Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Bandwidth Monitor Wanted

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> Bandwidth Monitor Wanted Page: [1]
Login
Message << Older Topic   Newer Topic >>
Bandwidth Monitor Wanted - 29.Sep.2005 9:24:00 PM   
stosti

 

Posts: 136
Joined: 27.Oct.2003
Status: offline 		Does anyone sell software I can install on my two ISA 2004 servers that will tell me who is using my bandwidth? It would be helpful if it resolved the users by machine name but IP would work... Reporting would be nice as well... To often when my T1 is at capacity I need to use Microsoft Network Analyzer tool to find the culprit. There must be an easier way!

Thanks,
Scott
Post #: 1
RE: Bandwidth Monitor Wanted - 10.Oct.2005 9:24:00 AM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Scott,

Make sure the users haven't disabled the Firewall client. When the Firewall client is enabled, it will provide you both the user name and machine name for the bandwidth hoggers.

HTH,
Tom

(in reply to stosti)
Post #: 2
RE: Bandwidth Monitor Wanted - 24.Oct.2005 8:53:00 AM   
An-D

 

Posts: 7
Joined: 13.Jun.2005
From: london
Status: offline 		Hello Scott,

You could use WebSpy analyser it will let you know which users are using the internet by
Machine name, IP and you can alias to a real world name, department location etc. You will be able to see who the heaviest users/departments are and the exact resources they are using.

You can get a free trial from the link below.

(in reply to stosti)
Post #: 3
RE: Bandwidth Monitor Wanted - 15.Nov.2005 3:37:00 AM   
Money Penney

 

Posts: 130
Joined: 18.Sep.2002
From: Melbourne
Status: offline 		Hi Tom...

Can you please explain where you monitor the bandwith hoggers in ISA?  Not sure this can be done without a 3rd party tool?

Looking at Bandwidth Controller to see what that is like, but not sure how suitable it will be to run on production ISA Firewall servers.

Regards

(in reply to stosti)
Post #: 4
RE: Bandwidth Monitor Wanted - 15.Nov.2005 4:09:20 AM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi MP,

For real time monitoring, you're right. You will need a third party tool, like GFI WebMonitor 3.0, which does a pretty good job for Web proxy connections.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Money Penney)
Post #: 5
RE: Bandwidth Monitor Wanted - 15.Nov.2005 4:26:19 AM   
LLigetfa

 

Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline 		Ja, but you need to clarify that "web proxy connections".  WM3 will not report on many of the big bandwidth hoggers.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to tshinder)
Post #: 6
RE: Bandwidth Monitor Wanted - 24.Nov.2005 5:54:40 PM   
wishfly

 

Posts: 77
Joined: 6.Mar.2005
Status: offline 		you can try this software -- netfee for ISA server

http://www.netfeesoftware.com/NetFee/Index.htm

(in reply to LLigetfa)
Post #: 7
RE: Bandwidth Monitor Wanted - 29.Nov.2005 6:03:23 PM   
J.F.

 

Posts: 42
Joined: 28.Nov.2005
Status: offline 		 
Hi Stosti:

You can get a free script from http://www.ISAscripts.org named "ISA_LogParser.vbs" that can be used to show the top 20 consumers of bandwidth based on either the Web Proxy logs or the Firewall logs.  The script requires that you first install the free Log Parser tool from Microsoft (see http://www.logparser.com for more info).  Don't worry, the Log Parser tool does not install a new service, listening ports or a large application, it's just a utility plus a DLL for it.  Also, your logs must be in text format, not MSDE. 

Extract the script above from the zip file downloaded from the ISAscripts.org site.  Open the script in a text editor like Notepad.  The script has many different SQL queries for your logs, each on a separate line at the top of the script, each preceded by a description of what that query does.  You use the script by uncommenting the query you want to use, then saving and running the script.  You uncomment a line by deleting the single-quote or "tick mark" at the beginning of the line ( ' ). 

You'll want to uncomment the query named "Top 20 users based on total bytes sent or received as shown from Web Proxy logs", or, for the Firewall client machines, the query named "Top 20 users based on total bytes sent or received as shown from Firewall logs".  Uncomment only one query at a time.  For convenience, make two copies of the script and uncomment a different query in each, then rename the scripts appropriately.

You run the script from within a CMD shell by passing in the text logs you want to search as an argument:

   cscript.exe ISA_LogParser.vbs ISALOG_200510*_WEB_*.w3c

This will generate a report of Web Proxy usage for the month of October (10) for 2005.  You can adjust the wildcards in the log argument as necessary to run reports for the entire year, one week, one day, etc.

The output of the script will look something like this, where the first column is total bytes sent or received, followed by the username, in descending order of total bytes:

   74469755021, anonymous
    4897155853,  domain\david
      709745309, domain\bill
      144644376, domain\susan
       99243182,  domain\anna

There are many other queries in the script, e.g., listing IP's that have generated the most denied entries, HTTP Filter error message counts, percentage of hits against firewall policy rules that grant/deny access, IP addresses that have sent Ping of Death packets, referrer summaries from IIS logs, etc.  And you can write your own queries as well with a little bit of SQL knowledge (see the Help file that comes with the Log Parser tool).

If you want to run a query every week or every day and have its output e-mailed to you automatically, the ISAscripts.org site also has scripts for sending e-mail messages.  If you want to load the output into a spreadsheet (it's comma-delimited) just redirect the output of the script into a text file that ends with .csv and open that file with Excel. 

   Good Luck!
      JF


(in reply to wishfly)
Post #: 8
RE: Bandwidth Monitor Wanted - 15.Dec.2005 3:52:39 PM   
minerat

 

Posts: 131
Joined: 19.Mar.2003
From: Philadelphila
Status: offline 		This looks fantastic - has anyone tried it? 

http://www.isaserver.org/software/ISA/Misc.-ISA-server-software/Bandwidth-Splitter/Comments/



edit:  it looks to be ISA 2000.  Who would release a product in November of 2005 for a 2000 product that was updated the previous year?

< Message edited by minerat -- 15.Dec.2005 3:59:18 PM >

(in reply to J.F.)
Post #: 9
RE: Bandwidth Monitor Wanted - 18.Jan.2006 12:57:29 AM   
Money Penney

 

Posts: 130
Joined: 18.Sep.2002
From: Melbourne
Status: offline 		Thanks JF, however what I need is real time monitoring so that I can see right now who is saturating the Internet connection.  Perhaps we need to look for a tool that runs independantly of ISA.

Minerat: looks like they are releasing it for ISA 2004 later this year.

< Message edited by Money Penney -- 18.Jan.2006 12:58:29 AM >

(in reply to minerat)
Post #: 10
RE: Bandwidth Monitor Wanted - 27.Jan.2006 12:39:31 AM   
Money Penney

 

Posts: 130
Joined: 18.Sep.2002
From: Melbourne
Status: offline 		Be warned that if you install this on a server with more than 10 users then some users will be denied Web and Internet traffic!  I had tested it first but had not read anything about what happened after the 10 user limit is reached, thinking it would just not monitor or filter them... what it does is block them.  A clear warning about this would have been good.

(in reply to Money Penney)
Post #: 11
RE: Bandwidth Monitor Wanted - 21.Apr.2006 5:30:51 PM   
JesseA

 

Posts: 51
Joined: 15.Aug.2002
Status: offline 		Beta version of this software for ISA 2004/2006 is released: http://www.bsplitter.com

(in reply to Money Penney)
Post #: 12
RE: Bandwidth Monitor Wanted - 24.Apr.2006 1:38:01 AM   
elmajdal

 

Posts: 5060
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

Beta version of this software for ISA 2004/2006 is released: http://www.bsplitter.com


Thanks .


Looking forward to test it when its finally released.

Regards.
Tarek

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to JesseA)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> Bandwidth Monitor Wanted Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts