Grafana and Pfsense


Tested on Pfsense 2.3.1-RELEASE

If you’re like me, you use some type of custom router OS for your homelab. I happen to use Pfsense as it was the first introduced to me, pre /r/homelab.

One of the things I’ve always wanted to do was get data from Pfsense to Grafana. Thankfully, to THIS guide I was able to do so. The guide was a little dated so I updated it and am posting the updated results here!

So unlike some of the other posts I’ve made, we are not going to get data from pfsense using a script, but rather through telegraf.

In order to install telegraf on Pfsense, we are going to need to be able to access the device via SSH. If you do not already have SSH enabled on your Pfsense box, you can enable it by going to System > Advanced , and enabled “Secure Shell Server”.

Now that we’ve got SSH enabled, lets go ahead and jump in.

1. First things first, we need to SSH into pfsense. For me thats: (The way you SSH in will be determined by your client)

ssh admin@10.10.10.1

2. Once connected, we’ll want to enter Shell, so option 8.

*** Welcome to pfSense 2.3.1-RELEASE (amd64 full-install) on pfSense ***

 WAN (wan)       -> vmx0       -> v4/DHCP4: x.x.x.x/24
 LAN (lan)       -> vmx1       -> v4: 10.10.10.1/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) pfSense Developer Shell
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an Option: 8

3. Now we need to actually install telegraf. (Link up to date as 02/09/2017)

pkg add \ http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/telegraf-1.1.2.txz

4. Lets ensure we can start telegraf

echo 'telegraf_enable=YES' >> /etc/rc.conf

5. Lets create a backup of conf file that comes with telegraf

cp telegraf.conf.sample telegraf.conf

6. Next we need to update the telegraf.conf file. We’re only going to update a couple of sections so I’ll list those here.  Note: I created the database “pfsense” in InfluxDB. You’ll want to change it to the database you wish to use.

cd /usr/local/etc
vi telegraf.conf.sample

------------------------------------------------

[[outputs.influxdb]]
  urls = ["http://10.10.10.104:8089"] # Line 88
  ...
  database = "pfsense" # Line 90
  ...
  username = "root" # Line 100
  password = "root" # Line 101

7. Now, if we want network statistics, we’ll need to uncomment the `[[inputs.net]]` section. Only one line needs to be uncommented unless you specifically wish to alter the settings. By default this will capture all interfaces and list them separately.

# # Read metrics about network interface usage
 [[inputs.net]] # Line 1191
#   ## By default, telegraf gathers stats from any up interface (excluding loopback)
#   ## Setting interfaces will tell it to gather these explicit interfaces,
#   ## regardless of status.
#   ##
#   # interfaces = ["eth0"]

8. Lastly, we want to start telegraf

cd /usr/local/etc/rc.d
./telegraf start

And you’re all set! Feel free to reach out to me if you have any comments or concerns about the guide!