Monitoring Bandwidth Usage (Per Internal IP) – Cisco ASA 5505

bandwidthcisco-asamonitoringnetflowsnmp

I manage a small network with a Cisco ASA 5505 and a shared DSL connection. I would like to be able monitor the bandwidth usage of the various users/devices on my network (by IP address). Can I do that using the ASA? Has anyone got this working? What is the best way to do this?

Some Ideas I Have Seen Online:

SNMP with a tool like Cacti
Does this give per IP usage with an ASA or just overall usage?
Netflow with a tool like ntop
Couldn't get this to work. It seems that the Netflows sent by ASA are not exactly standard. Ntop receives them, but doesn't seem to know what do with them.

Best Answer

If you don't want to try and analyze the data coming out of the ASA itself you might just consider doing a port-mirror the switch the ASA is connected to and use a piece of probe software to watch that port. You could easily get Netflow data that way using something like nProbe.

There's a fairly nice tool, PIX Logging Architecture that comes so close to doing what you want. I've deployed it in a couple of sites, and it's reasonably nice (albeit I don't care much for its tight coupling with MySQL), but the per-NAT traffic statistics that an ASA (and newer version of PIXOS) can report are completely ignored! You get statistics about source, destination, frequency, and duration of translations (and thus UDP / TCP streams), but not bytes! If I had the copious free time I'd consider adding the functionality. (BTW: It's GPL v2 licensed. I'd be willing to talk with somebody who wanted to add monitoring of byte counts to the product about throwing some money at them to make it happen. Ping me off-site if you're interested and serious about it and we can talk about requirements.)

Related Solutions

Router – Monitoring router bandwidth usage via Nagios and SNMP

I did this with a cron script, stores current value in a temp file then next time uses it to calculate bandwidth utilization since last run.

#!/bin/bash

email_address=""
router_ip=""

# 80% BANDWIDTH [ (384000bps) 48,000Bps ] - 20% = 38,400 Bps
alertBW="76800"

lastBWFile="/var/log/ciscoGW.log"
lastBW=`cat $lastBWFile | awk '{print$2}'`
lastTime=`cat $lastBWFile | awk '{print$1}'`

curBW=` snmpget  -c snmap_name -v 1 $router_ip IF-MIB::ifOutOctets.2  | awk '{print$4}'`

let diffBW=$curBW-$lastBW
#echo "Diff BW: $diffBW"
timeNow=`date +%s`
let diffTime=$timeNow-$lastTime
let alertBW=$alertBW*$diffTime

echo "$timeNow $curBW" > $lastBWFile

if [ $diffBW -gt $alertBW ]; then
#       echo "Over limit!"
        echo "Bandwith used over $diffTime seconds: $diffBW" | mail -s "BANDWIDTH OVER LIMIT!!!!" $email_address
fi

Since I was more interested in actual peaks I've since moved to using rrdtool:

#start 15 minutes ago
#end 5 minutes ago since rrdtool queries every 5 minutes 
rrdtool fetch $FROM MAX -s -900 -e -300

Cisco asa 5505 locks up / unresponsive

I would upgrade your ASA to the latest version 8.3(x) and see if that takes care of your lockups.

Edited to add:

You can safely move to the 8.0(x) version of the software without upgrading your memory. I believe that starting with 8.2(x) you'll have to actually upgrade the memory. You can research the readme's to see if they have anything about your lockup issue: http://www.cisco.com/en/US/products/ps6120/prod_release_notes_list.html

Best Answer

Related Solutions

Router – Monitoring router bandwidth usage via Nagios and SNMP

Cisco asa 5505 locks up / unresponsive

Related Topic