ASA Bandwidth Monitoring

Are there any bandwidth monitoring tools out there that would allow me to view bandwidth utilization by IP? Our link was utilized at 100% this morning for about 45 minutes, and it would be nice if I could figure out who was using what.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

MAC_Addy

pham0329 wrote: »

Are there any bandwidth monitoring tools out there that would allow me to view bandwidth utilization by IP? Our link was utilized at 100% this morning for about 45 minutes, and it would be nice if I could figure out who was using what.

We use PRTG network monitor. It has saved my life quite a few times. It'll monitor all ASA's that you load in there. Plus you can set it up to where it'll email you when it goes down.

ccie2be

pham0329 wrote: »

Are there any bandwidth monitoring tools out there that would allow me to view bandwidth utilization by IP? Our link was utilized at 100% this morning for about 45 minutes, and it would be nice if I could figure out who was using what.

For a cheaper alternative for real-time monitoring one could use SolarWinds, PRTG. If your company has the cash, NetQoS or something like that will fit the bill ---- I use NetQoS and its invaluable.

I love pulling reports on bandwidth hogs and confronting them. I just love the "deer-in-the-headlight" look I get when I give them their machine info / date / time, etc and say, "your co-workers complained that they couldn't do....blah blah blah....." That usually "fixes" any problems for a while.

powerfool

Netflow is a good way to pull this sort of data, I believe, and you could use a tool like CA NetQoS ReporterAnalyzer. Also, a good packet analyzer could assist greatly... like WireShark or Network Instruments Observer/GigaStor. SNMP will only give you interface utilization and not allow you to break out source/destination IP address.

jovan88

give scrutinizer a go

Monkerz

+1 for PRTG.

Using around 950 sensors at the moment. Great monitoring solution. Love it!

Per our contract with one of our carriers, we will no longer receive complimentary Fluke Visual UpTime monitoring from them. The inline probes cause an accumulated 60% of the down time we see at our branches. They are looking into Network Instruments' Gigastor, as a passive monitoring solution, so I will look forward to setting that up and tinkering with it.

pham0329

Tried to configure netflow on the ASA (running 8.2) and couldn't get it to work with the SolarWind Real-Time Analyzer....kept getting a message saying NetFlow not configured on the interface so I gave up

Those other solutions looks spendy, and I don't think I can sell it to management considering we already have a web security/monitoring solution in place that does bandwidth reporting as well.

Legacy User

Preconditions of Network Monitoring
Network documentation is essential to monitor a network. Trying to set up network monitoring tools before going through the documentation is complete waste of time. You will see everything green on the screen, but this maybe due to one of the redundant lines that are down. You will sit staring without knowing what is happening. Always remember, documentation comes first and everything follows.
Suggested monitoring tools: Powerpoint/Visio, NetViz

Up/Down monitoring
You have a map in which you can see some red and green lights glowing. Green means up and red means down. It is simple yet powerful. You will immediately come to know that there is some problem if the red light glows.
This is based on ping. Almost every IP devices support echo/echo reply. So, you can monitor all IP devices in your network by using ping. You go one step further by monitoring one application at a time present on a device instead of whole device. All network applications utilize TCP/UDP ports. You can monitor the applications by trying to access with telnet to its TCP/UDP ports. The port being open suggests that the application is running
Suggested monitoring tools: WhatsupGold, nmap

Performance monitoring / SNMP monitoring
Suggested monitoring tools: MRTG, Solarwinds Orion, PRTG

docrice

Try a Linux machine set up with nfdump / nfsen. You'll need the "NSEL" version of ndfump:

http://sourceforge.net/projects/nfdump/files/nsel/

The ASA supports a NetFlow variation known as NSEL which isn't the same as IOS NetFlow (oddly enough). I set up a CentOS 6.2 system over the weekend and configured an ASA to send data to the collector. It works, it's free, and if you need it I can provide a list of of commands to get it all installed on a minimal-install of CentOS 6.

dustinmurphy

ccie2be wrote: »

I love pulling reports on bandwidth hogs and confronting them. I just love the "deer-in-the-headlight" look I get when I give them their machine info / date / time, etc and say, "your co-workers complained that they couldn't do....blah blah blah....." That usually "fixes" any problems for a while.

I used Solarwinds Orion NPM in both of my last companies. It works awesome. I had it monitoring the switch, so I could easily pinpoint the high bandwidth user and confront them. It was usually pretty funny when I would hit them up on the internal IM (Openfire Spark) and ask them what they were downloading...

phonetic.man

For bandwidth monitoring, I use Cacti at work. I have it watch all of my firewall, router, switch and pbx ports. Fancy graphs (which can be zoomed in on).
Here is a link to the site that I used for the setup - CactiEZ - Home

paulage

Solarwinds free netflow analyser has some problem with ASAs if I remember correctly...

If it's just for 1 ASA I believe manageengine has a free analyser. If you need more than one device you have to pay though