Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Get statistics information

Dear All,

i have been asked to provide statistics information for the ASA usage (bandwidth/top hosts/services)

I tried to have a look under the ASDM but i only see possible statistics for the last 24hours...

Is it possible to enable them for one month ?

Please let me know how this could be done using the CLI/ASDM.

Kind regards,

Cisco Employee

Get statistics information


Not per-se. You will need to configure Netflow on it and send it to a collector. That way you will be able to get more info about the flows and such.

Here is how you can configure it:


New Member

Re: Get statistics information

Dear Mike,

thank you very much for this answer.

It helps a lot!

But, there is ununderstandable things

I can enable it easily through the ASDM.

And with CLI

The following worked

bifrfw01(config)# flow-export destination inside 2055

flow-export delay flow-create 30

bifrfw01(config)# class netflow

bifrfw01(config-cmap)# match any

bifrfw01(config-cmap)# exit

bifrfw01(config)# policy-map global_policy

bifrfw01(config-pmap)# class netflow

bifrfw01(config-pmap-c)# flow-export event-type flow-create destination

bifrfw01(config-pmap-c)# exit

bifrfw01(config-pmap)# service-policy global_policy global

bifrfw01(config)# write

But i have compeltely different information than the one provided by the following command:

threat-detection statistics protocol number-of-rate 3

The trueth is in the statistics not in the Netflow ?

What netflow config (on the ASA side) could provie me the same result as those i have actually with the statistics ?

Thanks a lot for your help

Cisco Employee

Get statistics information

Hi David,

You are totally right. You know, the threat detection information will be reflected on the firewall dashboard. But for accounting information, you can use Netflow to create reports and so on based on the Netflow collector that you use. I have used PRTG and it shows the ports, percentage used and the amount of bit/bytes used.

The Threat detection will give you information about the top ten sources/destinations and protocols being used. It is great for troubleshooting, but it can be CPU intesive.

Having the ASA to send this information to a netflow collector I think it is a good approach, also, helps you out to not log certain information (To a syslog server) hence being friendly with your CPU usage

This link shows how to configure it and also you can see a little chart with the bandwith usage there

Now, I am not saying use this one, there are other ones like solarwinds that do an amazing job with reports.

Threat detection ir used most for troubleshooting and not so much for billing/accounting.

Anyways, it is my humble opinion. I hope it helps a bit

Let me know what you think.