78-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter78 Configuring NetFlow Secure Event Logging (NSEL)
Licensing Requirements for NSEL
Note When NSEL and syslog messages are both enabled, there is no guarantee of chronological ordering
between the two logging types.
Licensing Requirements for NSELPrerequisites for NSEL
NSEL has the following prerequisites:
IP address and hostname assignments must be unique throughout the NetFlow configuration.
You must have at least one configured collector before you can use NSEL.
You must configure NSEL collectors before you can configure filters via Modular Policy
Framework.
106023 When a flow was denied by an
ACL attached to an interface
through the access-group
command.
3—Flow was denied. 1001—Flow was denied by the
ingress ACL.
1002—Flow was denied by the
egress ACL.
302013, 302015,
302017, 302020
TCP, UDP, GRE, and ICMP
connection creation.
1—Flow was created. 0—Ignore.
302014, 302016,
302018, 302021
TCP, UDP, GRE, and ICMP
connection teardown.
2—Flow was deleted. 0—Ignore.
> 2000—Flow was torn down.
313001 An ICMP packet to the device
was denied.
3—Flow was denied. 1003—To-the-box flow was
denied because of configuration.
313008 An ICMP v6 packet to the device
was denied.
3—Flow was denied. 1003—To-the-box flow was
denied because of configuration.
710003 An attempt to connect to the
device interface was denied.
3—Flow was denied. 1003—To-the-box flow was
denied because of configuration.
Model License Requirement
All models Base License.
Table78-1 Syslog Messages and Equivalent NSEL Events (continued)
Syslog Message Description NSEL Event ID NSEL Extended Event ID