Taking a look at the ASDM (6.4) for my ASA 5520, I get a nice summary of the traffic status, with items like "interface traffic usage", and "connections per second".
This works well, but only shows the data for the last 5-6 minutes or so.
Recently, I've been asked whether it's possible to pull up this same type of traffic data for a particular time in the past. (Such as: Find the traffic usage for a 3 minute period from date xx:xx:xx @ time xx:xx:xx)
I've noticed that my ASA 5520 is logging the warning, errors, etc that it is processing. But traffic data is not logged (yet) according to my search through the ASA.
Is logging the traffic data amounts (as wondered above) actually a possibility? Is there any way to find out the past data for traffic and such values?
Thanks!
Best Answer
There are two basic options for firewall traffic usage monitoring. What I'm guessing you're looking for is Mbps for each interface, ingress/egress, is that correct? If so, you can use standard snmp-based monitoring tools . Consult the Cisco command reference for your version of software, but it's really no different than adding an snmp server to any other Cisco device. You can set this up so that your monitoring server (SolarWinds, Nagios, WhatsUP, etc) polls your ASA periodically for the stats, and add traps for push notifications of urgent issues.
The other route for collection, as Chris referred to, is flow-based. Rather than counting bits in/out on an interface, you can look at flow creation/teardown, protocol & endpoints of the flow. Every time a two-way communication is initiated between to IPs, there's a flow record created for it. It's and inherent part of dynamic firewall process that ASA uses. You can also export this information to an external collector for storage, analysis, graphing, etc. For instance, you could query the data for top 10 users of your ISP pipe during an hour.