Solved

Catching user taking bandwidth?

Posted on 2009-04-09
6
214 Views
Last Modified: 2012-05-06
We have:

LAN------------------Pix515....................Cisco2621------------internet

Solarwinds is reporting that someone is using a lot of bandwidth. I did the sh ip cache flow command, and saw most of it is www. How can I go further to find out who is using our bandwidth?  Netflow is not setup.

*The pix's outside interface is public
0
Comment
Question by:dissolved
  • 3
  • 3
6 Comments
 
LVL 28

Expert Comment

by:asavener
Comment Utility
Capture the PIX log to a text file (easiest to set up a syslog server).

Then perform statistical analysis.
0
 

Author Comment

by:dissolved
Comment Utility
how would I do this?  
0
 
LVL 28

Expert Comment

by:asavener
Comment Utility
1. Download and run a syslog server on one of your machines.  (3cDaemon has a built-in syslog server, for example.)

2. Configure the PIX to send all logs to the syslog server:
logging trap debug
logging host w.x.y.z

3. Wait to collect data.

4. Import the log to Excel and find out who's using the most bandwidth.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:dissolved
Comment Utility
It is already logging to a syslog server.  Since several VPN tunnels terminate in this pix, trapping anything more than "emergencies" seems to flood the syslog. Is there a better way? The IOS is 8.0(3)
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
Comment Utility
Why would VPN tunnels flood the syslog?  Do you have debugging commands enabled?

Run "show debug" to see what debugging commands are enabled.

Run "no debug all" to disable all debugging.
0
 

Author Comment

by:dissolved
Comment Utility
we were logging trap info. and it was flooding the syslog with established connections, etc etc
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now