Using the pix to troubleshoot problem traffic

[chicocouk]

Hi all,

Trying to work out how to use the pix to find a "problem" machine on the network. As an example, we recently had an exchange server that was flooding the pix with traffic, but legitimate traffic (according to the ACLs), so the pix was sending it out to the WAN. This bottlenecked at the pix, so internet access slowed down for everyone.

We found this out when the Exchange services were stopped, and internet access immediately started speeding up.

Now, i know how to run debug packet style debugs to examine individual packets, but is there a way to get more general statistics out of the pix? To show what machines on the lan are sending the most traffic? Also, how to tell what the majority of that traffic is?

In this particular example, if I'd known how to do this, I'd have seen the exchange server trying to send a ton of traffic destined for port 25 on various WAN addresses. I could then have easily homed in on that machine, and ran local packet sniffers or debug packet on the pix etc to further troubleshoot the problem.

Any pointers much appreciated.

Thanks

Chico

 

[dopehead]

Well, i think the best way is to use syslog, and then parse that log with some software, webtrends or maybe PrivateI, then you can get top 10 bandwidth and reports on that sort of thing.

Jan

Network Systems Engineer
CCNA/CQS/CCSP

 

[chicocouk]

What would you log though?