Connection overview #3122
Comments
|
I don't know if this is really in the sense of the idea of Netbird. The clients/peers would need to send those metrics to the central management server. When possible Netbird routes traffic directly between the peers, so the management server does not see this traffic at all. And even in relayed mode it only sees that there is traffic flowing from A to B but not the content of the traffic and therefore no ports etc. It would add a lot of cpu load and data which would need to be stored and computed. What you are suggesting is an approach like Zscaler PIA or ZPA, where Zscaler knows all the traffic. |
|
Thanks a lot for your detailed explanation! |
|
Yes that's an option or add a free XDR tool like Wazuh or Security Onion to your environment. |
|
Wazuh might be an option, but those integrations aren't available on self hosted environments :-( In addition: there seems no 3rd party SIEM integration available in the settings |
|
Sorry, I meant not integrated with Netbird, but as a general tool for your environment with agents on all clients. It would cover all traffic your clients are generating, not only the Netbird connections and traffic. |
Is your feature request related to a problem? Please describe.
No
Describe the solution you'd like
Add additional information to the activity log.
Which client tries to reach which resource, with which port (+ routing path). Log could looks like:
This should show an administrator more advanced logs for troubleshooting/overview.
Allowed and blocked connection would be useful. This overview should also validate the expected (client) configuration
Additional context
Used platform: selfhosted
The text was updated successfully, but these errors were encountered: