Re: How to find users abusing bandwidth?(pix firewall)
- From: roberson@xxxxxxxxxxxx (Walter Roberson)
- Date: Wed, 28 Mar 2007 18:06:37 GMT
In article <1175103900.869341.131640@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<dogfrndnew@xxxxxxxxx> wrote:
I have a pix firewall(515 I believe) and every day at lunch and again
at the end of the day the Inet slows to a crawl. It is obviously a
user or group of users downloading a chunk of something. We have a
full T1 and during work hours, it functions fine. I would like to get
some software to possibly monitor the firewall and then point out the
heaviest user's IP. I have been playing around with syslogd, but have
not found a good way to cull through the log once it is written out.
I also have tried sawmill, and while it is a step in the right
direction, it is hard to believe there isn't a more direct way to
figure it out.
There isn't a more direct way, at least not with PIX 6. (I'm not
familiar enough with PIX 7.)
Any thoughts? I have the powers above ready to buy if
I can find the right piece of software. thanks for your help.
There isn't really a lot of variety to choose from for PIX event
analysis. I had to write my own analysis software. There used
to be a commercial product, but it wasn't fast enough or flexible
enough for my needs... and now that product is no longer available
anyhow.
I supplied a simple perl program that might be good -enough- for
your purposes; see
http://groups.google.ca/group/comp.dcom.sys.cisco/msg/37ddb0b6234c1e48
.
- References:
- How to find users abusing bandwidth?(pix firewall)
- From: dogfrndnew
- How to find users abusing bandwidth?(pix firewall)
- Prev by Date: Re: Frame Relay>>>>>Do we need a CSU/DSU?
- Next by Date: Re: Using Object-Groups in ACLs?
- Previous by thread: How to find users abusing bandwidth?(pix firewall)
- Next by thread: Re: How to find users abusing bandwidth?(pix firewall)
- Index(es):
