Kitsap_Technology
asked on
Realtime Top bandwidth User ISA2006/Websense 7.0
A few times now, we have noticed that our internet links are maxed. We are trying to find an easy way to say who the top bandwidth user is in realtime. I am having trouble finding a report or way to do this. Any help would be appreciated.
ASKER
Yeah, I have noticed that ISA itself doesn't offer a lot for doing this. I was really hoping there would be some kind of report I could put together with websense that may do this.
Yes, well, like I said I don't have any knowledge of web sense, but if I were in this same position I would run an ISA report and get my "Top Users",...then when a noticable slowdown of the system occured I would physically walk around the building and see what my "top users" were doing at that moment. ISA is not going to designate them "top users" for nothing. they'll be you most likely suspects.
ISA will also show the Top Web Sites,...which will hint at what the users are doing. Most likely the Top Users and the Top Web Sites will go "hand in hand".
We have also started using OpenDNS here (www.opendns.com) . I can go to their site and get reports generated by them. They will show a graph of usage which may show spikes at certain times of the day along with other information. Combine this with the ISA Reports and a little "common sense" and you can go pretty far with it,...and none of that costs anything ($$$). Free is always good now-a-days.
ISA will also show the Top Web Sites,...which will hint at what the users are doing. Most likely the Top Users and the Top Web Sites will go "hand in hand".
We have also started using OpenDNS here (www.opendns.com) . I can go to their site and get reports generated by them. They will show a graph of usage which may show spikes at certain times of the day along with other information. Combine this with the ISA Reports and a little "common sense" and you can go pretty far with it,...and none of that costs anything ($$$). Free is always good now-a-days.
ASKER
Walking around the building would be nice, if there were not 14 buildings across 50 miles and a few hundred users. We have noticed in the past, that our realtime top users when there are issues, are most likely not our average top users, but some freak thing that for example our marketing department may be doing, like updating all of their terminals at the same time. Our top users usually still dont peg our pipe. We want to know what freak thing is going on when our pipe does get pegged which is only once every couple weeks.
You'll have to get someone who already works in those locations to help you. It is not expected that you can do all that in person.
Your ISP may also be of help. It is their job to know what is happening on their lines. If the problem is a certain web site or a certail group of web sites,...then block them (either by the ISA or OpenDNS),...when people start screaming about it,...there are your likely suspects.
Your ISP may also be of help. It is their job to know what is happening on their lines. If the problem is a certain web site or a certail group of web sites,...then block them (either by the ISA or OpenDNS),...when people start screaming about it,...there are your likely suspects.
ASKER
There has to be a better solution then that. There is a lot of money and other things in the products. Does anybody else know?
Look,..ISA does not do what you want in the detail that you want it,..period. That is not something that I don't know,...it is something that I do know.
You have WebSense7,...call them,...they are supposed to be a product just for that purpose. I said in my first post that I don't do anything with Websense.
You have WebSense7,...call them,...they are supposed to be a product just for that purpose. I said in my first post that I don't do anything with Websense.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So there isn't much availble to help with live activity. I have seen meters to show the bandwidth on a line being used,..but it was only the total amount of mbps running over the wire,...there was no way to determine the user or anything else above the OSI Physical Layer (layer1).
I don't know anything about Websense.