I manage a small network with a Cisco ASA 5505 and a shared DSL connection. I would like to be able monitor the bandwidth usage of the various users/devices on my network (by IP address). Can I do that using the ASA? Has anyone got this working? What is the best way to do this?
Some Ideas I Have Seen Online:
- SNMP with a tool like Cacti
Does this give per IP usage with an ASA or just overall usage? - Netflow with a tool like ntop
Couldn't get this to work. It seems that the Netflows sent by ASA are not exactly standard. Ntop receives them, but doesn't seem to know what do with them.
If you don't want to try and analyze the data coming out of the ASA itself you might just consider doing a port-mirror the switch the ASA is connected to and use a piece of probe software to watch that port. You could easily get Netflow data that way using something like nProbe.
There's a fairly nice tool, PIX Logging Architecture that comes so close to doing what you want. I've deployed it in a couple of sites, and it's reasonably nice (albeit I don't care much for its tight coupling with MySQL), but the per-NAT traffic statistics that an ASA (and newer version of PIXOS) can report are completely ignored! You get statistics about source, destination, frequency, and duration of translations (and thus UDP / TCP streams), but not bytes! If I had the copious free time I'd consider adding the functionality. (BTW: It's GPL v2 licensed. I'd be willing to talk with somebody who wanted to add monitoring of byte counts to the product about throwing some money at them to make it happen. Ping me off-site if you're interested and serious about it and we can talk about requirements.)
According to the ntop.org website, ntop supports ASA netflows, since Januari 2010. They complain about it being a hack, due to the non-standard netflow format used by the ASA devices.
I haven't tried it yet, but it may be worth a look.
See http://www.ntop.org/blog/?p=24 for the announcement and implementation.
Using Cacti on swithces and not router
If you know the setup of the network and know witch ports in your switches that the different routers/equipment is connected, than you can monitor your switches with Cacti. Use SNMP to pull network trafip pr. port...
I am doing that on my network where all users have static ports in the switches. It is really easy to setup.
But if you need monitoring per IP and your users swap locaiton all over then off cause you cannot use this solution.
Br. Anders
You will not get what you want using SNMP. Netflow is the good way of getting per IP bandwidth. I don't know a tool that can handle Netflow sent by an ASA. Is you just want to do accounting based on IP you may write your own tool. This can be pretty easy if you only collect bytes send by IP You can find details regarding flows sent by ASA here.
You can use the ASA's NetFlow 9 export ("Netflow Security Event Logging" (NSEL)) to get this information
See: Can I use Cisco ASA's "NetFlow Security Event Logging" (NetFlow 9) for bandwidth monitoring