|
|
| Author |
Message |
Mike Bailey
Guest
|
 Posted: Mon Apr 24, 2006 6:21 pm Post subject: 506e monitoring software recommendation. |
 |
|
I continue to have a situation where our internet connections slows down
to a crawl. When I open the 506e PDM and look at the Interface Status
and Traffic Status I can see a sustained, exceptionally high usage but
can not tell who, or what is causing it. Normally, our usage bounces
between 2 and 12 kbps, but when this happens, it stays up as high as 500
- 700kbps.
We are a small company - less than 50 users, so I walk around and ask
every single person if they are uploading, downloading, watching video,
listening to music, sending large emails... and every time, it seems
that no one is.
I'm a PDM user and I know that I can use the command line to do a show
local-host and look for hight tcp connections - but this is difficult
for me to understand and sort through.
Can someone recommend a good application for monitoring the 506e that
can present information in a format that I can understand it, and can
help me determine who or what is causing this high usage when it occurs?
This happens several times a month and sometimes a week.
Thanks,
Mike |
|
| Back to top |
|
 |
|
|
Merv
Guest
|
| Posted: Mon Apr 24, 2006 6:29 pm Post subject: Re: 506e monitoring software recommendation. |
|
|
| What type of switch (make, model OS) is between the PIX and the PC's ? |
|
| Back to top |
|
|
Mike Bailey
Guest
|
| Posted: Mon Apr 24, 2006 8:51 pm Post subject: Re: 506e monitoring software recommendation. |
|
|
Merv wrote:
| Quote: | What type of switch (make, model OS) is between the PIX and the PC's ?
HP Procurve 2650. |
Mike |
|
| Back to top |
|
|
Merv
Guest
|
| Posted: Mon Apr 24, 2006 9:02 pm Post subject: Re: 506e monitoring software recommendation. |
|
|
With that switch you should be able to see the traffic being
transmitted and received by each port. You can alos clear these port
statistic counters.
Look at the documentation for the show interface command and the clear
statistics command |
|
| Back to top |
|
|
Martin Bilgrav
Guest
|
| Posted: Tue Apr 25, 2006 12:57 pm Post subject: Re: 506e monitoring software recommendation. |
|
|
"Mike Bailey" <mbailey@beaumontproducts.com> wrote in message
news:444cde2a_3@newsfeed.slurp.net...
| Quote: | Can someone recommend a good application for monitoring the 506e that
can present information in a format that I can understand it, and can
help me determine who or what is causing this high usage when it occurs?
Mike
|
Use CLI - Issue commands:
show conn
show local
Then look for the "Bytes" count to ident large downloads.
Or look for one PC with huge amount of connections.
Then you have IP of both source and destination and ports.
Easy job to block ...
Or maybe you need to do a inside ACL, so that you decide whats allowed and
what is not.
HTH
Martin Bilgrav |
|
| Back to top |
|
|
Adrian Grigorof
Guest
|
| Posted: Tue Apr 25, 2006 3:12 pm Post subject: Re: 506e monitoring software recommendation. |
|
|
Setup a syslog server and use a log analyzer to see who is generating
the traffic. One good example is FireGen for Pix
(http://www.eventid.net/firegen/firegenpix2.asp) - you can use it in
trial mode for 30 days. The "IP Forensics" features allows you to see
the activity of a certain IP address for specific time interval (sample
report here: http://www.eventid.net/firegen/ipforensics_report.asp).
Instructions on how to setup a syslog server (Kiwi) and configure the
Pix firewall to send the logs there can be found here:
http://www.eventid.net/firegen/fgpixkiwi.asp
Adrian
PS I am one of the developers of FireGen |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private messages
Log in
