_POST['portsmax'] < 1 || !is_numericint($_POST['portsmax']))) {
$input_errors[] .= gettext("The value for 'Maximum ports count' must be a positive integer.");
}
if (($_POST['portskeep']) && ($_POST['portskeep'] < 1 || !is_numericint($_POST['portskeep']))) {
$input_errors[] .= gettext("The value for 'Maximum number of ports' to keep' must be a positive integer.");
}
if ($_POST['portsmax'] || $_POST['portskeep']) {
if ($_POST['portsmax'] <= $_POST['portskeep']) {
$input_errors[] .= gettext("'Maximum ports count' must be greater than 'Maximum number of ports to keep'.");
}
}
if ($_POST['localnetworkenable'] && $_POST['nopromisc'] != "") {
$input_errors[] .= gettext("'Do not use promiscuous mode to capture' cannot be used when the 'local network' feature is enabled.");
}
if ($_POST['localnetwork']) {
$int = convert_friendly_interface_to_real_interface_name($post['localnetwork']);
$ip = find_interface_ip($int);
if (!is_ipaddrv4($ip)) {
$input_errors[] .= gettext("The selected 'local network' interface has no IPv4 configured. Configured IPv4 is required.");
}
}
if (($post['advfilter']) && !preg_match("/^[a-zA-Z0-9\+\-\=\(\):. ]*$/", $post['advfilter'])) {
$input_errors[] .= gettext('Advanced traffic filtering options may only contain characters matching ^[a-zA-Z0-9\+\-\=\(\):. ]*$ regexp.');
}
}
]]>
sync_package_darkstat();
sync_package_darkstat();
unlink_if_exists("/usr/local/etc/rc.d/darkstat.sh");
validate_input_darkstat($_POST, $input_errors);