Tracking Bandwidth and Security Attacks

OpManager | March 31, 2010 | 2 min read

Network administrators are forever unraveling mysteries on bandwidth hogs. Tools like the NetFlow Plug-in over OpManager and NetFlow Analyzer can help identify which user or application or protocol is occupying the bandwidth, provided your network devices support flow export.

What if your network devices do not export network flows, or what if you have an analyzer tool that does not support the available network flows? Some datacenters do not even have routers but instead have a Firewall as a gateway. Here in this post, we see how to leverage monitoring of the Firewall to give as much information on bandwidth and more.

OpManager monitors the availability, health and traffic (incoming and outgoing) of firewalls using SNMP. But this alone would not help one to solve the perennial “what-caused-the-bandwidth-spike” problem. OpManager integrates with another product – ManageEngine Firewall Analyzer to solve this. Firewall Analyzer collects, archives and analyzes firewall logs to get granular details about traffic across each firewall. With the OpManager-Firewall Analyzer integration, network administrators have over a single console details on internet traffic, intranet traffic, top hosts, security events etc. alongside firewall availability and performance stats.  

OpManager Firewall Snapshot Page

OpManager Firewall Snapshot

Above: OpManager monitoring firewall health e.g. Utilization of CPU & Memory, Active Connection Count, along with “Inside”(intranet) and “Outside”(internet) interface traffic.

OpManager Firewall Report

Above: From OpManager’s Firewall snapshot page, you can choose immediately access the ‘Reports’ section for details on Traffic, Security & even create your own custom reports.

Here is a set of sample reports

Traffic Report

Security Report


All reports contain details on Security, Traffic, VPN, web usage etc

Protocols Report

Reports on Top Streaming and Chat Sites

Wasn’t that easy – monitoring bandwidth usage using Firewall logs? Network Security Analysts should also give this a try with all the details provided on viruses, hosts infected, top attackers, top denied hosts etc.

Try it out: |