Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
77-8
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 77 Configuring NetFlow Secure Event Logging (NSEL)
Feature History for NSEL
Related Documents
RFCs
Feature History for NSEL
Table 77-2 lists each feature change and the platform release in which it was implemented. ASDM is
backward-compatible with multiple platform releases, so the specific ASDM release in which support
was added is not listed.
Related Topic Document Title
Using NSEL and Syslog Messages, page 77-2 syslog message guide
Information about the implementation of NSEL on the
ASA and ASASM
Cisco ASA 5500 Series Implementation Note for NetFlow Collectors
See the following article at
https://supportforums.cisco.com/docs/DOC-6113.
Configuring NetFlow on the ASA and ASASM using
ASDM
See the following article at
https://supportforums.cisco.com/docs/DOC-6114.
RFC Title
3954 Cisco Systems NetFlow Services Export Version 9
Table 77-2 Feature History for NSEL
Feature Name
Platform
Releases Feature Information
NetFlow 8.1(1) The NetFlow feature enhances the ASA logging capabilities by logging flow-based events
through the NetFlow protocol. NetFlow Version 9 services are used to export information
about the progression of a flow from start to finish. The NetFlow implementation exports
records that indicate significant events in the life of a flow. This implementation is
different from traditional NetFlow, which exports data about flows at regular intervals. The
NetFlow module also exports records about flows that are denied by access lists. You can
configure an ASA 5580 to send the following events using NetFlow: flow create, flow
teardown, and flow denied (only flows denied by ACLs are reported).
We introduced the following screen: Configuration > Device Management > Logging >
NetFlow.
NetFlow
Filtering
8.1(2) You can filter NetFlow events based on traffic and event type, then send records to different
collectors. For example, you can log all flow-create events to one collector, and log
flow-denied events to a different collector.
For short-lived flows, NetFlow collectors benefit from processing a single event instead of
two events: flow create and flow teardown. You can configure a delay before sending the
flow-create event. If the flow is torn down before the timer expires, only the flow teardown
event is sent. The teardown event includes all information regarding the flow; no loss of
information occurs.
We modified the following screen: Configuration > Firewall > Service Policy Rules.