Today I was speaking to a customer that had the following reporting request:
“I would like to know how much of my bandwidth is being eaten by each protocol. I will then use this information to determine if circuit may need to be increased due to increased traffic”.
This customer was collecting syslog messages from a Cisco Firewall, then using WebSpy Vantage to generate reports. In theory, this sounds like a fair plan. Unfortunately, the Cisco Firewall logs many different types of messages. Some to do with denied packets, some to do with authentication, some for vpn and so on. The information contained within each message changes. Some events include the size information that is required for any type of bandwidth assessment and some don’t. Correlating the required events to get any sort of accurate ‘bandwidth’ representation is a bit of a nightmare.
Fortunately, there’s a simpler method. If you search the Cisco website or the Internet for bandwidth utilization reporting, you’ll no doubt be pointed in the direction of NetFlow.
NetFlow is a network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information [Source Wikipedia http://en.wikipedia.org/wiki/Netflow]
There are a couple of commands to enter on your router to turn NetFlow on, and then you just need a NetFlow collector to receive the Netflow information and generate reports.
Once your FlowMonitor logs are imported into WebSpy Vantage, you can run the default FlowMonitor report to see the size of traffic flowing between IP addresses, subnets, router interfaces or protocols. Alternatively you can create your own custom reports to see exactly what you want to see.
NetFlow doesn’t record usernames or URLs so it’s not great for reporting on the web sites your users are visiting, but it is great for network administration and trouble shooting. Identify chatty IP addresses, protocols that are chewing too much bandwidth, the times throughout the day when incoming or outgoing links become heavily utilized and so on.
FlowMonitor is a handy little tool. Ask your friendly WebSpy account manager about it today!
- Advantages of using WebSpy with Cisco IronPort – New Video
- Business benefits from monitoring and reporting on Internet, email and network log files
- How to Report on Enterprise Storages – Vantage Guidelines
- Event Log Reporting using Vantage
- Dedicated WebSpy and Forefront TMG pages – Everything you need to know about TMG Log Reporting