Best Tool to Display WAN utilization by the Second

What is the best tool that can capture data in a graphical format per second. I tried the tool from Crannog but it captures only WCCP data and that is displayed every 10 minutes as a summary.

I have a WAN of 50 remote locations and I need to see the bandwidth utilization from sites by the second during all times of the day because I believe that I may be having 15 second increases in bandwidth that is not being displayed in my regular network monitoring software because it summarizes data by the minute or 5 minute intervals. I need a tool that I can keep running 24/7.

What are the best tools to see graphical WAN utilization by the second? Do I have to deploy a probe at every location to see this data?

Reply to
Loading thread data ...

mrtg or derrivative is good and free.

Someone once told me that rrdtool had hooks for SQL which may be good for a lot of data. 50 though is not I don't think that many. rrdtool is free too.

Look at cricket too.

Be aware that the cisco coutners may not update as often as every second. Easy to check when you get your graphs running.

Reply to

Orion network performance monitor by solarwinds is a great tool. I know you can poll every 10 seconds, not sure about every second. Has a lot of different graphs of utilizations, memory, errors, etc.

Reply to

And the Orion is really just an extension of the Engineer's edition. You can get a Solarwinds option much cheaper than the whole Orion solution. If I remember correctly, I think Solarwinds does poll at 1 sec if you wish. I'm pretty sure they have a downloadable trial if you wish to check for yourself.

However, you need to really consider what you are doing. Keeping this amount of data in a usable form will take a hoss of a server and possibly tax your network in the process of gathering it.

Consider using netfow and/or NBAR. One of these could potentially be a much better solution for you.

Reply to

Netflow could be even worse. If you set it to a short flow timeout, you could be getting comparable amounts of stats per flow rather than per interface.

one of the Cisco white papers suggest as a rule of thumb of 1.5% of measured traffic could be the bandwidth needed for the netflow stats on an Internet style mix of flows.....

formatting link
-- Regards

stephen - replace xyz with ntl

Reply to

formatting link

I completely disagree that Netflow would be worse. I think it would provide to have less management traffic and would be less processor intensive than submitting an SNMP query every second.

You will find that not that many flows actually time out. But, you can tweak the settings if they do.

Really what solution is best for you depends on exactly what you are trying to accomplish. My understanding from your original post is to identify times that you are getting high traffic flows. Querying via SNMP every second just seems like a really bad idea to me. You will get much more data than you think, if you believe that this would be less than Netflow. Also, it will be taxing on your processor. Don't get me wrong, Netflow can provide a lot of data as well and you'd still probably need a sizable server for a lot of traffic. But, all in all, I think it will be less data and more usable.

Even if you can identify the exact time that your usage spikes with SNMP, it still won't tell you anything about what the traffic is. With Netflow, you will see plenty of detail to give you this information.

I'll stand by my original opinion that Netflow is probably a better solution for what you are trying to do, or at least what I am understanding that you are trying to do.

Hope that helps,


Reply to

formatting link

yes - but what you get with Netflow is "averaging" across each flow for the time it lasts, or to the Netflow timeout.

So, aiming to get down to 1 sec granularity, or close to it, implies short timeouts....

the data volume crucially depends on number of flow changes / sec, so is very sensitive to traffic pattern changes.

1 of the disadvantages sometimes cited for Netflow is how it can behave when you suddenly gets lots of flows (denial of service attacks were the main example i was given - admittedly by someone pushing SMON as an alternative :) ).

The easy fix is to send the flow info over a high speed link so you dont care about volume so much - eg put a Netflow collector next to a big router doing Netflow with a LAN between them.

definitely. And at least with Netflow you can buy a "package" solution with s/w, server etc and just kick it off.


And if all else fails, a Sniffer with a big circular buffer and a good "trigger" to save it so you see a copy of the actual data is probably the best solution of all.

But it doesnt scale easily, and you need to leave a PC or laptop connected up to the actual network at the affected point to get useful results.

the original Sniffer s/w isnt cheap either - $1000s just to get the basic stuff.

formatting link
other flavours start at free for wireshark and similar - but i havent tried this kind of snapshot triggered monitoring with that.
formatting link

Reply to
stephen Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.