Your basic ITPro blog... What's going on at work, what I'm interested in.

Tuesday, August 12, 2008

Which Bits Are Going Where?

I got to be part of an impromptu exercise this morning that proved very interesting and informative. Nick and I took a few minutes to look at the traffic coming and going within our Cisco 5510. This box has three primary interfaces; INSIDE, OUTSIDE, and DMZ. We were curious as to how much traffic was coming/going on each of these interfaces. With the help of What's Up Gold, we were able to look over historical numbers for these interfaces and do some interesting  math.

Here's the obligatory graphic (please forgive my lack of artistic ability):


The transmit and receive numbers are 30 day averages. We had to make some assumptions, one being that just about all of the RECEIVE traffic on the OUTSIDE interface was bound for the INSIDE interface, becoming TRANSMIT traffic there.

As you probably can guess, the INSIDE interface services our LAN, including our mail server. The OUTSIDE interface goes to our ISP. The DMZ interface primarily services our web server.

I know these numbers (and resulting analysis) is available in the syslogs from the 5510. I have tried using Splunk, but just have not had much success getting valuable reports/data out of it. Anyone know of any other good tools?

