72-8
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 72 Configuring NetFlow Secure Event Logging (NSEL)
Feature History for NSEL
Related Documents
RFCs
Feature History for NSEL
Table 72-2 lists each feature change and the platform release in which it was implemented. ASDM is
backwards-compatible with multiple platform releases, so the specific ASDM release in which support
was added is not listed.
Related Topic Document Title
Using NSEL and Syslog Messages, page 72-2 Cisco ASA 5500 Series System Log Messages
Information about the implementation of NSEL on the
adaptive security appliance
Cisco ASA 5500 Series Implementation Note for NetFlow Collectors
RFC Title
3954 Cisco Systems NetFlow Services Export Version 9
Table 72-2 Feature History for NSEL
Feature Name
Platform
Releases Feature Information
NetFlow 8.1(1) The NetFlow feature enhances the adaptive security appliance logging capabilities by
logging flow-based events through the NetFlow protocol. NetFlow Version 9 services are
used to export information about the progression of a flow from start to finish. The
NetFlow implementation exports records that indicate significant events in the life of a
flow. This implementation is different from traditional NetFlow, which exports data about
flows at regular intervals. The NetFlow module also exports records about flows that are
denied by access lists. You can configure an ASA 5580 to send the following events using
NetFlow: flow create, flow teardown, and flow denied (only flows denied by ACLs are
reported).
The following screen was introduced:
Configuration > Device Management > Logging > NetFlow.
NetFlow
Filtering
8.1(2) You can filter NetFlow events based on traffic and event-type, and then send records to
different collectors. For example, you can log all flow-create events to one collector, and
log flow-denied events to a different collector.
For short-lived flows, NetFlow collectors benefit from processing a single event instead of
two events: flow create and flow teardown. You can configure a delay before sending the
flow-create event. If the flow is torn down before the timer expires, only the flow teardown
event is sent. The teardown event includes all information regarding the flow; no loss of
information occurs.
The following screen was modified:
Configuration > Firewall > Service Policy Rules.
NSEL 8.2(1) The NetFlow feature has been ported to all ASA 5500 series adaptive security appliances.
To Next Page
Loading...
Need help?
General
