72-4
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 72 Configuring NetFlow Secure Event Logging (NSEL)
Configuring NSEL
Additional Guidelines and Limitations
• If you previously configured flow-export actions using the flow-export enable command, and you
upgrade to a later version, then your configuration will be automatically converted to the new
Modular Policy Framework flow-export event-type command, described under the policy-map
command. For more information, see the Release Notes for the Cisco ASA 5500 Series for Version
8.1(2).
• Flow-export actions are not supported in interface-based policies. You can configure flow-export
actions in a class-map only with the match access-list, match any, or class-default commands. You
can only apply flow-export actions in a global service policy.
Configuring NSEL
This section describes how to configure NSEL, and includes the following topics:
• Using NetFlow, page 72-4
• Matching NetFlow Events to Configured Collectors, page 72-5
Using NetFlow
The NetFlow pane lets you enable the transmission of data about a flow of packets. To access this pane,
choose Configuration > Device Management > Logging > NetFlow.
Note IP address and hostname assignments should be unique throughout the NetFlow configuration.
To use NetFlow, perform the following steps:
Step 1 Enter the template timeout rate, which is the interval (in minutes) at which template records are sent to
all configured collectors. The default value is 30 minutes.
Step 2 To delay the export of flow-creation events and process a single flow-teardown event instead of a
flow-creation event and a flow-teardown event, check the Delay export of flow creation events for
short-lived flows check box, and then enter the number of seconds for the delay in the Delay By field.
Step 3 Specify the collector(s) to which NetFlow packets will be sent. You can configure a maximum of five
collectors. To configure a collector, click Add to display the Add NetFlow Collector dialog box, and
perform the following steps:
a. Choose the interface to which NetFlow packets will be sent from the drop-down list.
b. Enter the IP address or hostname and the UDP port number in the associated fields.
c. Click OK.
Step 4 To configure more collectors, repeat Step 2 for each additional collector.
Step 5 To change collector configuration details, select a collector and click Edit. To remove a configured
collector, select it and click Delete.
To Next Page
Loading...
Need help?
General
