Hi kamilk ,
the german federal constitutional court will make in the main trial a decision if the so called "Vorratsdatenspeicherung" is legal in the terms of the german law even it is active until then --> https://netzpolitik.org/2017/bundesverf ... en-urteil/
my opinion of a InternetServiceProvider is to provide the internet as a service to me and not to analyse my user activity.
<--> if you are not an ISP but wanted to do that in your company, you should also be informed over the law specifics in that manner. Here we have a so called "Arbeitnehmerdatenschutz" which should prevent a permanent logging of the user activity
--> https://www.datenschutzbeauftragter-inf ... tenschutz/
<--> but if you are a normal user which wants to log and observe his infrastructure you can find some tools which do not provide NSA capabilities
but does have some of your quested features even the official tools are not for long term usage...
iptraf-ng --> http://wiki.ipfire.org/en/addons/iptraf-ng/start
--> a lot of protocols, filter possibilities, logging, (-) a vast amount of logs after a shorter period.
iftop --> http://wiki.ipfire.org/en/addons/iftop/start
--> which is in Core112 currently out but should come again with Core113 i think, no logging, only realtime overview.
inofficial tools are more findable in here i think:
pmacct --> viewtopic.php?t=14849
. History is possible over databases such as MySQL .
Nfsen, Nfacct --> viewtopic.php?t=19022
. History is also possible over pcap files no DB needed.
A lightweight solution and may technically also a way which ISPs go is to collect only the data and send it to another machine e.g.:
softflowd or fprobe --> http://people.ipfire.org/~ummeegge/Netf ... _analyzer/
or a flow-based network traffic analyser which captures the "Netflows" and send them to a dedicated machine which makes nothing else then to correlate, analyze, process but also displays some nice/wanted visuals. For regular user ELK --> https://logz.io/learn/complete-guide-elk-stack/
--> https://forum.ipfire.org/viewtopic.php? ... 86#p109986
or SPLUNK --> https://www.splunk.com/
or even a SIEM, OSSIM --> https://www.alienvault.com/products/ossim
might be a solution too, so it depends there clearly what you want to do with this data and for what purposes you want to collect them.
nDPI --> viewtopic.php?t=18372
. Which is a kind of backend for ntopng which is currently not available in that thread but as i have seen nDPI should provide a ndpiReader which is currently only for testing purposes but do also stuff like this.
Long story short, i think IPFire lacks there a little with a nice in between solution.