I often receive calls from system administrators who want to set up a user bandwidth monitor. The admins aren’t always clear about what they mean by that, but by using NetFlow and IPFIX data it’s possible to create a variety of reports that could satisfy management’s demands for easily accessible insight into user activity. It’s simple enough to generate reports that show total bandwidth usage for the network’s devices. But we can also create reports that are fine tuned to monitor the bandwidth usage of discrete groups of users or of particular website URLs, so that management can keep abreast of what employees are doing and whether that use complies with enterprise network usage policy. I’m going to setup a couple of reports, then save them as gadgets on a dashboard so that managers will have quick and easy access to timely information about user activity.
Monitoring Bandwidth Usage by IP Address:
The first report uses our SonicWall firewall, which is monitoring all ingress and egress flows. Let’s assume that there’s a group of employees who need to have internet access, but who are relatively autonomous and who, for logistical reasons, are not easy to supervise directly. Management wants to be able to see what these users are up to at a glance. I started by generating a report from our SonicWall IPFIX, with filters applied to report on the inbound and outbound internet activity generated by IP addresses of members of the group.
Monitoring Bandwidth Usage By URL:
My colleagues and I enjoy more or less unfettered access to the internet, but that’s not true at many companies. Frankly, it’s fine with me that the person processing my credit card payments isn’t allowed to tap into their favorite social networking site at the same time. Let’s assume that this next report is created for a company where all employees are required to view an interactive training video that both educates and tests them to ensure that they understand the importance of the company’s network usage policy. These employees have also been instructed that they should avoid visiting sites that would generally be categorized as social networking sites. They have been expressly forbidden from visiting nine popular sites. To monitor compliance with that policy, I’ve taken advantage of the SonicWall URL recognition capability to create a report that will show traffic to any one of those nine sites.
Dashboard Network Monitoring:
In our incident response system, we have a dashboard feature that allows users to view more than one report at a time. Now that we have two different saved reports, we can add them to a custom dashboard.
Accessing the dashboard provides a quick snapshot of the status of the two reports I created above. Users can click on the Open Report button to open the report in a new window and have access to all of the report’s display parameters which allow for further analysis and investigation.
If you need to know what resources your users are consuming, both as custom defined groups of individuals and across the enterprise, we can help you structure easy to access reports for user bandwidth monitoring and network usage policy compliance. Contact us to make sure your flow exports provide the details you need to run these types of reports.