I work for a county school system. We have about 50 sites, in a spoke and hub, where we don’t own or monitor the routers but we do own and monitor the switches. All Cisco 3550s and 3750s for the head ends and 2950s and 2960s for the down stream.
We have Orion monitoring bandwidth usage, and it will email us on high utilization.
I can track spikes while they are happening from a central monitoring station with omnipeek, but that requires me to get the email, log into the monitoring station, start a capture and filter down the chattiest talker in the subnet.
My question is this, is there an easy automated way to track and log network utilization spikes back to an interface or IP? I know netflow will do this on routers but we don’t own the routers