OPNsense + Prometheus + Grafana: the homelab firewall monitoring stack in 2026

For two years my homelab firewall monitoring was a Python script that scraped OPNsense’s web UI for stats and shoved them into InfluxDB. It worked. It was also a tangled mess that broke every time OPNsense updated. Christian Lempa’s January 20, 2026 tutorial on monitoring OPNsense with Prometheus, Grafana Alloy, and Grafana is the artifact that finally moved me to a proper stack.

Three months in: the new setup is dramatically better. Properly instrumented OPNsense monitoring is one of those “you don’t know what you’re missing until you have it” things. Dashboards that just work. Alerts that actually fire. Historical data that’s queryable. No more scraping the UI.

This piece is the working-engineer write-up of the stack, the migration patterns, and what the Lempa tutorial covers vs what working homelabbers should add.

What the stack actually is

The components:

• OPNsense as the firewall/router (the thing being monitored)
• node_exporter running on OPNsense to export system metrics
• A Prometheus plugin or native exporter for OPNsense-specific metrics (firewall state, traffic counters, connection tracking)
• Grafana Alloy as the metric collection / shipping agent (Grafana Labs’ newer alternative to Promtail/Grafana Agent)
• Prometheus for storing the metrics (or Grafana Cloud as a hosted alternative)
• Grafana for dashboards and alerting

The architecture: OPNsense exports its metrics → Alloy collects them and ships to Prometheus → Grafana reads from Prometheus to render dashboards and trigger alerts.

This is roughly the same pattern enterprise network teams use. The 2026 difference is that the tooling (especially Alloy) has matured enough that the homelab-friendly version of this is straightforward.

What Lempa’s tutorial covers

The January 20 video walks through:

1. Installing the appropriate Prometheus / node_exporter plugins on OPNsense
2. Setting up Grafana Alloy to collect from OPNsense
3. Configuring Prometheus to receive the metrics
4. Building Grafana dashboards for the OPNsense data
5. Basic alerting setup

The tutorial covers the standard happy path well. For homelabbers starting from scratch, it’s the right introduction. What I’ll cover below extends the tutorial with patterns I’ve found valuable in production.

What the dashboards actually show

The Grafana dashboards that emerged useful in three months of use:

1. Bandwidth and traffic overview. Per-interface, per-VLAN, in/out. Helps spot the IoT device that’s exfiltrating data, the backup job that’s hogging the WAN, the streaming service that’s unexpectedly using more than expected.

2. Connection tracking. Active connections, by source/destination. Helps debug network issues, spot scanning attempts, understand actual traffic patterns.

3. CPU/memory/disk on OPNsense itself. The router-as-PC needs the same hygiene as any other server.

4. Firewall rule hit rates. Which rules are seeing traffic, which aren’t. Helps spot orphaned rules and verify intent.

5. DHCP lease distribution. Devices on the network, when they appeared, leases nearing expiry. Helps detect rogue devices.

6. DNS query patterns. With AdGuard/Pi-hole integration: top queries, blocked queries, suspicious lookups.

The dashboard that ended up most useful day-to-day is the bandwidth overview — answers “what is my network actually doing right now” instantly. The alert that has fired most usefully is the “OPNsense CPU > 80% sustained” alert — caught a misbehaving service twice.

When this stack is worth the setup cost

This stack is worth setting up when:

• You have 20+ network devices and want to know what’s happening
• You run services with bandwidth concerns (streaming, backups, gaming)
• You’ve experienced unexplained network slowness and want data to debug
• You’re security-conscious and want visibility into traffic patterns
• You enjoy graphs (the legitimate hobby reason — owns it)

This stack is overkill when:

• You have 5-8 devices and the OPNsense built-in graphs are sufficient
• You don’t have time to maintain a separate monitoring stack
• Your network just works and you’d rather not poke at it

The setup is non-trivial (~6-10 hours from zero), and ongoing maintenance is real (Prometheus retention, Grafana updates, alert tuning). For the right homelab size, it pays back. For smaller setups, OPNsense’s built-in monitoring is sufficient.

What I added beyond Lempa’s tutorial

Three patterns I added that the tutorial doesn’t cover:

1. Long-term retention via Mimir or VictoriaMetrics. Prometheus’s local retention is fine for short-term, but homelab users often want 6-12 month history. Mimir or VictoriaMetrics solves this with reasonable resource use. Setup adds 2-3 hours but pays off when you want “what was my bandwidth a year ago” historicals.

2. Alerts that actually fire. Lempa’s tutorial sets up basic alerting. The discipline of “alerts you’ll act on” requires tuning. I went through three iterations:

• Round 1: too many alerts (everything paged, I learned to ignore the page)
• Round 2: too few alerts (real issues didn’t page until they became visible)
• Round 3: focused on “is this thing actually broken in a way I need to know about now?”

The right alerts for a homelab: WAN down, OPNsense CPU sustained high, disk near full, specific service unreachable. That’s about it.

3. Integration with n8n for context-rich alerts. When an alert fires, an n8n workflow enriches it with recent metrics, generates a one-line summary, and sends to Telegram. Without the enrichment, alerts are noise. With it, they’re actionable signals.

What r/homelab and r/selfhosted are seeing

The 627-upvote “Sharing my homelab setup” thread is one of many community posts showing similar stacks in production homelabs. The Wednesday Dashboard Show & Tell threads on r/selfhosted regularly include Grafana setups monitoring OPNsense or pfSense.

The patterns from these community discussions:

• Most users start simpler. OPNsense built-in graphs first, then upgrade to Prometheus stack when needed.
• Alloy adoption is recent. Most existing setups use Grafana Agent or Promtail; Alloy is the 2025 evolution that the tutorials are now teaching.
• Long-term retention is a common pain point. Plain Prometheus retention isn’t enough; everyone reinvents the Mimir/VictoriaMetrics pattern eventually.
• Alert fatigue is universal. Everyone goes through the “too many alerts → ignored” → “fewer focused alerts” iteration.

The deeper context: homelab monitoring maturation

The homelab monitoring tier matured significantly in 2024-2025. The patterns that landed:

• OPNsense / pfSense as the firewall. Both mature, both well-instrumented.
• Prometheus + Grafana for metrics. De facto standard.
• Alloy as the collection agent. Replacing Promtail and Grafana Agent.
• Loki for logs (separate from this stack but often paired).
• Uptime Kuma or Healthchecks.io for service availability (separate but often paired).
• Alertmanager (with mature config) for alerting.

The cumulative effect: a serious homelab in 2026 has observability that’s comparable to small-team production environments in 2023. The tooling caught up faster than the homelab community caught up with using it. Lempa’s tutorial is part of that catch-up.

What YouTube tutorials usually skip

Lempa’s video is solid for the initial setup. The usual gaps in YouTube monitoring tutorials:

• Alert tuning. Setting up alerts is shown; tuning them over weeks isn’t.
• Long-term retention. Most tutorials use default Prometheus retention; few cover Mimir/VictoriaMetrics.
• Dashboard discipline. “Build dashboards” gets demoed; “delete the dashboards you never look at” doesn’t.
• The cost of complexity. Setting up monitoring is fun; maintaining it isn’t free.

What this means for your homelab

If you have a homelab with 15+ devices and you’re not running proper monitoring on the firewall yet:

• Set up the Lempa-stack on a weekend. ~6 hours, gives you visibility you didn’t know you were missing.
• Add Mimir or VictoriaMetrics in the second month for long-term retention.
• Iterate on alerts over the third month — start broad, prune aggressively.
• Integrate with n8n or similar for alert enrichment by month four.

If your homelab is smaller, OPNsense’s built-in monitoring is fine. Revisit when you have more devices or specific debugging needs.

The verdict

The Lempa-stack (OPNsense + Alloy + Prometheus + Grafana) is the right homelab firewall monitoring setup in 2026. Mature tooling, friendly setup, real value once it’s running. The migration cost is moderate; the ongoing value is durable.

The broader story: homelab observability has matured enough that running this stack is reasonable for serious homelabbers. A year ago this would have been “for the dedicated hobbyist.” Now it’s “for any homelab over a certain size.”

For homelab users in January 2026: set up the stack if you have the scale to benefit from it. Lempa’s tutorial is the right starting point. The patterns above extend it for production-grade use. Three months in, you’ll wonder how you operated without it.