Filter
Top Products
77-4
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 77 Configuring NetFlow Secure Event Logging (NSEL)
Configuring NSEL
IPv6 Guidelines
Supports IPv6 for the class-map, match any and class-default commands. The match access-list
commands only support IPv4 access lists.
Additional Guidelines and Limitations
• If you have previously configured flow-export actions using the flow-export enable command, and
you upgrade to a later version, then your configuration is automatically converted to the new
Modular Policy Framework flow-export event-type command, which is described under the
policy-map command.
• Flow-export actions are not supported in interface-based policies. You can configure flow-export
actions in a class-map only with the match access-list, match any, or class-default commands. You
can only apply flow-export actions in a global service policy.
• To view bandwidth usage for NetFlow records (not available in real-time), you must use the threat
detection feature.
Configuring NSEL
This section describes how to configure NSEL and includes the following topics:
• Using NetFlow, page 77-4
• Matching NetFlow Events to Configured Collectors, page 77-5
Using NetFlow
The NetFlow pane lets you enable the transmission of data about a flow of packets. To access this pane,
choose Configuration > Device Management > Logging > NetFlow.
Note IP address and hostname assignments should be unique throughout the NetFlow configuration.
To use NetFlow, perform the following steps:
Step 1 Enter the template timeout rate, which is the interval (in minutes) at which template records are sent to
all configured collectors. The default value is 30 minutes.
Step 2 Enter the flow update interval, which specifies the time interval between flow-update events in minutes.
Valid values are from 1 - 60 minutes. The default value is 1 minute.
Step 3 To delay the export of flow-creation events and process a single flow-teardown event instead of a
flow-creation event and a flow-teardown event, check the Delay export of flow creation events for
short-lived flows check box, then enter the number of seconds for the delay in the Delay By field.
Step 4 Specify the collector(s) to which NetFlow packets will be sent. You can configure a maximum of five
collectors. To configure a collector, click Add to display the Add NetFlow Collector dialog box, and
perform the following steps:
a. Choose the interface to which NetFlow packets will be sent from the drop-down list.
b. Enter the IP address or hostname and the UDP port number in the associated fields.
c. Click OK.