Analytics, Auditing, and Traffic Logs (Pro)

Netmaker Pro offers analytics. With Analytics, admin users can view connectivity, latency and data transferred between two peers or nodes on a Netmaker network. Client analytics are also available. All of this data may be visualised in the Netmaker UI. In addition, Netmaker includes a custom exporter for Prometheus/Grafana integration to view the data as well.

Below are the steps to view Analytics on your Netmaker Pro instance.

1

View network metrics in the Netmaker Dashboard

To view the metrics in the Netmaker Dashboard:

• Select a network.

• Click the Analytics interface.

• Switch to any metric you are interested in, including metrics from clients.

Metrics may take up to 5 minutes for nodes to report data.

If present, an analytics image for the dashboard will appear here.

2

Grafana Dashboard

If your Netmaker instance includes the Prometheus/Grafana setup and is configured with the METRICS_EXPORTER="on", you can also view your metrics via Grafana.

Access details example:

Copy

URL: "https://grafana.<YOUR_DOMAIN_NAME>"
Username: "admin"
Password: "admin"

Out-of-the-box Netmaker Grafana options include:

• Netmaker Metrics Dashboard

• Netmaker Network Graph

The Netmaker Metrics Dashboard lets you select and view data on individual nodes.

The Netmaker Network Graph view shows a network graph where you can hover nodes to see node statistics and hover edges to view connection information. Edge colors vary by connection status (green = connected, red = disconnected).

3

Prometheus Dashboard

You can also view your metrics on the Prometheus dashboard. On first visit you may be prompted for credentials.

Access details example:

Copy

URL: "https://prometheus.<YOUR_DOMAIN_NAME>"
Username: "Netmaker-Prometheus"
Password: "<YOUR_LICENSE_KEY>"

Audit Logs

Overview of Netmaker’s Audit Logs for tracking actions and changes

Overview

Netmaker v0.99.0 introduces Audit Logs, a critical feature designed to enhance system transparency, traceability, and security. This feature records significant system events and user actions, providing administrators with clear visibility into changes within their network infrastructure.

Purpose

Audit Logs are essential for:

• Tracking Configuration Changes: Monitor who changed what and when.

• Enhancing Security: Detect unauthorized or unexpected operations.

• Compliance: Assist in meeting organizational and regulatory audit requirements.

• Troubleshooting: Reconstruct event sequences to identify and resolve issues efficiently.

What’s Covered?

The audit log currently tracks actions on all important Netmaker resources:

Traffic Logs

Overview

Traffic Logs provides real-time visibility into network traffic flowing through your Netmaker network. Monitor connections, analyze traffic patterns, and troubleshoot network issues with detailed logs of every connection.

PRO FEATURE

Traffic Logs is available exclusively on Netmaker Pro.

ENABLING TRAFFIC LOGS

Traffic Logs must be enabled by the Netmaker team. To request activation:

Contact Form: https://www.netmaker.io/contact

Status: ALPHA

What are Traffic Logs?

Traffic Logs capture detailed information about network connections flowing through your Netmaker network. Each log entry records the source, destination, protocol, ports, traffic direction, and data volume for comprehensive network visibility.

Key Benefits

• Real-time visibility into all network traffic

• Troubleshoot connectivity issues with detailed connection data

• Monitor traffic patterns and bandwidth usage

• Identify suspicious activity or unauthorized connections

Understanding the Traffic Logs Interface

Global Insights View

User Logs View

Each traffic log entry displays detailed information about a network event. Below is a breakdown of all components you'll see in a log entry:

Log Entry Components

| Component | Description | Example | | Event | Timestamp, end time, node name, and direction of traffic | 9:03 AM, End: 9:03 AM, Node: inetgw, Inbound | | Source | Origin of the traffic - can be Node, User, Config Files, External IP, or Egress Route | debian (node) 100.102.137.9:54618 (IP:port) [email protected] (user) | | Protocol & Port | Network protocol (TCP/UDP/ICMP) and destination port number | TCP, Port 443 UDP, Port 53 ICMP | | Destination | Target of the traffic - can be Node, User, Config Files, External IP, or Egress Route | inetgw (node) 100.102.137.4:443 (IP:port) 140.82.113.26 (external IP) | | Traffic | Data transferred - Download (↓) and Upload (↑) shown in bytes, KiB, or MiB | ↓ 60.00 (B), ↑ 40.00 (B) ↓ 4.33 (KiB), ↑ 4.84 (KiB) |

Component Details

Event Information:

• Timestamp: Exact time the traffic event occurred (format: HH:MM AM/PM)

• End Time: When the traffic event completed (format: End: HH:MM AM/PM)

• Node: The node that generated or received the traffic (format: Node: [node-name])

• Direction: Traffic flow - Inbound (coming into node) or Outbound (leaving node)

Source Types:

• Node: Internal network node (e.g., debian, inetgw)

• User: User devices (e.g., [email protected])

• Config Files: Configuration-related traffic

• External: External IP addresses outside your network

• Egress Route: Traffic through egress gateways

Protocol Types:

• TCP - Transmission Control Protocol (reliable, connection-oriented)

• UDP - User Datagram Protocol (fast, connectionless)

• ICMP - Internet Control Message Protocol (network diagnostics)

Destination Types:

• Node: Internal network node

• User: User endpoint

• Config Files: Configuration endpoints

• External: External IP addresses (e.g., 140.82.113.26)

• Egress Route: Egress gateway destinations

Traffic Volume Indicators:

• ↓ (Download): Data received by the source node

• ↑ (Upload): Data sent by the source node

• Units: B (bytes), KiB (kibibytes), MiB (mebibytes)

Reading Traffic Log Entries

Example 1: Internal Node Communication (Inbound)

Interpretation: The debian node initiated a secure HTTPS connection to the inetgw gateway, receiving 60 bytes and sending 40 bytes of data. This is typical of a small API call or status check.

Example 2: Same Connection from Source Perspective (Outbound)

Interpretation: This is the same connection as Example 1, but reported by the debian node. Notice how the traffic values are reversed (↓40B/↑60B vs ↓60B/↑40B).

Example 3: User Connection to External Service

Interpretation: User [email protected] connected through the inetgw gateway to an external server on HTTPS. The user downloaded 2.36 KiB and uploaded 4.03 KiB, suggesting they sent more data than they received—typical of uploading data or submitting form content to an external service.

Common Traffic Patterns

Small Data Transfers (< 1 KiB)

What it means: Control messages, API calls, heartbeats, status checks

Examples:

• ↓ 60.00 (B) / ↑ 40.00 (B)

• TCP port 443 connections with minimal data

• Quick request/response patterns

Typical scenarios:

• Health checks between nodes

• Authentication requests

• Configuration updates

• DNS queries

Medium Data Transfers (1-100 KiB)

What it means: Web pages, API responses, small files

Examples:

• ↓ 4.33 (KiB) / ↑ 4.84 (KiB)

• HTTP/HTTPS web page loads

• JSON data exchanges

Typical scenarios:

• Loading web dashboards

• API data retrieval

• Configuration file transfers

• Log uploads

Large Data Transfers (> 100 KiB)

What it means: File transfers, media, backups

Examples:

• ↓ 2.5 (MiB) / ↑ 1.2 (MiB)

• File downloads/uploads

• Database syncs

Typical scenarios:

• Software updates

• Backup operations

• Video streaming

• Large file transfers

Using the Filter Feature

Data Volume Reference

Understanding Size Units

Bytes (B):

• Range: 1 - 999 B

• Typical for: Control messages, handshakes, small requests

• Examples: TCP SYN packets, HTTP headers, status checks

Kibibytes (KiB):

• 1 KiB = 1,024 bytes

• Range: 1 - 999 KiB

• Typical for: Web pages, API responses, small files

• Examples: HTML pages, JSON data, small images

Mebibytes (MiB):

• 1 MiB = 1,024 KiB = 1,048,576 bytes

• Range: 1+ MiB

• Typical for: Large files, media, backups

• Examples: Videos, software updates, database dumps

Typical Traffic Volumes by Service

Summary

Traffic Logs provides essential visibility into your network communications:

• Real-time monitoring of all network traffic

• Detailed information about each connection

• Flexible filtering to find relevant events

• Security monitoring to detect threats

• Performance troubleshooting to identify issues

• Compliance auditing to document activity

To get started: Please https://www.netmaker.io/contact