After running the latest release of Sphirewall for 3 days, I thought it would be cool to take a peek at what statistics are available on my home network. Sphirewall is driven to provide more information on your network which coupled with active events and a more user driven approach can prove to be very valuable. But enough with the blatant plugging and lets take a look.
The visibility starts right from the dashboard, where you are presented with a graph showing total connections active on your network.
This can give you some indication as to how much traffic is currently running through your network, and what the general load is like. Somewhat boring, unless your just wanting to check if things are running ok.
So we dive straight into the reporting tab. On opening, you are presented with a screen looking something like below.
Here you see a summary of total transfer over a time frame, extending and reducing the filter timeframe will dictate whether you see data on a day breakdown, or hourly breakdown. But this is not so interesting at the moment, what I really want to see is what my annoying flat mates have been doing through my internet connection. So we flick to the address breakdown, I am not using user authentication on my home network.
This report shows me very quickly, that the top host on my network is 192.168.2.100. Just as I suspected, but I want more information. Clicking on the ip address “192.168.2.100″ directs me to more details
This report, apart from the funny looking graphs, shows us that on the 4th of May, there was a large increase in traffic transfer. The other days are almost irrelevant. We can filter down to that particular date by just clicking on it.
This screen gives you a hour by hour breakdown of transfer from this host, followed by a breakdown by port. We can very quickly see here that this user has been surfing the web on port 80, the standart http port. Clicking on this port, will bring you to the web application reporting, which provides a nice breakdown of website urls.
Here you can see a breakdown of websites the users on 192.168.2.100 have seen. Its quite interesting, and you can extend it further by clicking on the urls. We can very quickly see that he or she has been streaming music via Digitally Imported Radio (a very cool service by the way).
This reporting does not stop here, you can start analysing at many different starting points, and are always able to drill down and filter on specific dates, hosts, ports and what not. The information gathered here can also be used, for things such as quotas, accounting and dynamic rules. It can get pretty cool. We collect and aggregate statistics on a hourly basis, lower aggregations are possible, however normally they are not required. There is another side to the reporting system that may be less obvious, we also record system metrics. There is alot happening inside Sphirewall, and for debugging purposes its sometimes useful to take a look at these numbers. Take a look at the Performance and Metrics tab under Status.
If you have questions, or ideas, drop is a line on our forums, or email the development team via firstname.lastname@example.org