Monitoring what devices connect or phone home?

I am new here but wanted to ask if you guys and gals have any advice for monitoring similar to what you find in PFSense ntopng? I want something like the Active Flows where you can see what your IoT/internal devices phone home to, maybe even with a map.

I have tried various tools like Darkstat, but most of the ones I land on are more geared toward bandwidth usage monitoring, and I am quite happy with using VnStat for that. One blog I landed on had used Syslog-ng and Elasticsearch Security to build something similar, but slightly more complicated.

I would prefer not having to pay for it if I had to build it or use a package, but if there is a low cost service I don’t mind paying. I also understand that PFSense tools are x86 and BSD and may not need to offload the data to be analyzed since the hardware can handle it. For reference I have a GL-MV1000, and would prefer to keep the services on the device if possible.


It seems like Turris OS on Turris Omnia has a few tools baked in like Majordomo and Netflow.
I can’t test because I don’t own one of these, but now I am curious if we can use the same tools on other builds?

PS I also posted this over at OpenWRT forums.

I think this is possible.