• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Catching user taking bandwidth?

We have:

LAN------------------Pix515....................Cisco2621------------internet

Solarwinds is reporting that someone is using a lot of bandwidth. I did the sh ip cache flow command, and saw most of it is www. How can I go further to find out who is using our bandwidth?  Netflow is not setup.

*The pix's outside interface is public
0
dissolved
Asked:
dissolved
  • 3
  • 3
1 Solution
 
asavenerCommented:
Capture the PIX log to a text file (easiest to set up a syslog server).

Then perform statistical analysis.
0
 
dissolvedAuthor Commented:
how would I do this?  
0
 
asavenerCommented:
1. Download and run a syslog server on one of your machines.  (3cDaemon has a built-in syslog server, for example.)

2. Configure the PIX to send all logs to the syslog server:
logging trap debug
logging host w.x.y.z

3. Wait to collect data.

4. Import the log to Excel and find out who's using the most bandwidth.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
dissolvedAuthor Commented:
It is already logging to a syslog server.  Since several VPN tunnels terminate in this pix, trapping anything more than "emergencies" seems to flood the syslog. Is there a better way? The IOS is 8.0(3)
0
 
asavenerCommented:
Why would VPN tunnels flood the syslog?  Do you have debugging commands enabled?

Run "show debug" to see what debugging commands are enabled.

Run "no debug all" to disable all debugging.
0
 
dissolvedAuthor Commented:
we were logging trap info. and it was flooding the syslog with established connections, etc etc
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now