I gave a talk on this at the bajug2. There are a couple of ways to do this, take a look at the slides from my talk. found here: http://www.slideshare.net/timeberhard/tim-eberhard-bajug3talk
It also covers a tool I wrote to analyze the session tables and syslog messages for top talkers. Sure, in my example I used STRM but in reality you can use one of the many open source netflow analyzers. Hope this helps, Tim Eberhard On Sun, Aug 11, 2013 at 10:11 PM, Skeeve Stevens < skeeve+juniper...@eintellegonetworks.com> wrote: > Hey all, > > I have a customer in a bandwidth sensitive location (expensive and slow), > and they would like to know what is going through their device, and who is > doing it. > > In Cisco terms, this was NBAR - we used it many times to track down > bandwidth hogs. > > This is a small branch site using a SRX210H, and obviously STRM is too > expensive for a reporting engine. > > So what I am looking for is... How can we look at their device, and see > what is happening (preferably live) on a protocol and user (IP?) basis. > > I understand it can export to syslog, but that just gives me lots of text > to deal with... nothing that is easy to look at. > > Thank you for helping out guys! > > ...Skeeve > > *Skeeve Stevens - *eintellego Networks Pty Ltd > ske...@eintellegonetworks.com ; www.eintellegonetworks.com > > Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve > > facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> > linkedin.com/in/skeeve > > twitter.com/networkceoau ; blog: www.network-ceo.net > > > The Experts Who The Experts Call > Juniper - Cisco - Cloud > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp