0

We have a Cisco PIX 515 firewall and I would like to set up a simple logging that would give us a traffic breakdown for billing by:

  • source
  • destination
  • protocol
  • port
  • size
  • time

PIX is plugged into Catalyst 2970 and I was told that the best thing since sliced bread for logging is to get Netflow and get Catalyst to log. My concern, however, (besides the Netflow cost) is that I really don't want to "listen" to the internal noise and all I'm interested in are the external traffic stats above for billing and analysis purposes.

What would be the simplest and the easiest solution?

Cheers

George

4 Answers4

1

You do not have to export Netflow from your network device. You can actually setup a packet capture that builds and exports the netflow to the collector. This will require a fairly dedicated box with enough bandwidth to handle your traffic flow, but it's not extraordinarily CPU heavy, so an older box is generally ok.

Some links to check out: http://www.networkuptime.com/tools/netflow/

Personally, I use flowscan and FlowViewer/Grapher, but I do get my netflow data straight from the network...

edit: Just happened to run across an article that reminded me of this question. Check out softflowd: http://www.mindrot.org/projects/softflowd/

Greeblesnort
  • 1,759
  • 8
  • 10
0

instead of netflow, try PIX logging Architecture or Splunk with logging facility information enabled. You will have %PIX-6-3020XX logs for connection managing events. See Cisco PIX Logging references for details.

0

Since the PIX 515 is end-of-life, you're out of luck getting Netflow on it, since 8.1 software will not install on it. I'm pretty sure that you can only get Netflow on a L3 device and your switch is a L2 device, so you're out of luck getting Netflow there as well.

Your best bet would be to upgrade the PIX to an ASA. As of version 8.1 of the ASA software, it supports Netflow.

GregD
  • 8,713
  • 1
  • 24
  • 36
  • Take care 8.1 support Netflow but it's not a "common" Netflow and you will probably not be able to do what you want. – radius Sep 03 '09 at 16:08
0

You might want to look in Manage Engine's Firewall Analyzer, it might have what you want. We use it and are pretty happy with their support and ease of install / use.