11-03-2011 08:15 AM - edited 03-11-2019 02:45 PM
Dear All,
i have been asked to provide statistics information for the ASA usage (bandwidth/top hosts/services)
I tried to have a look under the ASDM but i only see possible statistics for the last 24hours...
Is it possible to enable them for one month ?
Please let me know how this could be done using the CLI/ASDM.
Kind regards,
11-03-2011 08:41 AM
Hi,
Not per-se. You will need to configure Netflow on it and send it to a collector. That way you will be able to get more info about the flows and such.
Here is how you can configure it:
https://supportforums.cisco.com/docs/DOC-6114
Mike
11-04-2011 03:22 AM
Dear Mike,
thank you very much for this answer.
It helps a lot!
But, there is ununderstandable things
I can enable it easily through the ASDM.
And with CLI
The following worked
bifrfw01(config)# flow-export destination inside 1.2.3.4 2055
flow-export delay flow-create 30
bifrfw01(config)# class netflow
bifrfw01(config-cmap)# match any
bifrfw01(config-cmap)# exit
bifrfw01(config)# policy-map global_policy
bifrfw01(config-pmap)# class netflow
bifrfw01(config-pmap-c)# flow-export event-type flow-create destination 1.2.3.4
bifrfw01(config-pmap-c)# exit
bifrfw01(config-pmap)# service-policy global_policy global
bifrfw01(config)# write
But i have compeltely different information than the one provided by the following command:
threat-detection statistics protocol number-of-rate 3
The trueth is in the statistics not in the Netflow ?
What netflow config (on the ASA side) could provie me the same result as those i have actually with the statistics ?
Thanks a lot for your help
11-04-2011 10:33 PM
Hi David,
You are totally right. You know, the threat detection information will be reflected on the firewall dashboard. But for accounting information, you can use Netflow to create reports and so on based on the Netflow collector that you use. I have used PRTG and it shows the ports, percentage used and the amount of bit/bytes used.
The Threat detection will give you information about the top ten sources/destinations and protocols being used. It is great for troubleshooting, but it can be CPU intesive.
Having the ASA to send this information to a netflow collector I think it is a good approach, also, helps you out to not log certain information (To a syslog server) hence being friendly with your CPU usage
This link shows how to configure it and also you can see a little chart with the bandwith usage there
Now, I am not saying use this one, there are other ones like solarwinds that do an amazing job with reports.
Threat detection ir used most for troubleshooting and not so much for billing/accounting.
Anyways, it is my humble opinion. I hope it helps a bit
Let me know what you think.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide