How can I monitor bandwidth usage with a new Cisco ASA 5510

Does anyone know of a nice, easy, cheap method of monitoring bandwidth usage on an ASA 5510?  I just put it in to replace an old Sonicwall.  The one thing I liked about the Sonicwall is that I could see statistics for the amount of data sent\received over a specific connection between internal IP and external IP.  I was then able to go back and see what that person was doing to slam the bandwidth, (usually streaming music).  Now when I see a bandwidth spike, I am not sure how to track it back to see where the traffic is coming\going.
thelink12Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
agriesserConnect With a Mentor Commented:
I don't think that the ASA software is capable of doing something like this...
We installed a central syslog server which takes all the syslogs from our Cisco devices and runs reports on it some time ago, that worked not so bad, but it probably isn't as comfortable as the SonicWalls feature you talked about.
0
 
agriesserCommented:
I use `sh conn` on the console, copy the output to Excel and sort it according to my needs to see who uses my bandwidth. But that's not the best solution, I guess.
0
 
thelink12Author Commented:
How do you get the data into Excel?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
agriesserCommented:
Connect via SSH, telnet, console, ... to your ASA, issue `sh conn`, mark all the data that's reported by the command and paste it into a notepad or Wordpad. Save the file as .txt, now start excel, click "File" -> "Open", choose the .txt file and when the data import wizard starts, choose space as delimiter for the data.

Make sure to format all cells as "Text" before attempting to insert the data into excel, otherwise IP address will be converted to dates, etc.

BTW: Openoffice Calc asks for the delimiter settings when pasting the data directly into the spreadsheet.
0
 
jjmartineziiiCommented:
Have you tried going to the ADSM? At the dashboard page, you can see top talkers.
0
 
agriesserCommented:
Do you mean the homescreen with "dashboard"? If so, I can't see the top talkers there, I can only see tons of syslog messages running down the screen, but that's nothing useful.
0
 
jjmartineziiiCommented:
If you are using ADSM 6.0, click on the Home button then click on the Firewall Dashboard. You should see a pie chart on the bottom right.
0
 
agriesserCommented:
Oh, ok, I do only have ASDM 5.2 on my system as my "ASA" is just an upgraded PIX525...
0
 
thelink12Author Commented:
I have ASDM 6.0, and the Firewall Dashboard but I am looking for something a little more granular, and something I can use to report on history.  For instance, every so often, the bandwitdh gets slammed.  I would like to be able to quickly see which port\ip address is using all the bandwidth and where they are connecting to via which port.
0
 
jjmartineziiiCommented:
http://www.plixer.com/products/free-netflow.php

Something you may be able to do is run a newflow server. Above is a free one. ASA doesn't support netflow, but if you have a switch before it (or a router) you might be able to get the data from there.
0
 
thelink12Author Commented:
Its a small environment, the ASA sits in front of an HP Switch.  I have a Kiwi syslog server collecting the logs from the ASA.  Know of good way to run reports on that?
0
 
agriesserCommented:
Sorry, I don't know Kiwi. Anyone else, maybe?
0
 
jjmartineziiiCommented:
Me either. All I know is that it collects but thats all I know.
0
 
thelink12Author Commented:
Any good Syslog servers you can recommend?  Something with good reporting?.
0
 
agriesserCommented:
Well, we used the Cisco syslog server a few years ago for doing this. I don't recall the exact name of the product now.
0
 
agriesserCommented:
Any updates on this one?
0
 
thelink12Author Commented:
We ended up using KIWI's syslog and then Sawmill to interpret the data.  THanks for all the help!
0
 
Neil_bCommented:
What i do is have a router inline with the ASA as i have to report bandwidth over 3 seperate VRF's on a single ASA. The routers then have netflows enabled which i feed into a sensor on the LAN
0
All Courses

From novice to tech pro — start learning today.