I'm worry, that you are not able to do a user monitoring on this kind of device. A SNMP gives you information about interface utilisation, but no user regarding information... Could you use any netflow capable switch before/after PIX? It is the first solution. But you lost information about real source user due to NAT. The another one solution is to use two switches (or a transparent netflow probes), the first one on ISP side and the second one in your internal network...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: