Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
4
Replies

Monitoring High Traffic Connections

paulkbeyer
Level 1
Level 1

‎12-11-2006 06:14 AM - edited ‎03-11-2019 02:06 AM

Does anyone know how to monitor bandwidth hungry connections on the ASA 5520 7.2(1)?? When doing a 'show conn' I can see byte counters but there aren't approriate filters to able to sift through pages of connections quickly enough and verbosely enough to see whats happening .. The data's there just needs parsing through something useful..

Is MRTG going to work for that? I'm trying to identify clients which are generating alot of traffic onto the internet.

Any ideas?

Thanks alot.

Labels:
0 Helpful
4 Replies 4

sadbulali
Level 4
Level 4

‎12-15-2006 08:33 AM

You can use the ASDM , but to get alerts you should setup syslog with smtp or use ciscoworks or another monitoring application.

PIX/ASA 7.x with Syslog Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

0 Helpful

systems
Level 1
Level 1
In response to sadbulali

‎12-17-2006 11:25 PM

Is it possible to download eval copy of CiscoWorks or can you name any specific monitoring application which is effective.

Regds

Ravi

0 Helpful

paulkbeyer
Level 1
Level 1
In response to sadbulali

‎12-18-2006 06:29 AM

I don't think you understand what I'm asking mate. I'm trying to get a graphical or more intuitive representation for connections that are using large portions of bandwidth. To do that I need graphs relating to the conns through the firewall - not the sum of the bandwidth on the interface like you get with ASDM nor the indvidual building of connections and teardowns you get with syslog. I want to see that *.*.*.2 is connecting to *.*.*.10 and is utilising 20% of the available bandwidth or 256Kbps or however it wishes to traslate that utilisation.

Something better than typing 'show conn' every 10 secs and trying to traces through the 00:00 idle times and comparing the byte counters to get an idea of who is using what.

I hope that explains myself better.

Regards

Paul.

0 Helpful

art.mason
Level 1
Level 1
In response to paulkbeyer

‎12-18-2006 12:37 PM

Sounds like something akin to NetFlow is what you're looking for. If you have the capability to do so, you could always configure a SPAN switchport on the firewall's interface that you want to monitor and configure the destination switchport to send this mirrored traffic to a Linux/*BSD box running NTOP ( http://www.ntop.org ). You should be presented with enough Layer 3-7 traffic information per source/destination IP to make your eyes bleed.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card