Solved: IP accounting and/or ip cache flow stats

MARK CHRISTY · ‎12-16-2010

Hello -- I have a Cisco 2621XM router with two ethernet interfaces that sits before a vendor supplied VPN router. I need to see the IP traffic incoming to my router from the WAN side (fasteth0/1 below). I setup ip cef, and ip flow ingress on the interface. However -- it seems that what I see when I use "ip cache flow" command doesn't have a very long history or life. What commands am I missing so that I can see a summary of the stats over say the last 5, 10 or 15 minutes? Is this the best config that can be used for this, or can I create a more summarized report just using the router HW and IOS?

Basic current configuration:

version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Littleboy
!
ip subnet-zero
ip cef table event-log size 1024
ip cef
ip cef accounting per-prefix non-recursive prefix-length
ip cef traffic-statistics load-interval 180
!
ip flow-cache entries 2048
ip flow-cache timeout inactive 60
!
interface FastEthernet0/1
description Littleboy to vpn-wan
ip address 10.1.0.1 255.255.255.252
ip flow ingress

Richard Burts · ‎12-16-2010

Mark

NetFlow was not designed to maintain very long history on the router and I do not believe that you can accomplish what you want just using IOS. The usual solution for what you want is to export the NetFlow data to a collector which will maintain the history and provide the reporting that you want. There are a number of collectors available and some of them are free and some are commercial.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎12-16-2010

Mark

NetFlow was not designed to maintain very long history on the router and I do not believe that you can accomplish what you want just using IOS. The usual solution for what you want is to export the NetFlow data to a collector which will maintain the history and provide the reporting that you want. There are a number of collectors available and some of them are free and some are commercial.

HTH

Rick

HTH

Rick

MARK CHRISTY · ‎12-16-2010

"The usual solution for what you want is to export the NetFlow data to a collector which will maintain the history and provide the reporting that you want. There are a number of collectors available and some of them are free and some are commercial."

Thanks! I didn't think there were commands that were discoverable. I am using PRTG for traffic volume, but haven't found a good netFlow receiver. Can you suggest any that are open source or freeware?

Thank you!

johnlloyd_13 · ‎12-17-2010

i used PRTG before and it's able to collect netflow
stats. freeware version doesn't have this feature but the licensed ones has. solarwinds also has one. refer both URLs below. you need to tweak further your config to enable netflow.

http://www.paessler.com/prtg/faqs

http://www.solarwinds.com/products/freetools/netflow_analyzer.aspx

Richard Burts · ‎12-17-2010

Mark

I have had a customer who used PRTG to collect and process NetFlow and it was pretty good. I do not have experience with the SolarWinds NetFlow analyzer but in general I like their products and assume that this would be good. I have also had experience with Scrutinizer from Plixer for NetFlow. They have a commercial product and a free version of it (which I believe maintains only a single day of history rather than the extensive history in the purchased version). See this link for more info and download;
http://www.plixer.com/products/netflow-sflow/scrutinizer-netflow-sflow.php

HTH

Rick

HTH

Rick

MARK CHRISTY · ‎12-17-2010

I am using the free PRTG now, so I haven't looked into the other two, but I will now. Thanks for all the great info -- I know the path forward now!