12-11-2006 06:14 AM - edited 03-11-2019 02:06 AM
Does anyone know how to monitor bandwidth hungry connections on the ASA 5520 7.2(1)?? When doing a 'show conn' I can see byte counters but there aren't approriate filters to able to sift through pages of connections quickly enough and verbosely enough to see whats happening .. The data's there just needs parsing through something useful..
Is MRTG going to work for that? I'm trying to identify clients which are generating alot of traffic onto the internet.
Any ideas?
Thanks alot.
12-15-2006 08:33 AM
You can use the ASDM , but to get alerts you should setup syslog with smtp or use ciscoworks or another monitoring application.
PIX/ASA 7.x with Syslog Configuration Example
12-17-2006 11:25 PM
Is it possible to download eval copy of CiscoWorks or can you name any specific monitoring application which is effective.
Regds
Ravi
12-18-2006 06:29 AM
I don't think you understand what I'm asking mate. I'm trying to get a graphical or more intuitive representation for connections that are using large portions of bandwidth. To do that I need graphs relating to the conns through the firewall - not the sum of the bandwidth on the interface like you get with ASDM nor the indvidual building of connections and teardowns you get with syslog. I want to see that *.*.*.2 is connecting to *.*.*.10 and is utilising 20% of the available bandwidth or 256Kbps or however it wishes to traslate that utilisation.
Something better than typing 'show conn' every 10 secs and trying to traces through the 00:00 idle times and comparing the byte counters to get an idea of who is using what.
I hope that explains myself better.
Regards
Paul.
12-18-2006 12:37 PM
Sounds like something akin to NetFlow is what you're looking for. If you have the capability to do so, you could always configure a SPAN switchport on the firewall's interface that you want to monitor and configure the destination switchport to send this mirrored traffic to a Linux/*BSD box running NTOP ( http://www.ntop.org ). You should be presented with enough Layer 3-7 traffic information per source/destination IP to make your eyes bleed.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide