Catching user taking bandwidth?

We have:

LAN------------------Pix515....................Cisco2621------------internet

Solarwinds is reporting that someone is using a lot of bandwidth. I did the sh ip cache flow command, and saw most of it is www. How can I go further to find out who is using our bandwidth?  Netflow is not setup.

*The pix's outside interface is public
dissolvedAsked:
Who is Participating?
 
asavenerConnect With a Mentor Commented:
Why would VPN tunnels flood the syslog?  Do you have debugging commands enabled?

Run "show debug" to see what debugging commands are enabled.

Run "no debug all" to disable all debugging.
0
 
asavenerCommented:
Capture the PIX log to a text file (easiest to set up a syslog server).

Then perform statistical analysis.
0
 
dissolvedAuthor Commented:
how would I do this?  
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
asavenerCommented:
1. Download and run a syslog server on one of your machines.  (3cDaemon has a built-in syslog server, for example.)

2. Configure the PIX to send all logs to the syslog server:
logging trap debug
logging host w.x.y.z

3. Wait to collect data.

4. Import the log to Excel and find out who's using the most bandwidth.
0
 
dissolvedAuthor Commented:
It is already logging to a syslog server.  Since several VPN tunnels terminate in this pix, trapping anything more than "emergencies" seems to flood the syslog. Is there a better way? The IOS is 8.0(3)
0
 
dissolvedAuthor Commented:
we were logging trap info. and it was flooding the syslog with established connections, etc etc
0
All Courses

From novice to tech pro — start learning today.