Bandwidth monitoring

Discussion in 'Networking & Security' started by moose517, May 30, 2011.

  1. moose517

    moose517 Gawd

    Messages:
    640
    Joined:
    Feb 28, 2009
    I've seen some threads in the past about this but none of them have been helpful to me. I have a Cisco asa5505 and was wanting to monitor how much bandwidth i'm a month, my ISP doesn't have any caps but i was more or less wanting to monitor and see how much i really use.

    I've seen netflow mentioned for it but i have never been able to get it working if thats even the right thing to be using. Any links or tut's would be helpful :D
     
  2. SpaceHonkey

    SpaceHonkey Gawd

    Messages:
    983
    Joined:
    Jan 25, 2007
    You use SNMP to monitor total traffic across an interface; netflow will tell you what was going across the interface at a given time.

    Cacti is great for simple SNMP monitoring, but I've yet to find a free netflow collector that worked well. Ntop is the closest thing, but all data is lost if it restarts. We use Solarwinds at work - works very well.
     
  3. WesM63

    WesM63 2[H]4U

    Messages:
    3,266
    Joined:
    Aug 29, 2004
    PRTG does both and is free for 10 sensors.

    As much is i hated stetting up NetQoS, it's full of win once it's up and running. IMHO, better than Solarwinds Orion.

    EDIT: Also, Netflow (aka NSEL) is tricky on an ASA. It's only supported on ver 8.2 and it's not "true" netflow. It only logs the data, once the connection has been closed.
     
  4. moose517

    moose517 Gawd

    Messages:
    640
    Joined:
    Feb 28, 2009
    interesting, that makes sense, i'll have to check out cacti tonight.
     
  5. hawk82

    hawk82 [H]ard|Gawd

    Messages:
    1,471
    Joined:
    Oct 2, 2001
  6. moose517

    moose517 Gawd

    Messages:
    640
    Joined:
    Feb 28, 2009
    so i can't get cacti to install, says something about "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 261904 bytes) in C:\WWW\Cacti\lib\adodb\adodb.inc.php on line 833" i've done some googling but can't seem to figure out what i need to do to get it to work.
     
  7. SpaceHonkey

    SpaceHonkey Gawd

    Messages:
    983
    Joined:
    Jan 25, 2007
    Can you do something like CactiEZ in a VM?
     
  8. WesM63

    WesM63 2[H]4U

    Messages:
    3,266
    Joined:
    Aug 29, 2004
    Honestly, I finally tried Cacti, and it's shit. Netflow v9 or GTFO.
     
  9. SpaceHonkey

    SpaceHonkey Gawd

    Messages:
    983
    Joined:
    Jan 25, 2007
    Cacti was never intended for those who need netflow. We used it to monitor switchports, UPSs, CPUs, volumes, VPN connections - it can graph anything that uses SNMP for free.

    As far as netflow collectors - there isn't much to choose from unless you are able to lay out some pretty serious cash. And for an at home solution - I'm sure that's in short supply.

    Here are some cacti examples via some google-fu (search "graph_view.php?") -
    https://ciist.ist.utl.pt/cacti/graph_view.php?action=tree&tree_id=3&leaf_id=645
    http://cacti.kernel.org/graph_view.php?action=tree&tree_id=2
    http://umopt1.grid.umich.edu/cacti/graph_view.php?action=tree&tree_id=10&select_first=true
     
  10. moose517

    moose517 Gawd

    Messages:
    640
    Joined:
    Feb 28, 2009
    i'll check out cactiEZ, i can indeed do it in a VM so its perfect, if not i'll look into some of the others mentioned
     
  11. hawk82

    hawk82 [H]ard|Gawd

    Messages:
    1,471
    Joined:
    Oct 2, 2001
    http://forums.cacti.net/about23444.html&highlight=

    Try increasing the PHP memory limit, to say 256MB. When I used to run Cacti years ago, I found it was a resource hog. So I switched back to MRTG. Takes longer to make the graphs, but MRTG has less hit on system resources when running/generating graphs.
     
  12. MikeTrike

    MikeTrike [H]ardness Supreme

    Messages:
    8,191
    Joined:
    Nov 16, 2005
    Cacti is so easy to install, it's not even funny.

    EDIT: And I'm 90% Windows Admin, lol
     
  13. WesM63

    WesM63 2[H]4U

    Messages:
    3,266
    Joined:
    Aug 29, 2004

    I'm sorry, whats so special about Cacti? If you're going to tout Neflow support, support V9 or, like i said, GTFO.

    Everyone does SNMP and Syslog, so what makes Cacti special? It's free?

    BTW, PRTG fits the bill perfectly and much simpler to use than Cacti. Only downside is it's only free for 10 sensors.

    Here is a shot of quick reports from 6/1-6/8 of mine at home:
    http://xs.to/media/3478
     
  14. MikeTrike

    MikeTrike [H]ardness Supreme

    Messages:
    8,191
    Joined:
    Nov 16, 2005
    It's also pretty cheap too, just bought 100 sensor license for around $400 bucks, can't really beat that. :)
     
  15. moose517

    moose517 Gawd

    Messages:
    640
    Joined:
    Feb 28, 2009
    hmmm i'll look into PRTG as well then, only plan on monitoring my firewall for bandwidth usage anyways, but i'm sure i'll quickly find other things haha.
     
  16. SpaceHonkey

    SpaceHonkey Gawd

    Messages:
    983
    Joined:
    Jan 25, 2007
    To non-profits and schools, free is a real hard price to beat. Same for something at home. Given, to really know what you're doing you need to understand SNMP and linux (usually). But if you're not willing to learn - you're going to have to pay for something.

    I know you seem to think netflow v9 is absolutely necessary - but it isn't. It's really nice to have, yes - necessity, no (not at home). If you must have netflow at home I recommend ntop (free but limited), or Solarwinds Realtime Netflow Analyzer (free, but no saved history).

    At work we switched to Solarwinds from Cacti and OpenNMS. We ran for years on those two, but to implement Solarwinds we shelled out $20K. Free was a great price while those tools were sufficient. As a matter of fact, we never would have been able to justify the price of Solarwinds if we hadn't used Cacti and OpenNMS first to prove to management that it was a necessity.
     
  17. WesM63

    WesM63 2[H]4U

    Messages:
    3,266
    Joined:
    Aug 29, 2004

    /sigh

    Cacti is special because it's free? I'm not sold, you can google free snmp monitor and get a crap ton of results.

    Is Netflow v9 needed? No. Neflow v5 is just stupid. Enable ip route cache flow on every interface so we can see ingress traffic, so we can tell you what the egress traffic is.

    As I've mentioned twice already in this thread, PRTG fits the bill perfectly. Super easy to install, works on all versions of windows (gasp.. it's not linux based zomg), doesn't lose data if it reboots (wtf ntop) and supports netflow v9. It's free to 10 sensors (enough for home use) and really, if your company can't afford a 100 licenses for $400 you shouldn't be in business anyway.

    We use NetQoS, which btw, blows every other product, SNMP and Netflow related, out of the water. However, for the rather large company I work for, the cost was nearly 7 figures. I guess you get what you pay for. :rolleyes:
     
  18. moose517

    moose517 Gawd

    Messages:
    640
    Joined:
    Feb 28, 2009
    yup i've decided to look into PRTG, so far so good, havne't delved that deep into it ye though