Catching user taking bandwidth?

We have:


Solarwinds is reporting that someone is using a lot of bandwidth. I did the sh ip cache flow command, and saw most of it is www. How can I go further to find out who is using our bandwidth?  Netflow is not setup.

*The pix's outside interface is public
Who is Participating?
asavenerConnect With a Mentor Commented:
Why would VPN tunnels flood the syslog?  Do you have debugging commands enabled?

Run "show debug" to see what debugging commands are enabled.

Run "no debug all" to disable all debugging.
Capture the PIX log to a text file (easiest to set up a syslog server).

Then perform statistical analysis.
dissolvedAuthor Commented:
how would I do this?  
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

1. Download and run a syslog server on one of your machines.  (3cDaemon has a built-in syslog server, for example.)

2. Configure the PIX to send all logs to the syslog server:
logging trap debug
logging host w.x.y.z

3. Wait to collect data.

4. Import the log to Excel and find out who's using the most bandwidth.
dissolvedAuthor Commented:
It is already logging to a syslog server.  Since several VPN tunnels terminate in this pix, trapping anything more than "emergencies" seems to flood the syslog. Is there a better way? The IOS is 8.0(3)
dissolvedAuthor Commented:
we were logging trap info. and it was flooding the syslog with established connections, etc etc
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.