CHAPTER
72-1
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
72
Configuring NetFlow Secure Event Logging (NSEL)
This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow
Version 9 technology, and how to handle events and syslog messages through NSEL.
The chapter includes the following sections:
• Information About NSEL, page 72-1
• Licensing Requirements for NSEL, page 72-3
• Prerequisites for NSEL, page 72-3
• Guidelines and Limitations, page 72-3
• Configuring NSEL, page 72-4
• Monitoring NSEL, page 72-6
• Where to Go Next, page 72-6
• Additional References, page 72-6
• Feature History for NSEL, page 72-8
Information About NSEL
The adaptive security appliance supports NetFlow Version 9 services. For more information about
NetFlow services, see RFCs, page 72-8.
The adaptive security appliance implementation of NSEL is a stateful, IP flow tracking method that
exports only those records that indicate significant events in a flow. In stateful flow tracking, tracked
flows go through a series of state changes. NSEL events are used to export data about flow status, and
are triggered by the event that caused the state change.
The significant events that are tracked include flow-create, flow-teardown, and flow-denied (excluding
those flows that are denied by EtherType ACLs). Each NSEL record has an event ID and an extended
event ID field, which describes the flow event.
The adaptive security appliance implementation of NSEL provides the following major functions:
• Keeps track of flow-create, flow-teardown, and flow-denied events, and generates appropriate NSEL
data records.
• Defines and exports templates that describe the progression of a flow. Templates describe the format
of the data records that are exported through NetFlow. Each event has several record formats or
templates associated with it.
To Next Page
Loading...
Need help?
General
