I am trying to gather logs from a Cisco IOS Firewall router.
I am trying to identify a traffic pattern via the router where a large file was copied from a file server, locally to a user desktop.
File Server---LAN Switch---IOS FW RTR----20MB WAN----LAN Switch---Users
Someone on the User side copied a 60MB file from the file server to their local machine, and this created a performance issue, as it saturated the 20MB Link.
Is there anyway I can fine out the source address of the traffic, and what can I do to prevent this from hapening again. These users have rights and permissions to this files, as they should.