Catching user taking bandwidth?

Posted on 2009-04-09
Last Modified: 2012-05-06
We have:


Solarwinds is reporting that someone is using a lot of bandwidth. I did the sh ip cache flow command, and saw most of it is www. How can I go further to find out who is using our bandwidth?  Netflow is not setup.

*The pix's outside interface is public
Question by:dissolved
  • 3
  • 3
LVL 28

Expert Comment

ID: 24108476
Capture the PIX log to a text file (easiest to set up a syslog server).

Then perform statistical analysis.

Author Comment

ID: 24109072
how would I do this?  
LVL 28

Expert Comment

ID: 24109139
1. Download and run a syslog server on one of your machines.  (3cDaemon has a built-in syslog server, for example.)

2. Configure the PIX to send all logs to the syslog server:
logging trap debug
logging host w.x.y.z

3. Wait to collect data.

4. Import the log to Excel and find out who's using the most bandwidth.
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.


Author Comment

ID: 24109378
It is already logging to a syslog server.  Since several VPN tunnels terminate in this pix, trapping anything more than "emergencies" seems to flood the syslog. Is there a better way? The IOS is 8.0(3)
LVL 28

Accepted Solution

asavener earned 500 total points
ID: 24110035
Why would VPN tunnels flood the syslog?  Do you have debugging commands enabled?

Run "show debug" to see what debugging commands are enabled.

Run "no debug all" to disable all debugging.

Author Comment

ID: 24111818
we were logging trap info. and it was flooding the syslog with established connections, etc etc

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VoIP and Data on single switch, with SonicWall 6 54
Edgemax OS VPN, to Barracuda Link Balancer 7 151
Enterasys QoS setup 2 54
Cisco Routing with 2 ISP connection 5 61
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now