77-6
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 77 Configuring NetFlow Secure Event Logging (NSEL)
Monitoring NSEL
Step 4 To specify flow events, click Add to display the Add Flow Event dialog box, then perform the following
steps:
a. Choose the flow event type from the drop-down list. The available events are created, torn down,
denied, or all.
b. Choose collectors to which you want events to be sent by checking the corresponding check boxes
in the Send column.
c. To add, edit or delete collectors, or to configure other NetFlow settings (for example, syslog
messages), click Manage to display the Manage NetFlow Collectors dialog box. Click OK to close
the Manage NetFlow Collectors dialog box and return to the Add Flow Event dialog box. For more
information about configuring collectors, see Step 4 of the “Using NetFlow” section on page 77-4.
Step 5 Click OK to close the Add Flow Event dialog box and return to the NetFlow tab.
Step 6 To change flow event entries, select an entry from the list, and click Edit. To remove flow event entries,
select an entry from the list, and click Delete.
Step 7 Click Finish to exit the wizard.
Step 8 To edit a NetFlow service policy rule, perform the following steps:
a. Select it in the Service Policy Rules table, and click Edit.
b. Click the Rule Actions tab, then click the NetFlow tab.
What to Do Next
See the “Monitoring NSEL” section on page 77-6.
Monitoring NSEL
You can use syslog messages to help troubleshoot errors or monitor system usage and performance.You
can view real-time syslog messages that have been saved in the log buffer in a separate window, which
include an explanation of the message, details about the message, and recommended actions to take, if
necessary, to resolve an error. For more information, see the “Using NSEL and Syslog Messages” section
on page 77-2.
To monitor NSEL, see the following pane:
Path Purpose
Tools > Command Line Interface
Type show flow-export counters, then press Send.
Shows runtime counters, including statistical data and error
data, for NSEL.
Tools > Command Line Interface
Type show logging flow-export-syslogs, then press Send.
Lists all syslog messages that are captured by NSEL events.
Tools > Command Line Interface
Type show running-config flow-export, then press Send.
Shows the currently configured NetFlow commands.
Tools > Command Line Interface
Type show running-config logging, then press Send.
Shows disabled syslog messages, which are redundant syslog
messages, because they export the same information through
NetFlow.