cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1172
Views
0
Helpful
3
Replies

Get statistics information

davcommunay
Level 1
Level 1

Dear All,

i have been asked to provide statistics information for the ASA usage (bandwidth/top hosts/services)

I tried to have a look under the ASDM but i only see possible statistics for the last 24hours...

Is it possible to enable them for one month ?

Please let me know how this could be done using the CLI/ASDM.

Kind regards,

3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

Hi,

Not per-se. You will need to configure Netflow on it and send it to a collector. That way you will be able to get more info about the flows and such.

Here is how you can configure it:

https://supportforums.cisco.com/docs/DOC-6114

Mike

Mike

Dear Mike,

thank you very much for this answer.

It helps a lot!

But, there is ununderstandable things

I can enable it easily through the ASDM.

And with CLI

The following worked

bifrfw01(config)# flow-export destination inside 1.2.3.4 2055

flow-export delay flow-create 30

bifrfw01(config)# class netflow

bifrfw01(config-cmap)# match any

bifrfw01(config-cmap)# exit

bifrfw01(config)# policy-map global_policy

bifrfw01(config-pmap)# class netflow

bifrfw01(config-pmap-c)# flow-export event-type flow-create destination 1.2.3.4

bifrfw01(config-pmap-c)# exit

bifrfw01(config-pmap)# service-policy global_policy global

bifrfw01(config)# write

But i have compeltely different information than the one provided by the following command:

threat-detection statistics protocol number-of-rate 3

The trueth is in the statistics not in the Netflow ?

What netflow config (on the ASA side) could provie me the same result as those i have actually with the statistics ?

Thanks a lot for your help

Hi David,

You are totally right. You know, the threat detection information will be reflected on the firewall dashboard. But for accounting information, you can use Netflow to create reports and so on based on the Netflow collector that you use. I have used PRTG and it shows the ports, percentage used and the amount of bit/bytes used.

The Threat detection will give you information about the top ten sources/destinations and protocols being used. It is great for troubleshooting, but it can be CPU intesive.

Having the ASA to send this information to a netflow collector I think it is a good approach, also, helps you out to not log certain information (To a syslog server) hence being friendly with your CPU usage

This link shows how to configure it and also you can see a little chart with the bandwith usage there

http://www.paessler.com/knowledgebase/en/topic/1423-how-to-monitor-cisco-asa-firewalls-using-netflow-9-and-prtg

Now, I am not saying use this one, there are other ones like solarwinds that do an amazing job with reports.

Threat detection ir used most for troubleshooting and not so much for billing/accounting.

Anyways, it is my humble opinion. I hope it helps a bit

Let me know what you think.

Mike

Mike
Review Cisco Networking for a $25 gift card