Filter
Top Products
78-5
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 78 Configuring NetFlow Secure Event Logging (NSEL)
Configuring NSEL
Configuring NSEL Collectors
To configure NSEL collectors, enter the following command:
What to Do Next
See the “Configuring Flow-Export Actions Through Modular Policy Framework” section on page 78-5.
Configuring Flow-Export Actions Through Modular Policy Framework
To export NSEL events by defining all classes with flow-export actions, perform the following steps:
Command Purpose
flow-export destination interface-name
ipv4-address|hostname udp-port
Example:
hostname (config)# flow-export destination inside
209.165.200.225 2002
Adds, edits, or deletes an NSEL collector to which NetFlow
packets are sent. The destination keyword indicates that a
NSEL collector is being configured. The interface-name
argument is the name of the ASA and ASA Services Module
interface through which the collector is reached. The
ipv4-address argument is the IP address of the machine
running the collector application. The hostname argument is
the destination IP address or name of the collector. The
udp-port argument is the UDP port number to which NetFlow
packets are sent. You can configure a maximum of five
collectors. After a collector is configured, template records
are automatically sent to all configured NSEL collectors.
Note Make sure that collector applications use the Event
Time field to correlate events.
Command Purpose
Step 1
class-map flow_export_class
Example:
hostname (config-pmap)# class-map flow_export_class
Defines the class map that identifies traffic for which
NSEL events need to be exported. The
flow_export_class argument is the name of the class
map.
Step 2
Choose one of the following options:
match access-list flow_export_acl
Example:
hostname (config-cmap)# match access-list
flow_export_acl
Configures the access list to match specific traffic.
The flow_export_acl argument is the name of the
access list.
match any
Example:
hostname (config-cmap)# match any
Matches any traffic.