Best way to setup traffic utilization logging on a router?
I am tasked with setting up logging of traffic utilization that will be expected to run probably for several days to analyze slow dips in a customers network, and I'm wondering if anyone has experience in this that could suggest any particular method?
I found something on configuring netflow on the router, and configure the logging to an internal SFTP server via Solarwinds, which looks like it may work but wanted to see if any of you fine people could chime in with better suggestions.
Thanks!
I found something on configuring netflow on the router, and configure the logging to an internal SFTP server via Solarwinds, which looks like it may work but wanted to see if any of you fine people could chime in with better suggestions.
Thanks!
Comments
-
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
If you aren't looking to us it long term then I would download the eval copy of Netflow Analyzer by ManageEngine. Setup is really easy and you'll get all the information you are looking for. A long time ago we had a customer who was seeing slowness all day long. We installed it and analyzed it for a week to find that Symantec Updates were configured to call back to their headquarters for updates. On T1 lines it was destroying them. Ultimately I was able to set it up so a server at each location would download the updates from HQ and then update the machines behind it.
Currently we use Netflow Analyzer to look at the connections of the companies we regulate. We're looking at open source alternatives due to wanting to correlate a number of other programs with our Netflow data, but for you it should do exactly what you need.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
ande0255
Banned Posts: 1,178
Cool thank you much for the info, I will check this out tomorrow morning! -
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
I use ptrg to monitor netflow, very nice tool, easy to use, 30 days eval license.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
ande0255
Banned Posts: 1,178
That looks pretty cool as well, I'm actually kind of geared to get to work on setting this up and check out the traffic flow, I usually ever only use wireshark to analyze traffic on a single host. Thanks for the info!
-
PurpleIT
Member Posts: 327
I use ptrg to monitor netflow, very nice tool, easy to use, 30 days eval license.
I'm a fan of PRTG as well; good program at a good price point.WGU - BS IT: ND&M | Start Date: 12/1/12, End Date 5/7/2013
What next, what next... -
Dieg0M
Member Posts: 861
I would suggest LiveAction for flow analysis. We use Statseeker for bandwidth analysis and Solarwinds/Spectrum/Cisco Prime for device management (SNMP polling). We also use HPNA for configuration backup and automation.Follow my CCDE journey at www.routingnull0.com -
CodeBlox
Member Posts: 1,363 ■■■■□□□□□□
We're using icinga/nagios to monitor bandwidth utilization. We have a guy who set it all up and it sends alerts when circuits peg out. Very nifty and open source.Currently reading: Network Warrior, Unix Network Programming by Richard Stevens -
brian89gp
Member Posts: 19 ■□□□□□□□□□
Cacti
Netflow tells you what is on a link (and somewhat how much is on it), SNMP monitoring tools how much is on it. -
ande0255
Banned Posts: 1,178
Question for you gentlemen who suggested PRTG. I have it setup on a local PC on the network, and set the parameters on the Cisco router for netflow, but PRTG is not receiving any of the Netflow packets on port 2055.
Here is some show output of the router config:
interface Vlan1
description BLAH BLAH BLAH
ip address 10.60.71.1 255.255.255.0
ip access-group 105 in
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
interface FastEthernet4
description BLAH BLAH BLAH
ip address 111.112.122.123 255.255.255.252
ip access-group deny-hack-attack in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map vpn-map
ip flow-export destination 10.60.71.234 2055 <---- Host with PRTG installed
router#show ip flow export
Flow export v1 is enabled for main cache
Export source and destination details :
VRF ID : Default
Destination(1) 10.60.71.234 (2055)
Version 1 flow records
331022 flows exported in 30206 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
I checked the code running on the router, its a C850 series running 12.4, which uses Netflow v5 which is configured on the PRTG sensor pointed at the router.
I'm at a loss as to what I could possibly be missing, the PRTG is set up locally to a PC on that inside interface of the router, and PRTG is seeing the router via a Ping sensor I setup for auto-discovery.
Any ideas? -
higherho
Member Posts: 882
Look into Zabbix. We use it for bandwidth monitoring, port monitoring, polling, web traffic, and much more. Its free too and you create your own templates.
https://support.zabbix.com/browse/ZBXNEXT-37?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
Homepage of Zabbix :: An Enterprise-Class Open Source Distributed Monitoring Solution -
PurpleIT
Member Posts: 327
Question for you gentlemen who suggested PRTG. I have it setup on a local PC on the network, and set the parameters on the Cisco router for netflow, but PRTG is not receiving any of the Netflow packets on port 2055.
My first question was going to be are the router and PRTG using the same version. I read this as yes, they are.I'm at a loss as to what I could possibly be missing, the PRTG is set up locally to a PC on that inside interface of the router, and PRTG is seeing the router via a Ping sensor I setup for auto-discovery.
Any ideas?
PRTG has a netflow tester Test NetFlow based monitoring configurations with NetFlow Tester that will show you if traffic is showing up or not. If it is showing up then it may be a PRTG issue; I don't use it much and when I do it is V9 from ASAs, but there are frequent delays which I believe have to do with how the ASA processes and sends the data.WGU - BS IT: ND&M | Start Date: 12/1/12, End Date 5/7/2013
What next, what next... -
ande0255
Banned Posts: 1,178
I actually fired up both v5 and v9 testers and neither detected anything, the pc has windows firewall disabled as well. I did see the unknown protocol dropped counter rising pretty quickly after I cleared counters on the inside interface, so I am wondering if it'd be incrementing the exports value in 'show ip flow export' even if the netflow packets are getting dropped.
Thanks for the suggestion higherhero, think I may have to go a different avenue and test out netflow in a lab environment at a later time. -
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
Look into Zabbix. We use it for bandwidth monitoring, port monitoring, polling, web traffic, and much more. Its free too and you create your own templates.
https://support.zabbix.com/browse/ZBXNEXT-37?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
Homepage of Zabbix :: An Enterprise-Class Open Source Distributed Monitoring Solution
Agreed. Been using Zabbix for 2 years and it is win. -
xnx
Member Posts: 464 ■■■□□□□□□□
Would creating a SPAN session be of any use?
I personally just wiretap ethernet with some keystone jacks that are wired up so I can see the traffic going through on my laptop.Getting There ...
Lab Equipment: Using Cisco CSRs and 4 Switches currently
