Today I was speaking to a customer that had the following reporting request:
“I would like to know how much of my bandwidth is being eaten by each protocol. I will then use this information to determine if circuit may need to be increased due to increased traffic”.
This customer was collecting syslog messages from a Cisco Firewall, then using WebSpy Vantage to generate reports. In theory, this sounds like a fair plan. Unfortunately, the Cisco Firewall logs many different types of messages. Some to do with denied packets, some to do with authentication, some for vpn and so on. The information contained within each message changes. Some events include the size information that is required for any type of bandwidth assessment and some don’t. Correlating the required events to get any sort of accurate ‘bandwidth’ representation is a bit of a nightmare.
Fortunately, there’s a simpler method. If you search the Cisco website or the Internet for bandwidth utilization reporting, you’ll no doubt be pointed in the direction of NetFlow.
NetFlow is a network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information [Source Wikipedia http://en.wikipedia.org/wiki/Netflow]
There are a couple of commands to enter on your router to turn NetFlow on, and then you just need a NetFlow collector to receive the Netflow information and generate reports.
Fortunately WebSpy has developed a little tool called FlowMonitor that collects the Netflow information and writes a log file that can then be imported into WebSpy Vantage and reported on.
Once your FlowMonitor logs are imported into WebSpy Vantage, you can run the default FlowMonitor report to see the size of traffic flowing between IP addresses, subnets, router interfaces or protocols. Alternatively you can create your own custom reports to see exactly what you want to see.
NetFlow doesn’t record usernames or URLs so it’s not great for reporting on the web sites your users are visiting, but it is great for network administration and trouble shooting. Identify chatty IP addresses, protocols that are chewing too much bandwidth, the times throughout the day when incoming or outgoing links become heavily utilized and so on.
For information on how to configure your router and deploy FlowMonitor, see the FlowMonitor Installation and User Guide. You can also download a free trial here.
FlowMonitor is a handy little tool. Ask your friendly WebSpy account manager about it today!
- Advantages of using WebSpy with Cisco IronPort – New Video
- How to Report on Enterprise Storages – Vantage Guidelines
- Creating a Remote Desktop Report (RDP Connections) with WebSpy Vantage
- Web Activity Reporting with Palo Alto Firewall Log Files
- Management Employee Internet Reports – Enterprise Guidelines
I just took a class and learned about flow metrics… we use Cisco devices at work, so I’m going to implement this. Thanks for the article.