1

Configuring TIG Stack to Monitor pfSense metrics

Introduction

TIG stack is the short for Telegraf, InfluxDB and Grafana. It is a set of tools often used for the purposes of monitoring your infrastructure for health, problems and trends.

Telegraf

Telegraf is a plugin-driven server agent for collecting and sending metrics and events from databases, systems, and IoT sensors.

Telegraf is written in Go and compiles into a single binary with no external dependencies, and requires a very minimal memory footprint.

Collects and send all kinds of data:
  • Database: Connect to datasources like MongoDB, MySQL, Redis, and others to collect and send metrics.
  • Systems: Collect metrics from your modern stack of cloud platforms, containers, and orchestrators.
  • IoT sensors: Collect critical stateful data (pressure levels, temp levels, etc.) from IoT sensors and devices.

InfluxDB

InfluxDB is the open source time series database that is part of the TICK (Telegraf, InfluxDB, Chronograf, Kapacitor) stack.
In our setup, we will include Grafana instead of Choronagraf and Kapacitor.

Grafana

Grafana is an opensource analytics and monitoring solution for every database. It allows you to query, visualize and alert on metrics and logs no matter where they are stored.

In this lab, we are going to install and configure TIG Stack in order to monitor metrics collected from our pfSense Firewall.

Prerequisites.

  • pfSense firewall installation and configuration. IP addressing.
  • A CentOS server installed and configured.
  • A non-root user on the CentOs machine with sudo privileges

Install Grafana and Influxdb on the CentOS machine

We are going to set up our Grafana and Influxdb on our CentOs machine.
SSH to your CentOS machine and proceed.

Install Grafana

Grafana can be installed through two different ways. Either downloading the rpm package or installing via the official grafana yum repository.
In this lab, we are going to install through the yum repository.
We are there going to create a new file in the /etc/yum.repos.d/grafana.repo.
Once done copy and past the following in a terminal:

cat <<EOF | sudo tee /etc/yum.repos.d/grafana.repo
[grafana]
name=grafana
baseurl=https://packages.grafana.com/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

We can now install grafana using the following command;

yum -y install grafana

Next, configure the firewall settings to allow port 3000.

firewall-cmd --add-port=3000/tcp --permanent

Reload your firewall

firewall-cmd --reload

Start and enable the grafana service using the following command;

systemctl start grafana-server
systemctl enable --now grafana-server

Grafana is installed and running successfully. Access the grafana web gui using the following url:

http://your_ipaddress:3000

You will be presented with the following screen. The defaul username is admin. You will be asked to change your password.

grafana login

Install influxDB

InfluxDB as well as Telegraf can be installed through the official repository provided by influxdata. We will install influxDB on our CentOS machine while Telegraf is going to be installed on the pfSense firewall through the package manager which will see in a later section.

Create a new file in the directory /etc/yum.repos.d/ called influxdb.repo paste the following in your terminal.

cat <<EOF | sudo tee /etc/yum.repos.d/influxdb.repo
[influxdb]
name = InfluxDB Repository - RHEL \$releasever
baseurl = https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable
enabled = 1
gpgcheck = 1
gpgkey = https://repos.influxdata.com/influxdb.key
EOF

Install influxdb normally

yum -y install influxdb

Start and enable the influxdb service

systemctl start influxdb
systemctl enable --now influxdb

Configure the firewall settings to allow port 8086 for influxdb

firewall-cmd --add-port=8086/tcp --permanent

Reload the firewall for changes to take effect.

firewall-cmd --reload

Install Telegraf.

We will now install Telegraf on our pfsense firewall through using the package manager. Telegraf comes in as plugin for pfSense firewall.
In your pfSense firewall dashboard, navigate to System > Package Manager then Available Packages Tab

telegraf installation

Search for telegraf and click the install button.
Once done, you can be able to view it in the Installed Packages tab as below;

installed telegraf

Configure Telegraf to send data to our influxDB

We can configure Telegraf now in order to send the collected data from pfsense to influxdb.
Navigate to Services > Telegraf. In the fields, put in the below.

telegraf configuration
  • Enable Telegraf – Check the box
  • Update Interval – 10 seconds
  • Telegraf Output – Choose InfluxDB
  • InfluxDB Server – http://172.16.80.40:8086 (where your influxdb was installed)
  • InfluxDB Database – pfsensedb (if you didn’t create, it will be created for you)
  • InfluxDB Username – influxusername
  • InfluxDB Password – strongpass

You can leave the rest of the fields as is.
In our grafana web gui, we are going to configure a datasource.
In the page that appears, we will choose influxdb then configure with the desired settings on the HTTP section. For the Auth we will leave it as is. Input the correct details on the InfluxDB Details

datasource
influxdb config

Next we will build a dashboard. We are going to use an already created dashboard which can be imported into grafana.
Get the json file for the dashboard from here which will import into our grafana dashboard.

On the left panel, click the + button then go to Import

You will be presented with the below screen. Click on the Upload .json file button and then navigate to the json file that you downloaded then click Import.

import dashboard

Your dashboard will appear showing some data collected from the pfsense firewall.

dashboard
dashboard

We have now come to end of this lab.

bl4ckwidow

Co-Founder of Labing Overload. I am a Web Developer/Network Engineer turned CyberSecurity Engineer. FOSS enthusiast. Cisco Technologies enthusiast. Network Penetration Tester.

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *