Good morning;
I am the operations manager for a website. Recently we upgraded both WAN and LAN to support the explosive growth in our company. The WAN was upgraded by leaving our old ISP and installing a larger 5meg fiber internet service with the local cable company. I also upgraded our LAN by purchasing the Cisco 1941W ISR (with security license), a Cisco SGE2000 24port gigabit switch and recabling our offices with CAT-6 cable.
I should point out that I am not an IT pro; rather more of a handyman with computers . . . more than novice, but probably less that intermediate skills.
I have learned to use the CLI and the Cisco CP Professional software for configuration, so I have a handle on the basic processes. However, I have bumped into an issue and I could use some wise direction.
Our cable provider gives me access to a fiber management portal to monitor our traffic on the pipe. As I am looking at this data, I notice that our small office has brief periods of heavy traffic at very odd times (middle of the night when the offices are closed). We have 5 meg service up and down, and there are periods throughout the night that traffic fills my pipe without explination. Here is a sample from our monitor:
The red line represents our traffic limit. The purple spikes are a real concern. The cable company tech suggests that I have a LAN clinet that may be executing a trojan, spyware or spamblast. My plan was to come in to work, identify these spikes and then match them to the router log to determine which client might be spiking the pipeline.
I have the router logging on and set to debugging. However, when I log into the Cisco CP Pro GUI, I can only see the last 100 log entries or so representing total router traffic from the last hour or so. I am having trouble getting the CP Pro to show me traffic from 10 hours ago.
Is there an easy way to either show these logs or perhaps there is a way to write the logs to a file that I can review in full the next morning?
Any suggestions would be greatly appreciated.
