Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
4
Replies

PIX Syslog anaylis for billing

SteveGodfrey
Level 1
Level 1

‎06-23-2003 07:36 AM - edited ‎02-20-2020 10:48 PM

I need to provide a breakdown of the Outside link usage, the internet 'pipe' is shared by our Education and Corporate users. The management want a breakdown of how much of the link either group has used.

All the information needed is in the PIX syslogs ie Source IP and bytes transferred, but I need a tool to read through this data and produce the relevant graphs.

I do need to group all the inside IP addresses into one of the two groups so I can produce a graph with just two lines on it (for managers you see)!

I guess perl script would be ideal for this but it's way beyond my capabilites at the moment so any suggestions would be gratefully received.

Thanks

0 Helpful
4 Replies 4

ywadhavk
Cisco Employee
Cisco Employee

‎06-23-2003 08:09 AM

Hi Steve,

As PIX does not have accounting and have to rely on the syslog messages to extract the required info (that may not be much), it might be better to turn on accounting on the edge router, if thats the entry point for all these users.

You could use the Cisco Secure ACS server to accomplish this. You will have much more detail data to do the billing.

Thanks,

yatin

0 Helpful

SteveGodfrey
Level 1
Level 1
In response to ywadhavk

‎06-23-2003 10:54 PM

Thanks Yatin

That's what I want - a perl script to read through the syslog and produce a report.

I have ACS 3.1 but as I see it there are two problems with the edge router suggestion. Firstly all the packets arriving at the router would have been NAT'd to an external address so I wouldn't know the 'real' source. Secondly it's not our router, it belongs to the ISP.

0 Helpful

shannong
Level 4
Level 4

‎06-23-2003 11:34 AM

From the Pix, all the information is available via the syslogs. You can use Kiwi syslog and ReportGen on a windows box to create traffic reports. Both are freely available tools.

Two basic questions to help you find what you need: What kind of NAT are you using? Do you want per-user reports or only per-dept?

If you only want per-dept stats and the depts have different IP blocks, you can easily do a nat/global entry for each subnet/dept. Then you can use outbound "ip accounting" on the Internet router's "internal" and "external" interfaces. That will give you total packets and bytes outbound for each IP address of which two of them will be the depts. You can only do IP accounting for outbound packets, so you must do it on both interfaces.

If you want granular statistics, you can use netflow on your internal router. This will give you the users real IP. MHTG can provide graphs and stats on traffic usage using netflow info. This will require a *nix box.

It really has alot to do with how much info you want and how you plan to use the info.

0 Helpful

shannong
Level 4
Level 4
In response to shannong

‎06-23-2003 11:41 AM

I forget to tell you that you can do mac-address accounting on input unlike IP level accounting which is output only. Both IP and MAC level accounting statistics are available via SNMP,which means polling and graphing the statistics is a snap via MRTG or other similar tool.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card