Can I use my mrtg setup to somehow identify which IPs are eating all my bandwidth? Or is there another tool that I can use to do this against my Cisco PIX?
Thanks!
Use mrtg to indentify bandwidth hogs
mrtg
mrtg
Can I use my mrtg setup to somehow identify which IPs are eating all my bandwidth? Or is there another tool that I can use to do this against my Cisco PIX?
Thanks!
Best Answer
MRTG is great for pulling counters from network interfaces (and temperatures, and CPU usage, and other things, too). If a device doesn't provide an SNMP-accessible counter for what you want to measure, though, MRTG won't be a lot of help.
In the case of a Cisco PIX, no SNMP counters are provided in its MIB for "sessions". The PIX is capable of reporting the setup and take-down of NAT table entries (including the number of bytes moved in the "conversation") via SYSLOG.
A tool that I have no personal experience with, but that looks interesting, is FirePlotter.
I do have some experience with the PIX Logging Architecture open source project, which gets its data from SYSLOG output from PIX / ASA firewalls. Its database schema doesn't capture the bytes transferred from the log entries, though, so you can't do any reporting on bandwidth usage. (It would probably be fairly easy to add, but their database choice, MySQL, turned me off to the idea of helping out with their project...)