Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
0
Helpful
4
Replies

Monitoring traffic detail through PIX firewall

mbjohnson
Level 1
Level 1

‎08-20-2004 02:56 PM - edited ‎02-20-2020 11:35 PM

What's the best way for me to monitor the traffic going through a pix? I'd like to know who's going where, what size downloads are, etc..

Thanks for the help.

0 Helpful
4 Replies 4

paddyxdoyle
Level 6
Level 6

‎08-20-2004 03:22 PM

Hi,

You can monitor who is going where by using the logging command on the PIX.

I am not sure what software you are running but the logging command reference for 6.3 is here

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a9.html#wp1028090

By default logging on the PIX can be a bit noisy so you can disable certain events that are being logged by finding out their message id and using "no logging message message_id" such as system messages etc....

Have a look here for PIX message

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a00801582af.html

If you want to keep records for evaluation then you need to set the PIX up to log to a syslog server

Also, if you want to log which URLs are being accessed then make sure your fixup protocol for http is running "fixup protocol http 80"

If you want to monitor specific traffic then you can use the capture command on an access-list, however this is more aimed at packet sniffing/troubleshooting

Rgds

Paddy

0 Helpful

mbjohnson
Level 1
Level 1
In response to paddyxdoyle

‎08-20-2004 03:41 PM

Thanks for the reply. I already have logging turned on, I'm just wondering how I can tell which user is taking most of the bandwidth, doing big downloads etc..ia there such a feature on the Pix?

Best regards.

0 Helpful

paddyxdoyle
Level 6
Level 6
In response to mbjohnson

‎08-20-2004 03:56 PM

Not to my knowlegde i'm afraid.

If you had a router in front of your firewall you could use "ip accounting"?

Rgds

0 Helpful

piseli
Level 1
Level 1
In response to paddyxdoyle

‎08-20-2004 04:47 PM

You can use the syslog feature of the PIX.

Try this:

commands:

logging on

logging trap informational

logging host YOUR-SYSLOG-SERVER-IP

But be aware that this gives a lot of output to your syslog server. A lof of information is transfered as bytes transfered, users names if authenticated, web sites, files ...

Then to analyze it you can use a syslog file analzer as: http://www.sawmill.net/ to get your syslog data into a nice user statistic chart.

There are alot of tools out there in the internet.

Another way without using syslog could be to use of

NTOP a open source linux tool. The windows version you

have to pay. But this is more a Realtime network statistic tool but still does a good job.

Take a look at it. http://www.ntop.org/ntop.html

sincerly

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card